Enabling Performant and Secure EDA as a Service in Public Clouds Using Confidential Containers

TL;DR

This paper demonstrates a secure, confidential container-based approach for electronic design automation (EDA) in public clouds, showing minimal performance overheads compared to traditional solutions.

Contribution

It introduces a full set of confidential containers for EDA workloads and evaluates their deployment and performance impacts in cloud environments.

Findings

Confidential containers reduce IP leakage risk in cloud EDA workflows.

End-to-end confidential container EDA workflows have about 7.13% overhead compared to bare-metal.

Performance overheads are minimal, making confidential containers viable for secure cloud EDA.

Abstract

Increasingly, business opportunities available to fabless design teams in the semiconductor industry far exceed those addressable with on-prem compute resources. An attractive option to capture these electronic design automation (EDA) design opportunities is through public cloud bursting. However, security concerns with public cloud bursting arise from having to protect process design kits, third party intellectual property, and new design data for semiconductor devices and chips. One way to address security concerns for public cloud bursting is to leverage confidential containers for EDA workloads. Confidential containers add zero trust computing elements to significantly reduce the probability of intellectual property escapes. A key concern that often follows security discussions is whether EDA workload performance will suffer with confidential computing. In this work we demonstrate a full set of EDA confidential containers and their deployment and characterize performance impacts of confidential elements of the flow including storage and networking. A complete end-to-end confidential container-based EDA workload exhibits 7.13% and 2.05% performance overheads over bare-metal container and VM based solutions, respectively.