Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment

Zhu, Jianping; Hou, Rui; Wang, Wenhao; Cao, Jiangfeng; Zhao, Boyan; Wang, Zhongpu; Zhang, Yuhui; Ying, Jiameng; Zhang, Lixin; Meng, Dan

doi:10.1109/sp40000.2020.00054

Cited by 55 publications

(41 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The effect of using a GPU node in this case study is noticable. GPU is more oriented to compute-intensive tasks rather than data-intensive tasks because the cost of data transfer between GPU memory and the host memory is expensive and time-consuming [Zhu, Hou, Wang et al (2019)]. Hence, data cleansing and preprocessing are executed by CPU nodes only.…”

Section: Resultsmentioning

confidence: 99%

Case Study: Spark GPU-Enabled Framework to Control COVID-19 Spread Using Cell-Phone Spatio-Temporal Data

Abdallah¹,

Khafagy²,

Omara³

2020

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Nowadays, the world is fighting a dangerous form of Coronavirus that represents an emerging pandemic. Since its early appearance in China Wuhan city, many countries undertook several strict regulations including lockdowns and social distancing measures. Unfortunately, these procedures have badly impacted the world economy. Detecting and isolating positive/probable virus infected cases using a tree tracking mechanism constitutes a backbone for containing and resisting such fast spreading disease. For helping this hard effort, this research presents an innovative case study based on big data processing techniques to build a complete tracking system able to identify the central areas of infected/suspected people, and the new suspected cases using health records integration with mobile stations spatio-temporal data logs. The main idea is to identify the positive cases historical movements by tracking their phone location for the last 14 days (i.e., the virus incubation period). Then, by acquiring the citizen's mobile phone locations for the same period, the system will be able to measure the Euclidean distances between positive case locations and other nearby people to identify the incontact suspected-cases using parallel clustering and classification techniques. Moreover, the daily change of the clusters size and its centroids will be used to predict new regions of infection, as well as, new cases. Moreover, this approach will support infection avoidance by alerting people approaching areas of high probability of infection using their mobile GPS location. This case study has been developed as a simulation system consisting of three components; positive cases/citizens movement's data generation subsystem, big data processing platform including CPU/GPU tasks, and data visualization/map geotagging subsystem. The processing of such a big data system requires intensive computing tasks. Therefore, GPU tasks carried out to achieve high performance and accelerate the data processing. According to the simulated system results, data partitioning and processing speed up measures have been examined.

show abstract

Section: Resultsmentioning

confidence: 99%

Case Study: Spark GPU-Enabled Framework to Control COVID-19 Spread Using Cell-Phone Spatio-Temporal Data

Abdallah¹,

Khafagy²,

Omara³

2020

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

show abstract

“…HIX [54] separated the driver out from the OS and ran it inside a trusted CPU enclave, essentially creating a heterogeneous trusted environment across both CPU and GPU, but requiring changes to the CPU and PCIe root complex. HETEE [105] proposed fabricating a tamper-resistant box of accelerators (namely GPUs) that a rack of servers can access via a centralized security controller in a dedicated FPGA. However, it did not consider the unique challenges that arise in cloud FPGAs (Section 2.4) and required a specialized tamper-resistant chassis.…”

Section: Related Workmentioning

confidence: 99%

“…Unfortunately, recently-proposed TEEs for accelerators, including FPGAs, are either insecure against direct physical attacks [54,105], require fundamental hardware changes [54,94,105], only address isolated challenges such as attestation [36,52,72,99], or rely on external CPU TEEs [52,54,94]. Moreover, they ignore the Shell logic [3,57,60,88], a fundamental untrusted operating system for cloud FPGA logic.…”

mentioning

confidence: 99%

ShEF: shielded enclaves for cloud FPGAs

Zhao

Gao

Kozyrakis

2022

Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

View full text Add to dashboard Cite

FPGAs are now used in public clouds to accelerate a wide range of applications, including many that operate on sensitive data such as financial and medical records. We present ShEF, a trusted execution environment (TEE) for cloud-based reconfigurable accelerators. ShEF is independent from CPU-based TEEs and allows secure execution under a threat model where the adversary can control all software running on the CPU connected to the FPGA, has physical access to the FPGA, and can compromise the FPGA interface logic of the cloud provider. ShEF provides a secure boot and remote attestation process that relies solely on existing FPGA mechanisms for root of trust. It also includes a Shield component that provides secure access to data while the accelerator is in use. The Shield is highly customizable and extensible, allowing users to craft a bespoke security solution that fits their accelerator's memory access patterns, bandwidth, and security requirements at minimum performance and area overheads. We describe a prototype implementation of ShEF for existing cloud FPGAs, map ShEF to a performant and secure storage application, and measure the performance benefits of customizable security using five additional accelerators. CCS CONCEPTS• Computer systems organization → Reconfigurable computing; Cloud computing; • Security and privacy → Hardware security implementation.

show abstract

“…It has been shown that HW assisted TEEs can improve security in a distributed cloud environment and with low performance overhead [28]. The concept of open framework and elastic scaling of TEEs on edge platforms needs to be analyzed more; first studies indicate that privacy and trust can be provided by scalable TEEs for heterogeneous systems (such as a combination of CPUs and GPUs) for performing data intensive computation [29] as needed for demanding 6G use cases such as mixed and augmented reality. Building on the principle of transitive trust [27], TEEs can provide attestation of trust anchored in the confirmed genuineness of enclaves on different processing unit (xPU) levels and of direct relevance to application and user.…”

Section: Security Appmentioning

confidence: 99%

Security and Trust in the 6G Era

Ziegler¹,

Schneider

Viswanathan

et al. 2021

IEEE Access

View full text Add to dashboard Cite

A comprehensive set of security technology enablers will be critically required for communication systems for the 6G era of the 2030s. Trustworthiness must be assured across IoT, heterogenous cloud and networks, devices, sub-networks, and applications. The 6G threat vector will be defined by 6G architectural disaggregation, open interfaces and an environment with multiple stakeholders. Broadly decomposed into domains of cyber-resilience, privacy and trust and their respective intersection, we explore relevant security technology enablers including automated software creation and automated closedloop security operation, privacy preserving technologies, hardware and cloud embedded anchors of trust, quantum-safe security, jamming protection and physical layer security as well as distributed ledger technologies. Artificial intelligence and machine learning (AI/ML) as a key technology enabler will be pervasive and of pivotal relevance across the security technology stack and architecture. A novel vision for a trustworthy Secure Telecom Operation Map is developed as part of the automated closed loop operations paradigm.

show abstract

Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment

Cited by 55 publications

References 36 publications

Case Study: Spark GPU-Enabled Framework to Control COVID-19 Spread Using Cell-Phone Spatio-Temporal Data

Case Study: Spark GPU-Enabled Framework to Control COVID-19 Spread Using Cell-Phone Spatio-Temporal Data

ShEF: shielded enclaves for cloud FPGAs

Security and Trust in the 6G Era

Contact Info

Product

Resources

About