Poster: Isolating PIM from OS Level Adversaries

Modern cloud infrastructures run data-intensive workloads in multi-tenant environments, where shared hardware resources–especially CPU caches–are vulnerable to side-channel attacks that reveal access patterns [2]. While cache isolation can mitigate these risks, it is impractical at scale [3]. Processing-in-Memory (PIM) architectures, like UPMEM’s, restructure traditional von Neumann architectures by embedding small RISC-style processors directly into DRAM chips [5, 4]. A PIM architecture can be beneficial for combating some classes of sidechannel attacks, because moving computation closer to data inherently reduces the amount of cache-based leakage. Current PIM systems lack critical security primitives such as secure key storage and random number generation, however some simulated PIM architectures have included such hardware extensions [1]. Additionally, we currently see no mechanism to leverage Trusted Execution Environments (TEEs) like Intel SGX and Arm TrustZone to extend their protection to PIM modules, leaving PIM fully exposed in scenarios with strong adversaries. We propose a software-based solution leveraging a trusted hypervisor and TPM to enable PIM computation within a trusted environment.