簡易檢索 / 詳目顯示

回結果列表
研究生: 李佳璋
Li, Chia-Chang
論文名稱: 以圖形處理器權限控管進行多使用者間之資訊隔離
GACII:GPU Access Control for Information Isolation on Multi-user Platforms
指導教授: 李哲榮
Lee, Che-Rung
口試委員: 周志遠
Chou, Jerry
辜善群
Ku, Shan-Chyun
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 資訊工程學系
Computer Science
論文出版年: 2023
畢業學年度: 111
語文別: 中文
論文頁數: 30
中文關鍵詞: 虛擬化圖形處理器權限控管
外文關鍵詞: Virtualization, GPU, Access Control
相關次數: 點閱:45下載:2
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 圖形處理器的平行架構使其成為能負責多樣計算密集任務的強力加速器,例如電腦遊戲,科學計算,密碼學與人工智慧模型訓練與推論。在多個雲端平台上,圖形加速器是一個稀缺的硬體資源且被平台上各個使用者所共用。為了實現不同使用者之間的資訊隔離,圖形處理器上的權限控制成為一樣重要的技術,用以防止多個使用者在使用圖形處理器存取資料時造成的資訊洩漏。然而,圖形處理器中缺乏記憶體的歸零機制,再加上驅動程式的漏洞,都為數據的機密性與系統完整性帶來風險。 在本篇論文中,我們提出了一種新的系統架構。稱為GACII,用於在多使用者平台上提供圖形處理器權限控管以實現資訊隔離,GACII結合了 InformationIsolation 和 Mandatory Access Control,以保護機密資訊。此外,通過精心設計,使用者可以像在正常環境中一樣進行編譯與執行。同時不會犧牲所需的性能。

    The massive parallel architecture makes Graph Processing Unit (GPU) a powerful accelerator for various computational intensive tasks, such as computer games, scientific computation, cryptocurrency, and AI model training and inferences. In many cloud platforms, GPUs are scarce computing resources and shared by multiple users. To achieve information isolation among different user programs, GPU access control is an essential technology to prevent the information leaking for program execution and data access when using GPUs. However, the lack of a zeroing mechanism in GPUs, combined with vulnerabilities in user-land drivers, poses risks to both data confidentiality and system integrity.
    In this thesis, we propose a novel system architecture, called GACII, to provide GPU access control for information isolation in multi-user platforms. GACII combines resource isolation and mandatory access control measures with the aim of establishing a secure computing environment. It encompasses an authentication mechanism for authorized GPU access, as well as the integration of mandatory access control mechanisms to safeguard sensitive resources. Furthermore, with a careful design, user programs can be complied and executed as they do in a normal environment without scarifying the desired performance.

    摘要-------1 目錄-------3 第一章-----7 第二章-----10 第三章-----16 第四章-----24 第五章-----28 參考文獻---29

    1. Svetlin A Manavski. “CUDA compatible GPU as an efficient hardware accelerator for AES cryptography”. 2007 IEEE International Conference on Signal Processing and Communications. IEEE. 2007, pp. 65–68.
    2. Wuqiong Pan et al. “An efficient elliptic curve cryptography signature server with GPU acceleration”. IEEE Transactions on Information Forensics and Security 12.1 (2016), pp. 111–122.
    3. Adam S Hayes. “Cryptocurrency value formation: An empirical study leading to a cost of production model for valuing bitcoin”. Telematics and informatics 34.7 (2017), pp. 1308–1321.
    4. Jared Kaplan et al. Scaling Laws for Neural Language Models. 2020. arXiv: 2001.08361 [cs.LG].
    5. Stella Biderman et al. Pythia: A Suite for Analyzing Large Language Models Across Training and Scaling. 2023. arXiv: 2304.01373 [cs.CL].
    6. Sparsh Mittal. “A Survey on optimized implementation of deep learning models on the NVIDIA Jetson platform”. Journal of Systems Architecture 97 (2019), pp. 428–442.
    7. Expand Horizons with NVIDIA in the Cloud,howpublished=https://www.nvidia.com/en-us/data-center/gpu-cloud-computing/.
    8. Cloud GPUs,howpublished=https://cloud.google.com/gpu.
    9. AWS GPU,howpublished=https://docs.aws.amazon.com/zh_tw/dlami/latest/ devguide/gpu.html.
    10. Clémentine Maurice et al. “Confidentiality issues on a GPU in a virtualized environment”. Financial Cryptography and Data Security: 18th International Conference, FC 2014, Christ Church, Barbados, March 3-7, 2014, Revised Selected Papers 18. Springer. 2014, pp. 119–135.
    11. Hoda Naghibijouybari et al. “Rendered insecure: Gpu side channel attacks are practical”. Proceedings of the 2018 ACM SIGSAC conference on computer and communications security. 2018, pp. 2139–2153.
    12. Security Bulletin: NVIDIA CUDA Toolkit-April2023,howpublished=https://nvidia.custhelp.com/app/answers/detail/a_id/5456.
    13. Mohamed Sabt, Mohammed Achemlal, and Abdelmadjid Bouabdallah. “Trusted execution environment: what it is, and what it is not”. 2015 IEEE Trustcom/BigDataSE/Ispa. Vol. 1. IEEE. 2015, pp. 57–64.
    14. Intel® Software Guard Extensions (Intel® SGX),howpublished=https: //www.intel.sg/content/www/xa/en/architecture-and-technology/software-guard-extensions.html.
    15. About OP-TEE. https://optee.readthedocs.io/en/latest/general/ about.html.
    16. TrustedFirmware-A (TF-A). https://www.trustedfirmware.org/projects/ tf-a/.
    17. IBM DAC,howpublished=https://www.ibm.com/docs/en/zos/2.3.0?topic= environment-discretionary-access-control-dac.
    18. IBM MAC, howpublished=https://www.ibm.com/docs/en/zos/2.3.0?topic= environment-mandatory-access-control-mac.
    19. IBM SELinux,howpublished=https://www.ibm.com/docs/zh-tw/db2/11.1?topic=security-selinux.
    20. Stavros Volos, Kapil Vaswani, and Rodrigo Bruno. “Graviton: Trusted Execution Environments on GPUs.” OSDI. 2018, pp. 681–696.
    21. Insu Jang et al. “Heterogeneous isolated execution for commodity gpus”. Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems. 2019, pp. 455–468.
    22. Lizhi Sun et al. “LEAP: TrustZone Based Developer-Friendly TEE for Intelligent Mobile Apps”. IEEE Transactions on Mobile Computing (2022).
    23. Heejin Park and Felix Xiaozhu Lin. “Safe and practical GPU acceleration in trustzone”. arXiv preprint arXiv:2111.03065 (2021).

    QR CODE