{"id":13642128,"url":"https://sectrs-acai.github.io/acai","last_synced_at":"2025-04-20T15:34:58.241Z","repository":{"id":203486587,"uuid":"688907565","full_name":"sectrs-acai/acai","owner":"sectrs-acai","description":"Protecting Accelerator Execution with Arm Confidential Computing Architecture (USENIX Security 2024)","archived":false,"fork":false,"pushed_at":"2023-12-11T14:39:46.000Z","size":11597,"stargazers_count":19,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"trusted-periph/master","last_synced_at":"2024-08-03T01:25:47.791Z","etag":null,"topics":["armcca","armv9","confidential-computing"],"latest_commit_sha":null,"homepage":"https://sectrs.ethz.ch/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sectrs-acai.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.org","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-09-08T11:05:20.000Z","updated_at":"2024-07-02T00:31:02.000Z","dependencies_parsed_at":null,"dependency_job_id":"60a17efe-288a-4d4e-9a49-32d65bfed9c0","html_url":"https://github.com/sectrs-acai/acai","commit_stats":null,"previous_names":["sectrs-acai/acai"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sectrs-acai%2Facai","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sectrs-acai%2Facai/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sectrs-acai%2Facai/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sectrs-acai%2Facai/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sectrs-acai","download_url":"https://codeload.github.com/sectrs-acai/acai/tar.gz/refs/heads/trusted-periph/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223832822,"owners_count":17210717,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["armcca","armv9","confidential-computing"],"created_at":"2024-08-02T01:01:27.855Z","updated_at":"2024-11-09T13:30:27.134Z","avatar_url":"https://github.com/sectrs-acai.png","language":"C","funding_links":[],"categories":["Other TEEs"],"sub_categories":["Memory Protection"],"readme":"# ACAI\n[![License: MIT](https://img.shields.io/badge/USENIX%20Security%20'24-Accepted%20Paper-blue)](https://www.usenix.org/conference/usenixsecurity24/presentation/sridhara)\n[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](https://opensource.org/licenses/MIT)\n[![acai-artifact-eval](https://github.com/sectrs-acai/acai/actions/workflows/build-acai.yml/badge.svg)](https://github.com/sectrs-acai/acai/actions/workflows/build-acai.yml)\n[![Twitter](https://img.shields.io/twitter/follow/sectrs_ethz)](https://twitter.com/sectrs_ethz)\n\n\n\n\u003cimg src=\"https://github.com/sectrs-acai/acai/assets/2311941/60969033-76c2-408e-b07d-f70830f449a8\" width=\"600\"\u003e\n\n\n## Abstract \nTrusted execution environments in several existing and upcoming CPUs demonstrate\nthe success of confidential computing, with the caveat that tenants cannot use\naccelerators such as GPUs and FPGAs. Even after hardware changes to enable TEEs\non both sides and software changes to adopt existing code to leverage these\nfeatures, it results in redundant data copies and hardware encryption at the\nbus-level and on the accelerator thus degrading the performance and defeating\nthe purpose of using accelerators. In this paper, we reconsider the Arm\nConfidential Computing Architecture (CCA) design — an upcoming TEE feature in\nArm v9 — to address this gap. We observe that CCA offers the right abstraction\nand mechanisms to allow confidential VMs to use accelerators as a first class\nabstraction, while relying on the hardware-based memory protection to preserve\nsecurity. We build ACAI, a CCA-based solution, to demonstrate the feasibility of\nour approach while addressing several critical security gaps. Our experimental\nresults on GPU and FPGA show that ACAI can achieve strong security guarantees\nwhile maintaining performance and compatibility.\n\n\n```TeX\n@article{DBLP:journals/corr/abs-2305-15986,\n  author       = {Supraja Sridhara and Andrin Bertschi and Benedict Schl{\\\"{u}}ter and Mark Kuhne and Fabio Aliberti and Shweta Shinde},\n  title        = {{ACAI:} Extending Arm Confidential Computing Architecture Protection\n                  from CPUs to Accelerators},\n  journal      = {CoRR},\n  volume       = {abs/2305.15986},\n  year         = {2023},\n  url          = {https://doi.org/10.48550/arXiv.2305.15986},\n  doi          = {10.48550/ARXIV.2305.15986},\n  eprinttype    = {arXiv},\n  eprint       = {2305.15986},\n  timestamp    = {Wed, 07 Jun 2023 14:31:13 +0200},\n  biburl       = {https://dblp.org/rec/journals/corr/abs-2305-15986.bib},\n  bibsource    = {dblp computer science bibliography, https://dblp.org}\n}\n```\n\nhttps://arxiv.org/abs/2305.15986\n\n## Build the Project\n\nPlease follow [Artifact Evaluation](./doc/artifact-evaluation.md) for\ninstructions how to build and run the project. You find more tutorials and\ndocumentation [here](./doc).\n\n## Files and Directories\n\n``` sh\n/ext...................................: External project dependencies \n/buildconf.............................: Scripts and configuration to build artifacts\n/scripts...............................: Helper scripts\n/output................................: Artifact output\n/output-distrobox......................: Artifact output built in container\n/src...................................: Sources and source submodules\n/scr/tfa...............................: TFA Monitor\n/src/rmm...............................: RMM\n/src/linux-cca-guest...................: CCA-enabled kernel\n/src/fpga_driver.......................: PCIe bypass for FPGA\n/src/fpga_driver/fh_host...............: ioctl library for PCIe bypass on x86\n/src/fpga_driver/fpga_escape_libhook...: x86 FPGA Userspace Manager\n/src/fpga_driver/xdma..................: x86 FPGA Host driver\n/src/fpga_driver/xdma_stub.............: aarch64 FPGA guest driver\n/src/fpga_driver/libhook...............: FVP memory alignment for DMA/ mmap\n/src/fpga_driver/devmem_intercept .....: ACAI aarch64 kernel helper\n/src/gpu_driver........................: PCIe bypass for GPU\n/src/gpu_driver/gdev-guest.............: aarch64 GPU guest driver\n/src/gpu_driver/gdev-host..............: x86 GPU host driver\n/src/gpu_driver/gpu_gdev_usr_manager...: x86 GPU Userspace Manager\n/src/gpu_driver/rodinia-bench..........: GPU Benchmarks CUDA Driver API\n/src/benchmarking/fpga.................: FPGA Benchmarks\n/src/linux-host........................: Faulthook host kernel\n/src/encrypted-cuda....................: Encryption layer\n/src/kvmtool...........................: Virtual Machine Manager\n/src/tfa-tests.........................: TFA tests\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/sectrs-acai.github.io%2Facai","html_url":"https://awesome.ecosyste.ms/projects/sectrs-acai.github.io%2Facai","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/sectrs-acai.github.io%2Facai/lists"}