DPU for Cybersecurity: Enabling Inline Defense and  Self-Protection

As conventional CPU-based security architectures struggle to scale with ever-growing network bandwidths and increasingly sophisticated cyberattacks, the Data Processing Unit (DPU) has emerged as a transformative foundation for secure and high-performance computing. This work investigates the DPU's dual role in cybersecurity, serving both as an active security enforcer and as a critical component that must itself be protected. We first introduce the DPU-driven, host-centric Detector for the challenging Remote Direct Memory Access (RDMA) Cache Side-Channel Attack, reducing detection latency by up to 98.7% over the state-of-the-art, enabling defense faster than attack. Recognizing that the DPU also represents a new attack surface, we further propose SNO, the first comprehensive Trusted Execution Environment for heterogeneous FPGA-based Smart Network Interface Cards (SmartNICs). SNO delivers robust, end-to-end protection for tenant-defined hardware functions with negligible performance overhead (<100 ns), minimal resource usage (<4% FPGA Look-Up Tables), and significantly enhanced developer usability, establishing a practical foundation for confidential computing on DPU.