Related papers: Enabling Performant and Secure EDA as a Service in Public Clouds Using Confidential Containers

Enabling Performant and Secure EDA as a Service in Public Clouds Using Confidential Containers

URL: http://arxiv.org/abs/2407.06040v1
Date: Mon, 8 Jul 2024 15:36:30 GMT
Title: Enabling Performant and Secure EDA as a Service in Public Clouds Using Confidential Containers
Authors: Mengmei Ye, Derren Dunn, Daniele Buono, Angelo Ruocco, Claudio Carvalho, Tobin Feldman-fitzthum, Hubertus Franke, James Bottomley,
Abstract summary: Security concerns with public cloud bursting arise from having to protect process design kits, third party intellectual property, and new design data for semiconductor devices and chips. One way to address security concerns for public cloud bursting is to leverage confidential containers for EDA workloads. A complete end-to-end confidential container-based EDA workload exhibits 7.13% and 2.05% performance overheads over bare-metal container and VM based solutions, respectively.
Score: 1.1127784392971594
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: Increasingly, business opportunities available to fabless design teams in the semiconductor industry far exceed those addressable with on-prem compute resources. An attractive option to capture these electronic design automation (EDA) design opportunities is through public cloud bursting. However, security concerns with public cloud bursting arise from having to protect process design kits, third party intellectual property, and new design data for semiconductor devices and chips. One way to address security concerns for public cloud bursting is to leverage confidential containers for EDA workloads. Confidential containers add zero trust computing elements to significantly reduce the probability of intellectual property escapes. A key concern that often follows security discussions is whether EDA workload performance will suffer with confidential computing. In this work we demonstrate a full set of EDA confidential containers and their deployment and characterize performance impacts of confidential elements of the flow including storage and networking. A complete end-to-end confidential container-based EDA workload exhibits 7.13% and 2.05% performance overheads over bare-metal container and VM based solutions, respectively.

Related papers

LLM Agents Should Employ Security Principles [60.03651084139836]
This paper argues that the well-established design principles in information security should be employed when deploying Large Language Model (LLM) agents at scale.<n>We introduce AgentSandbox, a conceptual framework embedding these security principles to provide safeguards throughout an agent's life-cycle.
arXiv Detail & Related papers (2025-05-29T21:39:08Z)
PWC-MoE: Privacy-Aware Wireless Collaborative Mixture of Experts [59.5243730853157]
Large language models (LLMs) hosted on cloud servers alleviate the computational and storage burdens on local devices but raise privacy concerns.<n>Small language models (SLMs) running locally enhance privacy but suffer from limited performance on complex tasks.<n>We propose a privacy-aware wireless collaborative mixture of experts (PWC-MoE) framework to balance computational cost, performance, and privacy protection under bandwidth constraints.
arXiv Detail & Related papers (2025-05-13T16:27:07Z)
SA2FE: A Secure, Anonymous, Auditable, and Fair Edge Computing Service Offloading Framework [12.374158415720366]
This paper presents SA2FE, a novel framework for edge access control, offloading and accounting. We design a rerandomizable puzzle primitive and a corresponding scheme to protect sensitive service information from eavesdroppers. Blind token-based scheme safeguards user privacy, prevents double spending, and ensures usage accountability.
arXiv Detail & Related papers (2025-04-28T21:05:03Z)
Extending Lifetime of Embedded Systems by WebAssembly-based Functional Extensions Including Drivers [46.538276603099916]
We present Wasm-IO, a framework designed to facilitate peripheral I/O operations within WebAssembly (Wasm) containers. We detail synchronous I/O and methods for embedding platform-independent peripheral configurations within Wasm binaries.
arXiv Detail & Related papers (2025-03-10T17:22:00Z)
VMGuard: Reputation-Based Incentive Mechanism for Poisoning Attack Detection in Vehicular Metaverse [52.57251742991769]
vehicular Metaverse guard (VMGuard) protects vehicular Metaverse systems from data poisoning attacks. VMGuard implements a reputation-based incentive mechanism to assess the trustworthiness of participating SIoT devices. Our system ensures that reliable SIoT devices, previously missclassified, are not barred from participating in future rounds of the market.
arXiv Detail & Related papers (2024-12-05T17:08:20Z)
Privacy-Preserving Decentralized AI with Confidential Computing [0.7893328752331561]
This paper addresses privacy protection in decentralized Artificial Intelligence (AI) using Confidential Computing (CC) within the Atoma Network. CC leverages hardware-based Trusted Execution Environments (TEEs) to provide isolation for processing sensitive data. We explore how we can integrate TEEs into Atoma's decentralized framework.
arXiv Detail & Related papers (2024-10-17T16:50:48Z)
The Impact of SBOM Generators on Vulnerability Assessment in Python: A Comparison and a Novel Approach [56.4040698609393]
Software Bill of Materials (SBOM) has been promoted as a tool to increase transparency and verifiability in software composition. Current SBOM generation tools often suffer from inaccuracies in identifying components and dependencies. We propose PIP-sbom, a novel pip-inspired solution that addresses their shortcomings.
arXiv Detail & Related papers (2024-09-10T10:12:37Z)
Software-based Security Framework for Edge and Mobile IoT [0.5735035463793009]
This work focuses on designing secure communication among remote servers and embedded IoT devices. The proposed approach uses lightweight cryptography, optimizing device performance and security without overburdening their limited resources.
arXiv Detail & Related papers (2024-04-09T16:25:13Z)
Trustworthy confidential virtual machines for the masses [1.6503985024334136]
We present Revelio, an approach that allows confidential virtual machine (VM)-based workloads to be designed and deployed in a way that disallows tampering even by the service providers. We focus on web-facing workloads, protect them leveraging SEV-SNP, and enable end-users to remotely attest them seamlessly each time a new web session is established.
arXiv Detail & Related papers (2024-02-23T11:54:07Z)
HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z)
The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z)
Fortress: Securing IoT Peripherals with Trusted Execution Environments [2.2476099815732518]
Internet of Things (IoT) devices often collect confidential information, such as audio and visual data, through peripheral inputs like microphones and cameras. We propose a generic design to enhance the privacy in IoT-based systems by isolating peripheral I/O memory regions in a secure kernel space of a trusted execution environment (TEE) The sensitive peripheral data is then securely transferred to a user-space TEE, where obfuscation mechanisms can be applied before it is relayed to third parties, e.g., the cloud.
arXiv Detail & Related papers (2023-12-05T07:12:58Z)
Putting a Padlock on Lambda -- Integrating vTPMs into AWS Firecracker [49.1574468325115]
Software services place implicit trust in the cloud provider, without an explicit trust relationship. There is currently no cloud provider that exposes Trusted Platform Module capabilities. We improve trust by integrating a virtual TPM device into the Firecracker, originally developed by Amazon Web Services.
arXiv Detail & Related papers (2023-10-05T13:13:55Z)
Safe Distillation Box [62.32105311993915]
We propose a novel framework, termed as Safe Distillation Box (SDB), that allows us to wrap a pre-trained model in a virtual box for intellectual property protection. SDB preserves the inference capability of the wrapped model to all users, but precludes KD from unauthorized users. For authorized users, on the other hand, SDB carries out a knowledge augmentation scheme to strengthen the KD performances and the results of the student model.
arXiv Detail & Related papers (2021-12-05T05:01:55Z)
Auto-Split: A General Framework of Collaborative Edge-Cloud AI [49.750972428032355]
This paper describes the techniques and engineering practice behind Auto-Split, an edge-cloud collaborative prototype of Huawei Cloud. To the best of our knowledge, there is no existing industry product that provides the capability of Deep Neural Network (DNN) splitting.
arXiv Detail & Related papers (2021-08-30T08:03:29Z)
Privacy and Integrity Preserving Training Using Trusted Hardware [4.5843599120944605]
DarKnight is a framework for large computation training while protecting input privacy and integrity. DarKnight relies on cooperative execution between trusted execution environments (TEE) and accelerators.
arXiv Detail & Related papers (2021-05-01T19:33:28Z)

This list is automatically generated from the titles and abstracts of the papers in this site.