Data Processing Unit's Entry into Confidential Computing

Data Processing Unit's Entry into Confidential Computing

연구 분야: Verification

학회: HASP '23: Proceedings of the 12th International Workshop on Hardware and Architectural Support for Security and Privacy

One of the biggest transformations in the datacenter in the past decade has been the rapid growth of heterogenous computing involving HW accelerators to allow application specific offloads for power and performance efficiencies. There is a major shift from the monolithic servers to dynamically composable systems consisting of disaggregated memory, storage and compute resources to meet the needs of compute intensive applications such as AI/ML and HPC. At the same time, with the increased adoption of confidential computing in the public cloud, the industry has realized the need to extend the security assurance of trusted execution environment (TEE) from the CPU to devices. While this has resulted in the emergence of new security standards such as TDISP (PCI-SIG's TEE Device Interface Security Protocol), the interface security is only useful if the device also implements a TEE. Data Processing Unit (DPU), the next generation of SmartNICs, have a key role in the new datacenter architecture and must provide high-speed networking, efficient data transfer protocols, and new services while meeting the confidential computing workload needs. In this position paper, we explain how the problem of making a TEE capable DPU differs from those of compute accelerators like GPUs and FPGAs. We describe DPU's threat model which include DPU specific threats, discuss the challenges and suggest design considerations that can help in exploring DPU TEE architecture options.