Matthew Braun
Matthew Braun has over 20 years of experience operating and testing secure system across government, defense, and private industry sectors. In his current role as Director of Security at Fly.io, a public cloud provider, Matt's responsibilities cover the entirety of Fly.io's security program. Matt has been privileged to work with and learn from Very Smart People at Fly.io as well as in his previous role as a penetration tester at Matasano Security/NCC group. Matt has a Bachelors and a Masters in Computer Science, is a proud father of twins, attempts woodworking, is a runner and occasional sailor, and serves on the boards of two arts non-profits.
Session
In 2024 Fly.io made a big bet that developers would want access to cloud GPU compute resources. While that bet didn't quite pay off, we spent a lot of time (and money) in finding a way to provide shared customer access to NVIDIA GPU hardware in a secure manner. When the work was done we had a much greater understanding of the risks presented by GPUs, as well as possible mitigations, that may be useful to anyone looking to provide GPU resources to customers.
This lighting talk will include:
* Technical details of the challenges faced in implementing secure GPU access, including why existing NVIDIA GPU virtualization technologies were unsuitable
* An overview of the threats associated with offering shared or virtualized GPU access
* A review the architecture of NVIDIA datacenter-grade GPUs, with focus on security-relevant subsystems
* A dive into PCIe functionality, threats, and mitigations
* The conclusions and recommendations from our security evaluations of the hardware and OS environments