Secure I/O architecture for isolated heterogeneous computing with hardware assisted trusted execution environment

Abstract

Hardware based security technologies guarantee the execution of user space applications on the system software that is compromised, by providing trusted execution environment in a hardware manner. Current technologies, however, only provide security for the processes that are running in the CPU, and they cannot provide security for high performance heterogeneous peripherals such as GPUs. As large amount of data should be transferred to the GPU and stored in the GPU for acceleration, ensuring the security of data is currently needed. In this thesis, we proposes a trusted I/O technology that provides secure heterogeneous computing to processes that are running in the trusted execution environment. The proposed architecture deos not require modifications to GPU architecture. Instead, it provides security by modifying a CPU hardware based security technology called Intel SGX, and I/O interconnect architecture that is used to connect a GPU to the system, to protect the GPU from adversarial attacks from system software. We implement a prototype on an emulated machine with KVM and QEMU, and measure the overhead for security with a commercial GPU and GPU benchmarks. Experimental results show that the performance overheads, such as encryption overhead, are about 49\%, however, prove that it still has more advantages in terms of performance than using CPU hardware based security, if an application is compute-intensive and proper to be run in GPU.