Abstract
Machine learning accelerators such as the Tensor Processing Unit (TPU) are already being deployed in the hybrid cloud, and we foresee this number proliferating in the future. In such scenarios, secure access to the acceleration service and trustworthiness of the underlying accelerators become a concern. In this work, we present AccShield: A new method to extend trusted execution environments (TEE) to cloud TPUs which takes both isolation and multi-tenancy into security consideration. We demonstrate the feasibility of end-to-end secure and zero-trust TPU acceleration. Experiments with our prototype implementation also provide concrete results and insights for building TEEs in the hybrid cloud in a zero-trust security model.
