Confidential Computing on Heterogeneous Systems: Survey and Implications

近年来，广泛的信息化和快速的数据爆炸增加了对高性能异构系统的需求，这些系统集成了多个计算核心，如CPU、图形处理器（GPU）、应用特定集成电路（ASIC）、现场可编程门阵列（FPGA）和神经处理单元（NPU）。由于其多功能性，CPU和GPU的组合特别受欢迎。然而，这些异构系统面临着重大的安全和隐私风险。隐私保护技术的进步，特别是基于硬件的可信执行环境（TEE），为GPU应用程序提供了有效的保护。尽管如此，在异构系统中将TEE扩展到GPU所涉及的潜在安全风险仍然不确定，需要进一步研究。为了深入研究这些风险，我们研究了现有的流行GPU TEE设计，并总结和比较了它们的关键影响。此外，我们还回顾了已部署在CPU上的GPU和传统TEE的现有强大攻击，以及缓解这些威胁的努力。我们确定了GPU TEE引入的潜在攻击面，并提供了设计安全GPU TEE的关键考虑因素的见解。随着新的TEE，特别是GPU的TEE正在开发中，这项调查具有及时性，突显了理解潜在安全威胁并构建高效且安全的系统的必要性。

GPU TEE security risks in heterogeneous systems need further investigation

Hardware-based Trusted Execution Environments (TEE) can offer effective protection for GPU applications, but potential security risks need to be studied. The paper reviews existing GPU TEE designs, powerful attacks on GPUs and traditional TEEs, and identifies potential attack surfaces introduced by GPU TEEs.

The paper provides insights into key considerations for designing secure GPU TEEs. It also discusses the need for efficient and secure systems as new TEEs for heterogeneous systems, particularly GPUs, are being developed. The paper reviews and compares existing popular GPU TEE designs and their implications.

Recent related research includes 'A Survey of GPU-based Side Channel Attacks and Countermeasures' and 'A Survey of Hardware-based Trusted Execution Environments'.