Modern cloud infrastructures run data-intensive workloads in multi-tenant environments, where shared hardware resources–especially CPU caches–are vulnerable to side-channel attacks that reveal access patterns [2]. While cache isolation can mitigate these risks, it is impractical at scale [3]. Processing-in-Memory
(PIM) architectures, like UPMEM’s, restructure traditional von Neumann architectures by embedding small RISC-style processors directly into DRAM chips
[5, 4]. A PIM architecture can be beneficial for combating some classes of sidechannel attacks, because moving computation closer to data inherently reduces
the amount of cache-based leakage. Current PIM systems lack critical security
primitives such as secure key storage and random number generation, however
some simulated PIM architectures have included such hardware extensions [1].
Additionally, we currently see no mechanism to leverage Trusted Execution Environments (TEEs) like Intel SGX and Arm TrustZone to extend their protection
to PIM modules, leaving PIM fully exposed in scenarios with strong adversaries.
We propose a software-based solution leveraging a trusted hypervisor and TPM
to enable PIM computation within a trusted environment.
History
Primary Research Area
Secure Connected and Mobile Systems
Open Access Type
Not Open Access
BibTeX
@misc{van Rissenbeck:Choudhari:Rossow:2025,
title = "Poster: Isolating PIM from OS Level Adversaries",
author = "van Rissenbeck, Fabian" AND "Choudhari, Amit Pravin" AND "Rossow, Christian",
year = 2025,
month = 3,
doi = "10.46586/uasc.2025.202"
}