Scalable GPU-Based Integrity Verification for Large Machine Learning Models

TL;DR

This paper introduces a GPU-based integrity verification framework for large machine learning models that reduces overhead and enhances security by performing cryptographic operations directly on GPUs, ensuring scalable and consistent protections across hardware.

Contribution

It presents a novel GPU-integrated cryptographic verification approach that aligns security checks with ML model execution, improving performance and hardware compatibility.

Findings

Verification overheads are significantly reduced.

Integrity checks keep pace with large models exceeding 100GB.

Framework works across different GPU vendors and configurations.

Abstract

We present a security framework that strengthens distributed machine learning by standardizing integrity protections across CPU and GPU platforms and significantly reducing verification overheads. Our approach co-locates integrity verification directly with large ML model execution on GPU accelerators, resolving the fundamental mismatch between how large ML workloads typically run (primarily on GPUs) and how security verifications traditionally operate (on separate CPU-based processes), delivering both immediate performance benefits and long-term architectural consistency. By performing cryptographic operations natively on GPUs using dedicated compute units (e.g., Intel Arc's XMX units, NVIDIA's Tensor Cores), our solution eliminates the potential architectural bottlenecks that could plague traditional CPU-based verification systems when dealing with large models. This approach leverages the same GPU-based high-memory bandwidth and parallel processing primitives that power ML workloads ensuring integrity checks keep pace with model execution even for massive models exceeding 100GB. This framework establishes a common integrity verification mechanism that works consistently across different GPU vendors and hardware configurations. By anticipating future capabilities for creating secure channels between trusted execution environments and GPU accelerators, we provide a hardware-agnostic foundation that enterprise teams can deploy regardless of their underlying CPU and GPU infrastructures.