议会联盟组织内部的保密机器学习 (Confidential Machine Learning within Graphcore IPUs)

Kapil Vaswani,Stavros Volos,Cédric Fournet,Antonio Nino Diaz,Ken Gordon,Balaji Vembu,Sam Webster,David Chisnall,Saurabh Kulkarni,Graham Cunningham,Richard Osborne,Dan Wilkinson

We present IPU Trusted Extensions (ITX), a set of experimental hardware extensions that enable trusted execution environments in Graphcore's AI accelerators. ITX enables the execution of AI workloads with strong confidentiality and integrity guarantees at low performance overheads. ITX isolates workloads from untrusted hosts, and ensures their data and models remain encrypted at all times except within the IPU. ITX includes a hardware root-of-trust that provides attestation capabilities and orchestrates trusted execution, and on-chip programmable cryptographic engines for authenticated encryption of code and data at PCIe bandwidth. We also present software for ITX in the form of compiler and runtime extensions that support multi-party training without requiring a CPU-based TEE. Experimental support for ITX is included in Graphcore's GC200 IPU taped out at TSMC's 7nm technology node. Its evaluation on a development board using standard DNN training workloads suggests that ITX adds less than 5% performance overhead, and delivers up to 17x better performance compared to CPU-based confidential computing systems relying on AMD SEV-SNP.

翻译：我们介绍了议会联盟信任的扩展(ITX),这是一套实验硬件扩展,使Greamon's AI加速器中的可信任的执行环境成为可能。ITX能够在低性能管理器中执行具有高度保密性和完整性保障的AI工作量。ITX将工作量从不信任的东道主中分离出来,并确保其数据和模型始终加密,但议会联盟内部除外。ITX包括一个提供证明能力和可信赖的管弦执行的硬件根根,以及用于PCIe带宽代码和数据的认证加密的芯片可编程密码引擎。我们还以编译器和运行时间扩展的形式为ITX提供了软件,支持多党培训,而不需要基于CPU的TEE。对ITX的实验性支持包括在Gacore GC200 议会联盟的GC200技术节点中,在TISMC的7nm技术节点中被胶带出来。它利用标准的 DNN培训工作量在开发委员会上进行的评价表明,ITX增加了不到5%的业绩管理费,并且比依靠ACV SE-SNP的保密计算系统达到17x更好的业绩。

相关内容