Building Confidential Accelerator Computing Environment for Arm CCA

This research presents CAGE, a system that adds support for confidential accelerators (specialized processing hardware like GPUs and FPGAs) to Arm CCA (Confidential Computing Architecture, which creates isolated execution regions called realms for protecting sensitive data). The system uses a novel shadow task mechanism and memory isolation to protect data confidentiality and integrity without requiring hardware changes, achieving this with only moderate performance overhead.