Building a Lightweight Trusted Execution Environment for Arm GPUs
IEEE Transactions on Dependable and Secure Computing(2023)
摘要
A wide range of Arm endpoints leverage integrated and discrete GPUs to accelerate computation. However, Arm GPU security has not been explored by the community. Existing work has used Trusted Execution Environments (TEEs) to address GPU security concerns on Intel-based platforms, but there are numerous architectural differences that lead to novel technical challenges in deploying TEEs for Arm GPUs. There is a need for generalizable and efficient Arm-based GPU security mechanisms. To address these problems, we present
StrongBox
, the first GPU TEE for secured general computation on Arm endpoints.
StrongBox
provides an isolated execution environment by ensuring exclusive access to GPU. Our approach is based in part on a dynamic, fine-grained memory protection policy as Arm-based GPUs typically share a unified memory with the CPU. Furthermore,
StrongBox
reduces runtime overhead from the redundant security introspection operations. We also design an effective defense mechanism within
secure world
to protect the confidential GPU computation. Our design leverages the widely-deployed Arm TrustZone and generic Arm features, without hardware modification or architectural changes. We prototype
StrongBox
using an off-the-shelf Arm Mali GPU and perform an extensive evaluation. Results show that
StrongBox
successfully ensures GPU computation security with a low (4.70% – 15.26%) overhead.
更多查看译文
关键词
Arm endpoint GPU,Trusted Execution Environment,Secure Virtualization
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要