Abstract

Trusted Execution Environments (TEEs) have been widely used for protecting endpoints and clouds for the past two decades. However, it primarily focuses on CPU processors and has not carefully considered other processors, such as GPUs. Worse, due to the vulnerable GPU software and non-confidential GPU hardware designs, attacking the GPU is not challenging and can cause severe data leakage. To address this problem, the industry/academy design GPU TEEs. We introduce two GPU TEEs: StrongBox, a GPU TEE designed for Arm endpoints such as smartphones, and CAGE, a GPU TEE tailored for Arm's latest Confidential Computing Architecture. Besides building GPU TEEs, we also discovered a GPU TEE vulnerability (MOLE) on a GPU-embedded Microcontroller Unit (MCU), which enables an attacker to leak sensitive data within the GPU TEE.

About the speaker

Dr. Fengwei Zhang is the Director of the COMPASS (COMPuter And Systems Security) Lab and a tenured Associate Professor at the Department of Computer Science and Engineering at Southern University of Science and Technology, China. Before that, he joined Wayne State University as an assistant professor at the department of computer science from 2015 to 2019. His primary research interests are in the areas of systems security, including trusted execution environments (e.g., Arm TrustZone/CCA), GPU confidential computing, debugging transparency, system introspection, and hardware- assisted security. He has published over 100 conference/journal papers, including IEEE S&P, USENIX Security, ACM CCS, NDSS, IEEE TIFS, and IEEE TDSC. He is a recipient of the Distinguished Paper Award in ACSAC 2017 and the Runner-up Best Paper Award in IEEE/IFIP DSN 2020. His high-quality work received 3 NSF Awards in the USA. He is currently the Principal Investigator of the projects from NSFC and industries. He is a senior member of ACM, a senior member of IEEE, and a distinguished member of CCF.