MULTI-TENANCY PROTECTION FOR ACCELERATORS

An accelerator includes a memory, a compute zone to receive an encrypted workload downloaded from a tenant application running in a virtual machine on a host computing system attached to the accelerator, and a processor subsystem to execute a cryptographic key exchange protocol with the tenant appli...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Gupta, Niraj, Ni Scanaill, Cliodhna, Piel, Tuyet-Trang, Shah, Mitul, Bucsa, Mihai Bogdan, Mungara, Subba, B, Sivakumar, Zhu, Lingyun, Zubarev, Roman, Taylor, Stewart, Kadam, Akshay, Qian, Yi, Lim, Raynald, Budnikov, Dmitry, Becker, Ricardo, Booth, JR., Lawrence, Tu, Steven
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:An accelerator includes a memory, a compute zone to receive an encrypted workload downloaded from a tenant application running in a virtual machine on a host computing system attached to the accelerator, and a processor subsystem to execute a cryptographic key exchange protocol with the tenant application to derive a session key for the compute zone and to program the session key into the compute zone. The compute zone is to decrypt the encrypted workload using the session key, receive an encrypted data stream from the tenant application, decrypt the encrypted data stream using the session key, and process the decrypted data stream by executing the workload to produce metadata.