34th USENIX Security Symposium

At the 34th USENIX Security Symposium, NVIDIA presents BlueGuard, a new introspection architecture using a physically isolated Data Processing Unit (DPU) to perform full system introspection of the host system, including VMs running on it. By using a DPU, BlueGuard enables secure inspection of bare-metal systems while leveraging the hardware accelerators available in recent DPUs. Furthermore, the CPU is no longer involved in the introspection, freeing its resources for additional tenant workloads.

The idea of performing introspection of a running system is related to CASTOR, where we will perform runtime introspection of the router nodes. Related to BlueGuard, we are planning to inspect the live memory states of virtual routers running inside VMs to extract evidence for trust assessments. The resulting trust levels serve as the basis for making trusted path routing decisions in CASTOR.