Julian James Stephen

Zhongshu Gu, Enriquillo Valdez, Salman Ahmed et al. · ibm-research

NVIDIA GPU Confidential Computing (GPU-CC) aims to provide secure execution for AI workloads. For end users, enabling GPU-CC is seamless and requires no modifications to existing applications. However, this ease of adoption relies on a proprietary and highly complex system that is difficult to inspect, creating challenges for researchers seeking to understand its architecture and security landscape. In this work, we provide a security look at GPU-CC by reconstructing a coherent view of the system. We first examine the system's blueprint, focusing on the specialized architectural engines that support its security mechanisms. We then analyze the bootstrap process, which coordinates hardware and software components to establish these protections. Finally, we conduct targeted experiments to assess whether, under the GPU-CC threat model, data transfers along different paths remain protected across the bridge between trusted CPU and GPU domains. We responsibly disclosed all security findings presented in this paper to the NVIDIA Product Security Incident Response Team (PSIRT).

Shriti Priya, Julian James Stephen, Arjun Natarajan

Enterprises and organizations today increasingly deploy in-house, cloud based applications and APIs for internal operations or external customers. These deployments deal with increasing number of threats, despite security features offered by cloud service providers. This work focus on threats that exploit application layer vulnerabilities of cloud workloads. Prevention and mitigation measures against such threats need to be cognizant of application semantics, posing a hurdle to existing solutions. In this work, we design and implement a security framework that allow cloud workload administrators to easily define and enforce policies capable of preventing (i) unrestricted resource consumption, (ii) unrestricted access to sensitive business flows, and (iii) broken authentication. Our framework, Paladin, leverages large language models to extract sufficient semantic meaning from API requests to provide cloud administrators with an application agnostic policy definition interface. Once defined, requests are automatically matched with relevant policies and enforced by high performance proxies. Evaluations with our prototype show that such a framework has broad applicability across applications, good policy identification accuracy, and reasonable overheads, making it substantially easier to define and enforce cross application policies.