Chenxu Wang (Southern University of Science and Technology (SUSTech) and The Hong Kong Polytechnic University), Junjie Huang (Southern University of Science and Technology (SUSTech)), Yujun Liang (Southern University of Science and Technology (SUSTech)), Xuanyao Peng (Southern University of Science and Technology (SUSTech) and University of Chinese Academy of Sciences), Yuqun Zhang (Southern University of Science and Technology (SUSTech)), Fengwei Zhang (Southern University of Science and Technology (SUSTech)), Jiannong Cao (Hong Kong Polytechnic University), Hang Lu (University of Chinese Academy of Sciences), Rui Hou (University of Chinese Academy of Sciences), Shoumeng Yan (Ant Group), Tao Wei (Ant Group), Zhengyu He (Ant Group)
Accelerator trusted execution environment (TEE) is a popular technique that provides strong confidentiality, integrity, and isolation protection on sensitive data/code in accelerators. However, most studies are designed for a specific CPU or accelerator and thus lack generalizability. Recent TEE surveys partially summarize the threats and protections of accelerator computing, while they have yet to provide a guide to building an accelerator TEE and compare the pros and cons of their security solutions. In this paper, we provide a holistic analysis of accelerator TEEs over the years. We conclude a typical framework of building an accelerator TEE and summarize the widely-used attack vectors, ranging from software to physical attacks. Furthermore, we provide a systematization of accelerator TEE's three major security mechanisms: (1) access control, (2) memory encryption/decryption, and (3) attestation. For each aspect, we compare varied security solutions in existing studies and conclude their insights. Lastly, we analyze the factors that influence the TEE deployment on real-world platforms, especially on the trusted computing base (TCB) and compatibility issues.