SAGE: Software-based Attestation for GPU Execution

Andrei Ivanov, Benjamin Rothenberger, Arnaud Dethise, Marco Canini, Torsten Hoefler, Adrian Perrig

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations


With the application of machine learning to security-critical and sensitive domains, there is a growing need for integrity and privacy in computation using accelerators, such as GPUs. Unfortunately, the support for trusted execution on GPUs is currently very limited – trusted execution on accelerators is particularly challenging since the attestation mechanism should not reduce performance. Although hardware support for trusted execution on GPUs is emerging, we study purely software-based approaches for trusted GPU execution. A software-only approach offers distinct advantages: (1) complement hardware-based approaches, enhancing security especially when vulnerabilities in the hardware implementation degrade security, (2) operate on GPUs without hardware support for trusted execution, and (3) achieve security without reliance on secrets embedded in the hardware, which can be extracted as history has shown. In this work, we present SAGE, a software-based attestation mechanism for GPU execution. SAGE enables secure code execution on NVIDIA GPUs of the Ampere architecture (A100), providing properties of code integrity and secrecy, computation integrity, as well as data integrity and secrecy – all in the presence of malicious code running on the GPU and CPU. Our evaluation demonstrates that SAGE is already practical today for executing code in a trustworthy way on GPUs without specific hardware support.

Original languageEnglish (US)
Title of host publicationProceedings of the 2023 USENIX Annual Technical Conference, ATC 2023
PublisherUSENIX Association
Number of pages15
ISBN (Electronic)9781939133359
StatePublished - 2023
Event2023 USENIX Annual Technical Conference, ATC 2023 - Boston, United States
Duration: Jul 10 2023Jul 12 2023

Publication series

NameProceedings of the 2023 USENIX Annual Technical Conference, ATC 2023


Conference2023 USENIX Annual Technical Conference, ATC 2023
Country/TerritoryUnited States

ASJC Scopus subject areas

  • General Computer Science


Dive into the research topics of 'SAGE: Software-based Attestation for GPU Execution'. Together they form a unique fingerprint.

Cite this