Increasingly, business opportunities available to fabless design teams in the semiconductor industry far exceed those addressable with on-prem compute resources. An attractive option to capture these electronic design automation (EDA) design opportunities is through public cloud bursting. However, security concerns with public cloud bursting arise from having to protect process design kits, third party intellectual property, and new design data for semiconductor devices and chips. One way to address security concerns for public cloud bursting is to leverage confidential containers for EDA workloads. Confidential containers add zero trust computing elements to significantly reduce the probability of intellectual property escapes. A key concern that often follows security discussions is whether EDA workload performance will suffer with confidential computing. In this work we demonstrate a full set of EDA confidential containers and their deployment and characterize performance impacts of confidential elements of the flow including storage and networking. A complete end-to-end confidential container-based EDA workload exhibits 7.13% and 2.05% performance overheads over bare-metal container and VM based solutions, respectively.

翻译：半导体行业中，无晶圆厂设计团队面临的商业机会日益超出其本地计算资源所能处理的范围。利用公共云突发计算能力来捕捉这些电子设计自动化（EDA）设计机遇是一种极具吸引力的选择。然而，公共云突发计算引发的安全担忧主要源于对工艺设计套件、第三方知识产权以及半导体器件与芯片新设计数据的保护需求。应对公共云突发计算安全挑战的一种途径是为EDA工作负载采用机密容器。机密容器通过引入零信任计算要素，能够显著降低知识产权泄露的可能性。安全讨论之后的一个关键关切通常是：采用机密计算是否会影响EDA工作负载的性能。本研究展示了一套完整的EDA机密容器及其部署方案，并对流程中包括存储与网络在内的机密计算要素进行了性能影响评估。基于机密容器的完整端到端EDA工作负载相较于裸机容器和基于虚拟机的解决方案，分别仅产生7.13%和2.05%的性能开销。