TY - GEN
T1 - SAGE
T2 - 2023 USENIX Annual Technical Conference, ATC 2023
AU - Ivanov, Andrei
AU - Rothenberger, Benjamin
AU - Dethise, Arnaud
AU - Canini, Marco
AU - Hoefler, Torsten
AU - Perrig, Adrian
N1 - Publisher Copyright:
© 2023 by The USENIX Association All Rights Reserved.
PY - 2023
Y1 - 2023
N2 - With the application of machine learning to security-critical and sensitive domains, there is a growing need for integrity and privacy in computation using accelerators, such as GPUs. Unfortunately, the support for trusted execution on GPUs is currently very limited – trusted execution on accelerators is particularly challenging since the attestation mechanism should not reduce performance. Although hardware support for trusted execution on GPUs is emerging, we study purely software-based approaches for trusted GPU execution. A software-only approach offers distinct advantages: (1) complement hardware-based approaches, enhancing security especially when vulnerabilities in the hardware implementation degrade security, (2) operate on GPUs without hardware support for trusted execution, and (3) achieve security without reliance on secrets embedded in the hardware, which can be extracted as history has shown. In this work, we present SAGE, a software-based attestation mechanism for GPU execution. SAGE enables secure code execution on NVIDIA GPUs of the Ampere architecture (A100), providing properties of code integrity and secrecy, computation integrity, as well as data integrity and secrecy – all in the presence of malicious code running on the GPU and CPU. Our evaluation demonstrates that SAGE is already practical today for executing code in a trustworthy way on GPUs without specific hardware support.
AB - With the application of machine learning to security-critical and sensitive domains, there is a growing need for integrity and privacy in computation using accelerators, such as GPUs. Unfortunately, the support for trusted execution on GPUs is currently very limited – trusted execution on accelerators is particularly challenging since the attestation mechanism should not reduce performance. Although hardware support for trusted execution on GPUs is emerging, we study purely software-based approaches for trusted GPU execution. A software-only approach offers distinct advantages: (1) complement hardware-based approaches, enhancing security especially when vulnerabilities in the hardware implementation degrade security, (2) operate on GPUs without hardware support for trusted execution, and (3) achieve security without reliance on secrets embedded in the hardware, which can be extracted as history has shown. In this work, we present SAGE, a software-based attestation mechanism for GPU execution. SAGE enables secure code execution on NVIDIA GPUs of the Ampere architecture (A100), providing properties of code integrity and secrecy, computation integrity, as well as data integrity and secrecy – all in the presence of malicious code running on the GPU and CPU. Our evaluation demonstrates that SAGE is already practical today for executing code in a trustworthy way on GPUs without specific hardware support.
UR - http://www.scopus.com/inward/record.url?scp=85180368387&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85180368387
T3 - Proceedings of the 2023 USENIX Annual Technical Conference, ATC 2023
SP - 485
EP - 499
BT - Proceedings of the 2023 USENIX Annual Technical Conference, ATC 2023
PB - USENIX Association
Y2 - 10 July 2023 through 12 July 2023
ER -