Skip to content
@sectrs-acai

sectrs-acai

Abstract

Trusted execution environments in several existing and upcoming CPUs demonstrate the success of confidential computing, with the caveat that tenants cannot use accelerators such as GPUs and FPGAs. Even after hardware changes to enable TEEs on both sides and software changes to adopt existing code to leverage these features, it results in redundant data copies and hardware encryption at the bus-level and on the accelerator thus degrading the performance and defeating the purpose of using accelerators. In this paper, we reconsider the Arm Confidential Computing Architecture (CCA) design — an upcoming TEE feature in Arm v9 — to address this gap. We observe that CCA offers the right abstraction and mechanisms to allow confidential VMs to use accelerators as a first class abstraction, while relying on the hardware-based memory protection to preserve security. We build ACAI, a CCA-based solution, to demonstrate the feasibility of our approach while addressing several critical security gaps. Our experimental results on GPU and FPGA show that ACAI can achieve strong security guarantees while maintaining performance and compatibility.

https://github.com/sectrs-acai/acai/

https://sectrs.ethz.ch/

Checkout our Usenix Security '24 paper here

Pinned Loading

  1. acai acai Public

    Protecting Accelerator Execution with Arm Confidential Computing Architecture (USENIX Security 2024)

    C 25 2

Repositories

Showing 10 of 19 repositories
  • sectrs-acai.github.io Public

    ACAI Landing Page

    sectrs-acai/sectrs-acai.github.io’s past year of commit activity
    CSS 0 MIT 0 0 0 Updated Nov 18, 2024
  • .github Public
    sectrs-acai/.github’s past year of commit activity
    0 0 0 0 Updated Dec 11, 2023
  • acai Public

    Protecting Accelerator Execution with Arm Confidential Computing Architecture (USENIX Security 2024)

    sectrs-acai/acai’s past year of commit activity
    C 25 2 0 0 Updated Dec 11, 2023
  • acai-gdev Public

    ACAI Gdev FVP integration

    sectrs-acai/acai-gdev’s past year of commit activity
    C++ 0 MIT 0 0 0 Updated Oct 25, 2023
  • acai-rodinia-rt Public

    ACAI GPU Benchmarks CUDA Runtime API

    sectrs-acai/acai-rodinia-rt’s past year of commit activity
    C++ 0 0 0 0 Updated Oct 24, 2023
  • acai-fpga-bench Public

    ACAI FPGA Benchmarks

    sectrs-acai/acai-fpga-bench’s past year of commit activity
    C++ 0 0 0 0 Updated Oct 24, 2023
  • acai-tfa-tests Public

    ACAI TFA-Test Suite

    sectrs-acai/acai-tfa-tests’s past year of commit activity
    C 0 0 0 0 Updated Oct 24, 2023
  • acai-tfa Public

    ACAI TFA

    sectrs-acai/acai-tfa’s past year of commit activity
    C 0 0 0 0 Updated Oct 24, 2023
  • acai-rmm Public

    ACAI TF-RMM

    sectrs-acai/acai-rmm’s past year of commit activity
    C 0 BSD-3-Clause 0 0 0 Updated Oct 24, 2023
  • acai-kvmtool-cca Public

    ACAI CCA enabled kvmtool

    sectrs-acai/acai-kvmtool-cca’s past year of commit activity
    C 0 GPL-2.0 0 0 0 Updated Oct 24, 2023

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Most used topics

Loading…