Confidential VMs Explained: An Empirical Analysis of AMD SEV-SNP and Intel TDX
Article No.: 36, Pages 1 - 42
Abstract
Confidential computing is gaining traction in the cloud, driven by the increasing security and privacy concerns across various industries. Recent trusted hardware advancements introduce Confidential Virtual Machines (CVMs) to alleviate the programmability and usability challenges of the previously proposed enclave-based trusted computing technologies. CVM hardware extensions facilitate secure, hardware-isolated encrypted VMs, promoting programmability and easier deployment in cloud infrastructures. However, differing microarchitectural features, interfaces, and security properties among hardware vendors complicate the evaluation of CVMs for different use cases. Understanding the performance implications, functional limitations, and security guarantees of CVMs is a crucial step toward their adoption.
This paper presents a detailed empirical analysis of two leading CVM technologies: AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) and Intel Trust Domain Extensions (TDX). We review their microarchitectural components and conduct a thorough performance evaluation across various aspects, including memory management, computational performance, storage and network stacks, and attestation primitives. We further present a security analysis through a trusted computing base (TCB) evaluation and Common Vulnerabilities and Exposures (CVE) analysis. Our key findings demonstrate, among others, the effect of CVMs on boot time, memory management and I/O, and identify inefficiencies in their context switch mechanisms. We further provide insights into the performance implications of CVMs and highlight potential room for improvement.
References
[1]
Martín Abadi, Paul Barham, Jianmin Chen, Zhifeng Chen, Andy Davis, Jeffrey Dean, Matthieu Devin, Sanjay Ghemawat, Geoffrey Irving, Michael Isard, Manjunath Kudlur, Josh Levenberg, Rajat Monga, Sherry Moore, Derek G. Murray, Benoit Steiner, Paul Tucker, Vijay Vasudevan, Pete Warden, Martin Wicke, Yuan Yu, and Xiaoqiang Zheng. 2016. TensorFlow: A System for Large-Scale Machine Learning. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation. USENIX Association. https://www.usenix.org/conference/osdi16/technical-sessions/presentation/abadi
[2]
John Abbott. 2017. Trusting in the CPU: Getting to the Roots of Security. https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/Trusting-in-the-CPU.pdf Retrieved 2024-07--24 from
[3]
Adil Ahmad, Botong Ou, Congyu Liu, Xiaokuan Zhang, and Pedro Fonseca. 2024. VEIL: A Protected Services Framework for Confidential Virtual Machines. In Proceedings of the 29th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM. https://doi.org/10.1145/3623278.3624763
[4]
Ayaz Akram, Venkatesh Akella, Sean Peisert, and Jason Lowe-Power. 2022. SoK: Limitations of Confidential Computing via TEEs for High-Performance Compute Systems. In Proceedings of the 2022 IEEE International Symposium on Secure and Private Execution Environment Design. IEEE. https://doi.org/10.1109/SEED55351.2022.00018
[5]
Ayaz Akram, Anna Giannakou, Venkatesh Akella, Jason Lowe-Power, and Sean Peisert. 2021. Performance Analysis of Scientific Computing Workloads on General Purpose TEEs. In Proceedings of the 2021 IEEE International Parallel and Distributed Processing Symposium. IEEE. https://doi.org/10.1109/IPDPS49936.2021.00115
[6]
Erdem Aktas, Cfir Cohen, Josh Eads, James Forshaw, and Felix Wilhelm. 2023. Intel Trust Domain Extensions (TDX) Security Review April 2023. https://services.google.com/fh/files/misc/intel_tdx_-_full_report_041423.pdf Retrieved 2024-07--24 from
[7]
A K M Mubashwir Alam and Keke Chen. 2023. Making Your Program Oblivious: A Comparative Study for Side-channel-Safe Confidential Computing. In Proceedings of the IEEE 16th International Conference on Cloud Computing. IEEE. https://doi.org/10.1109/CLOUD60044.2023.00040
[8]
AMD. 2013. AMD Security and Server innovation. Presented at 2013 UEFI Spring PlugFest. https://uefi.org/sites/default/files/resources/UEFI_PlugFest_AMD_Security_and_Server_innovation_AMD_March_2013.pdf Retrieved 2024-07--24 from
[9]
AMD. 2017. Protecting VM Register State with SEV-ES. https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/Protecting-VM-Register-State-with-SEV-ES.pdf Retrieved 2024-07--24 from
[10]
AMD. 2020. AMD Secure Encrypted Virtualization API Version 0.24. https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/55766_SEV-KM_API_Specification.pdf Retrieved 2024-07--24 from
[11]
AMD. 2020. AMD SEV-SNP: Strengthening VM Isolation with Integrity Protection and More. https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf Retrieved 2024-07--24 from
[12]
AMD. 2021. AMD Memory Encryption. https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/memory-encryption-white-paper.pdf Retrieved 2024-07--24 from
[13]
AMD. 2022. Confidential Guest Services with Secure VM Service Module on SEV-SNP. https://kvm-forum.qemu.org/2022/SEV-SNP-Confidential-Guest-Services-with-SVSM.pdf Retrieved 2024-07--24 from Presented at KVM Forum 2022.
[14]
AMD. 2022. TECHNICAL GUIDANCE FOR MITIGATING EFFECTS OF CIPHERTEXT VISIBILITY UNDER AMD SEV REVISION 5.10.22. https://www.amd.com/system/files/documents/221404394-a_security_wp_final.pdf Retrieved 2024-07--24 from
[15]
AMD. 2023. AMD SEV-TIO: Trusted I/O for Secure Encrypted Virtualization March 2023. https://www.amd.com/system/files/documents/sev-tio-whitepaper.pdf Retrieved 2024-07--24 from
[16]
AMD. 2023. Secure VM Service Module for SEV-SNP Guests Guest Communication Interface Revision: 1.00. https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf Retrieved 2024-07--24 from
[17]
AMD. 2023. SEV-ES Guest-Hypervisor Communication Block Standardization. https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf Retrieved 2024-07--24 from
[18]
AMD. 2023 d. SEV Secure Nested Paging Firmware ABI Specification Revision: 1.55. https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf Retrieved 2024-07--24 from
[19]
AMD. 2024. AMD64 Architecture Programmer's Manual Volume 2: System Programming Revision 3.42. https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/programmer-references/24593.pdf Retrieved 2024-07--24 from
[20]
AMD. [n.,d.] a. AMD PRO Security. https://www.amd.com/en/technologies/pro-security Retrieved 2024-07--24 from
[21]
AMD. [n.,d.] b. AMD Secure Encrypted Virtualization (SEV). https://www.amd.com/en/developer/sev.html Retrieved 2024-07--24 from
[22]
Sebastian Angel, Aditya Basu, Weidong Cui, Trent Jaeger, Stella Lau, Srinath Setty, and Sudheesh Singanamalla. 2023. Nimble: Rollback Protection for Confidential Cloud Services. In Proceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation. USENIX Association. https://www.usenix.org/conference/osdi23/presentation/angel
[23]
ARM. [n.,d.] a. Arm Confidential Compute Architecture. https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture Retrieved 2024-07--24 from
[24]
ARM. [n.,d.] b. Arm TrustZone for Cortex-M. https://www.arm.com/technologies/trustzone-for-cortex-m Retrieved 2024-07--24 from
[25]
Raad Bahmani, Ferdinand Brasser, Ghada Dessouky, Patrick Jauernig, Matthias Klimmek, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2021. CURE: A Security Architecture with CUstomizable and Resilient Enclaves. In Proceedings of the 30th USENIX Security Symposium. USENIX Association. https://www.usenix.org/conference/usenixsecurity21/presentation/bahmani
[26]
Zijian Bao, Qinghao Wang, Wenbo Shi, Lei Wang, Hong Lei, and Bangdao Chen. 2020. When Blockchain Meets SGX: An Overview, Challenges, and Open Issues. IEEE Access (2020). https://doi.org/10.1109/ACCESS.2020.3024254
[27]
Muli Ben-Yehuda, Michael D. Day, Zvi Dubitzky, Michael Factor, Nadav HartextquoterightEl, Abel Gordon, Anthony Liguori, Orit Wasserman, and Ben-Ami Yassour. 2010. The Turtles Project: Design and Implementation of Nested Virtualization. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation. USENIX Association. https://www.usenix.org/conference/osdi10/turtles-project-design-and-implementation-nested-virtualization
[28]
Stefan Berger, Ramon Caceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doorn. 2006. vTPM: Virtualizing the Trusted Platform Module. In Proceedings of the 15th USENIX Security Symposium. USENIX Association. https://www.usenix.org/conference/15th-usenix-security-symposium/vtpm-virtualizing-trusted-platform-module
[29]
OpenMP Architecture Review Board. [n.,d.]. OPENMP API Specification: Version 5.0 November 2018 -- OMP_WAIT_POLICY. https://www.openmp.org/spec-html/5.0/openmpse55.html Retrieved 2024-07--24 from
[30]
James Bottomley and Brijesh Singh. 2021. Encrypted Virtual Machine Images for Confidential Computing. Presented at KVM Forum 2021. https://research.ibm.com/publications/encrypted-virtual-machine-images-for-confidential-computing Retrieved 2024-07--24 from
[31]
Ferdinand Brasser, David Gens, Patrick Jauernig, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2019. SANCTUARY: ARMing TrustZone with User-space Enclaves. In Proceedings of the 2019 Network and Distributed System Security Symposium. Internet Society. https://www.ndss-symposium.org/ndss-paper/sanctuary-arming-trustzone-with-user-space-enclaves/
[32]
Robert Buhren, Shay Gueron, Jan Nordholz, Jean-Pierre Seifert, and Julian Vetter. 2017. Fault Attacks on Encrypted General Purpose Compute Platforms. In Proceedings of the 7th ACM on Conference on Data and Application Security and Privacy. ACM. https://doi.org/10.1145/3029806.3029836
[33]
Robert Buhren, Christian Werling, and Jean-Pierre Seifert. 2019. Insecure Until Proven Updated: Analyzing AMD SEV's Remote Attestation. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3319535.3354216
[34]
Chia che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In Proceedings of the 2017 USENIX Annual Technical Conference. USENIX Association. https://www.usenix.org/conference/atc17/technical-sessions/presentation/tsai
[35]
Pau-Chen Cheng, Wojciech Ozga, Enriquillo Valdez, Salman Ahmed, Zhongshu Gu, Hani Jamjoom, Hubertus Franke, and James Bottomley. 2024. Intel TDX Demystified: A Top-Down Approach. ACM Comput. Surv. (mar 2024). https://doi.org/10.1145/3652597
[36]
Shekha Chenthara, Khandakar Ahmed, Hua Wang, and Frank Whittaker. 2019. Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing. IEEE Access, Vol. 7 (2019).
[37]
Cfir Cohen, James Forshaw, Jann Horn, and Mark Brand. 2022. AMD Secure Processor for Confidential Computing Security Review May 2022. https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/AMD_GPZ-Technical_Report_FINAL_05_2022.pdf Retrieved 2024-07--24 from
[38]
Lynn Comp. 2021. Microsoft Azure Confidential Computing Powered by 3rd Gen EPYC CPUs -- AMD Community Blog. https://community.amd.com/t5/epyc-processors/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796 Retrieved 2024-07--24 from
[39]
The Confidential Computing Consortium. 2022. Confidential Computing: Hardware-Based Trusted Execution for Applications and Data: November 2022, V1.3. https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/03/CCC_outreach_whitepaper_updated_November_2022.pdf Retrieved 2024-07--24 from
[40]
Jonathan Corbet. 2021. A Firewall for Device Drivers [LWN.net]. https://lwn.net/Articles/865918/ Retrieved 2024-07--24 from
[41]
Jonathan Corbet. [n.,d.]. Guest-first memory for KVM [LWN.net]. https://lwn.net/Articles/949277/ Retrieved 2024-07--24 from
[42]
The MITRE Corporation. [n.,d.]. CVE. https://cve.mitre.org/ Retrieved 2024-07--24 from
[43]
Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In Proceedings of the 25th USENIX Security Symposium. USENIX Association. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/costan
[44]
Nikunj A. Dadhania. 2021. Secure TSC for AMD SEV-SNP Guests. https://lpc.events/event/17/contributions/1525/attachments/1351/2702/Secure%20TSC%20for%20AMD%20SEV-SNP%20guests.pdf Retrieved 2024-07--24 from
[45]
Al Danial. [n.,d.]. CLOC: Count Lines of Code. https://github.com/AlDanial/cloc Retrieved 2024-07--24 from
[46]
Antoine Delignat-Lavaud, Cédric Fournet, Kapil Vaswani, Sylvan Clebsch, Maik Riechert, Manuel Costa, and Mark Russinovich. 2023. Why Should I Trust Your Code? Confidential Computing Enables Users to Authenticate Code Running in TEEs, but Users Also Need Evidence This Code is Trustworthy. Queue, Vol. 21, 4 (2023). https://doi.org/10.1145/3623460
[47]
Sen Deng, Mengyuan Li, Yining Tang, Shuai Wang, Shoumeng Yan, and Yinqian Zhang. 2023. CipherH: Automated Detection of Ciphertext Side-channel Vulnerabilities in Cryptographic Implementations. In Proceedings of the 32nd USENIX Security Symposium. USENIX Association. https://www.usenix.org/conference/usenixsecurity23/presentation/deng-sen
[48]
Yunjie Deng, Chenxu Wang, Shunchang Yu, Shiqing Liu, Zhenyu Ning, Kevin Leach, Jin Li, Shoumeng Yan, Zhengyu He, Jiannong Cao, and Fengwei Zhang. 2022. StrongBox: A GPU TEE on Arm Endpoints. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3548606.3560627
[49]
Asterinas Developers. 2024. Asterinas. https://asterinas.github.io/ Retrieved 2024-07--24 from
[50]
Blender Developers. [n.,d.] a. blender.org - Home of the Blender project - Free and Open 3D Creation Software. https://www.blender.org/ Retrieved 2024-07--24 from
[51]
COCONUT-SVSM Developers. [n.,d.] b. COCONUT Secure VM Service Module. https://github.com/coconut-svsm/svsm Retrieved 2024--10-06 from
[52]
Fio Developers. [n.,d.] c. Flexible I/O Tester. https://github.com/axboe/fio Retrieved 2024-07--24 from
[53]
Linux Kernel Developers. [n.,d.] d. dm-crypt. https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-crypt.html Retrieved 2024-07--24 from
[54]
Linux Kernel Developers. [n.,d.] e. dm-integrity. https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-integrity.html Retrieved 2024-07--24 from
[55]
Linux Kernel Developers. [n.,d.] f. dm-verity. https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html Retrieved 2024-07--24 from
[56]
Linux Kernel Developers. [n.,d.] g. Guest halt polling -- The Linux Kernel Documentation. https://docs.kernel.org/virt/guest-halt-polling.html Retrieved 2024-07--24 from
[57]
Memcached Developers. [n.,d.] h. Memcached - A Distributed Memory Object Caching System. https://www.nginx.com/ Retrieved 2024-07--24 from
[58]
MBW Developers. [n.,d.] i. raas/mbw: Memory Bandwidth Benchmark. https://github.com/raas/mbw Retrieved 2024-07--24 from
[59]
Nginx Developers. [n.,d.] j. Advanced Load Balancer, Web Server, & Reverse Proxy -- NGINX. https://www.nginx.com/ Retrieved 2024-07--24 from
[60]
OVMF Developers. [n.,d.] k. OVMF. https://github.com/tianocore/tianocore.github.io/wiki/OVMF Retrieved 2024-07--24 from
[61]
PyTorch Developers. [n.,d.] l. PyTorch. https://pytorch.org/ Retrieved 2024-07--24 from
[62]
QEMU Developers. [n.,d.] m. Direct Linux Boot. https://www.qemu.org/docs/master/system/linuxboot.html Retrieved 2024-07--24 from
[63]
RamSpeed Developers. [n.,d.] n. cruvolo/ramspeed-smp: RAMspeed/SMP, a Cache and Memory Benchmarking Tool. https://github.com/cruvolo/ramspeed-smp Retrieved 2024-07--24 from
[64]
Redis Developers. [n.,d.] o. memtier_benchmark: A High-Throughput Benchmarking Tool for Redis & Memcached. https://redis.io/blog/memtier_benchmark-a-high-throughput-benchmarking-tool-for-redis-memcached/ Retrieved 2024-07--24 from
[65]
TD-shim Developers. 2024. TD-shim - Confidential Containers Shim Firmware. https://github.com/confidential-containers/td-shim/ Retrieved 2024-07--24 from
[66]
Tinymembench Developers. [n.,d.] p. ssvb/tinymembench: Simple Benchmark for Memory Throughput and Latency. https://github.com/ssvb/tinymembench Retrieved 2024-07--24 from
[67]
TensorFlow Developers. [n.,d.] q. TensorFlow. https://www.tensorflow.org/ Retrieved 2024-07--24 from
[68]
UnixBench developers. [n.,d.]. UnixBench. https://github.com/kdlucas/byte-unixbench Retrieved 2024-07--24 from
[69]
Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. 2019. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. In Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics. Association for Computational Linguistics. https://doi.org/10.18653/v1/N19--1423
[70]
Gobikrishna Dhanuskodi, Sudeshna Guha, Vidhya Krishnan, Aruna Manjunatha, Michael O'Connor, Rob Nertney, and Phil Rogers. 2023. Creating the First Confidential GPUs: The Team at NVIDIA Brings Confidentiality and Integrity to User Code and Data for Accelerated Computing. Queue, Vol. 21, 4 (2023). https://doi.org/10.1145/3623393.3623391
[71]
Baltasar Dinis, Peter Druschel, Rodrigo Rodrigues, and Superior Técnico. 2023. RR: A Fault Model for Efficient TEE Replication. In Proceedings of the 31st Annual Network and Distributed System Security Symposium. Internet Society. https://www.ndss-symposium.org/ndss-paper/rr-a-fault-model-for-efficient-tee-replication/
[72]
NASA Advanced Supercomputing (NAS) Division. [n.,d.]. NAS Parallel Benchmarks. https://www.nas.nasa.gov/software/npb.html Retrieved 2024-07--24 from
[73]
DMTF. [n.,d.]. Security Protocols and Data Models. https://www.dmtf.org/standards/spdm Retrieved 2024-07--24 from
[74]
Tom Dohrmann. 2024. Integrity Protect Workloads with Mushroom. https://fosdem.org/2024/schedule/event/fosdem-2024--2461-integrity-protect-workloads-with-mushroom/ Retrieved 2024-07--24 from
[75]
Dong Du and Bicheng Yang. 2023. Accelerating Extra Dimensional Page Walks for Confidential Computing. In Proceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture. ACM. https://doi.org/10.1145/3613424.3614293
[76]
Xinyang Ge, Hsuan-Chi Kuo, and Weidong Cui. 2022. Hecate: Lifting and Shifting On-Premises Workloads to an Untrusted Cloud. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3548606.3560592
[77]
Peter Gonda. 2022. Using DICE Attestation for SEV and SNP Hardware Rooted Attestation. Presented at Linux Plumbers Conference 2022. https://lpc.events/event/16/contributions/1319/attachments/1117/2144/Plumbers%20CC%20DICE.pdf Retrieved 2024-07--24 from
[78]
Google. 2019. Google Cloud Confidential Computing. https://cloud.google.com/confidential-computing/ Retrieved 2024-07--24 from
[79]
Google. [n.,d.] a. Confidentail Computing | Google Cloud. https://cloud.google.com/security/products/confidential-computing Retrieved 2024-07--24 from
[80]
Google. [n.,d.] b. google/go-tdx-guest: TDX Guest. https://github.com/google/go-tdx-guest Retrieved 2024-07--24 from
[81]
Christian Göttel, Rafael Pires, Isabelly Rocha, Sébastien Vaucher, Pascal Felber, Marcelo Pasin, and Valerio Schiavoni. 2018. Security, Performance and Energy Trade-Offs of Hardware-Assisted Memory Protection Mechanisms. In Proceedings of the 37th Symposium on Reliable Distributed Systems. IEEE. https://doi.org/10.1109/SRDS.2018.00024
[82]
Alibaba Group. [n.,d.]. Build a TDX Confidential Computing Environment -- Elastic Compute Service -- Alibaba Cloud Documentation Center. https://www.alibabacloud.com/help/en/ecs/user-guide/build-a-tdx-confidential-computing-environment Retrieved 2024-07--24 from
[83]
Trusted Computing Group. 2014. TCG EFI Platform Specification For TPM Family 1.1 or 1.2 Specification Version 1.22 Revision 15. https://trustedcomputinggroup.org/wp-content/uploads/TCG_EFI_Platform_1_22_Final_-v15.pdf Retrieved 2024-07--24 from
[84]
Trusted Computing Group. 2018. Hardware Requirements for a Device Identifier Composition Engine Family 2.0 Level 00 Revision 78. https://trustedcomputinggroup.org/wp-content/uploads/Hardware-Requirements-for-Device-Identifier-Composition-Engine-r78_For-Publication.pdf Retrieved 2024-07--24 from
[85]
Roberto Guanciale, Nicolae Paladi, and Arash Vahidi. 2022. SoK: Confidential Quartet - Comparison of Platforms for Virtualization-Based Confidential Computing. In Proceedings of the 2022 IEEE International Symposium on Secure and Private Execution Environment Design. IEEE. https://doi.org/10.1109/SEED55351.2022.00017
[86]
J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. 2008. Lest We Remember: Cold-Boot Attacks on Encryption Keys. In Proceedings of the 17th USENIX Security Symposium. USENIX Association. https://www.usenix.org/conference/17th-usenix-security-symposium/lest-we-remember-cold-boot-attacks-encryption-keys
[87]
Felicitas Hetzelt and Robert Buhren. 2017. Security Analysis of Encrypted Virtual Machines. In Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. ACM. https://doi.org/10.1145/3050748.3050763
[88]
Felicitas Hetzelt, Martin Radev, Robert Buhren, Mathias Morbitzer, and Jean-Pierre Seifert. 2021. VIA: Analyzing Device Interfaces of Protected Virtual Machines. In Proceedings of the 2021 Annual Computer Security Applications Conference. ACM. https://doi.org/10.1145/3485832.3488011
[89]
Benjamin Holmes, Jason Waterman, and Dan Williams. 2024. SEVeriFast: Minimizing the Root of Trust for Fast Startup of SEV microVMs. In Proceedings of the 29th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM. https://doi.org/10.1145/3620665.3640424
[90]
Heidi Howard, Fritz Alder, Edward Ashton, Amaury Chamayou, Sylvan Clebsch, Manuel Costa, Antoine Delignat-Lavaud, Cédric Fournet, Andrew Jeffery, Matthew Kerner, Fotios Kounelis, Markus A. Kuppe, Julien Maffre, Mark Russinovich, and Christoph M. Wintersteiger. 2023. Confidential Consortium Framework: Secure Multiparty Applications with Confidentiality, Integrity, and High Availability. Proc. VLDB Endow., Vol. 17, 2 (2023). https://doi.org/10.14778/3626292.3626304
[91]
Guerney D. H. Hunt, Ramachandra Pai, Michael V. Le, Hani Jamjoom, Sukadev Bhattiprolu, Rick Boivie, Laurent Dufour, Brad Frey, Mohit Kapur, Kenneth A. Goldman, Ryan Grimm, Janani Janakirman, John M. Ludden, Paul Mackerras, Cathy May, Elaine R. Palmer, Bharata Bhasker Rao, Lawrence Roy, William A. Starke, Jeff Stuecheli, Enriquillo Valdez, and Wendel Voigt. 2021. Confidential Computing for OpenPOWER. In Proceedings of the 16th European Conference on Computer Systems. ACM. https://doi.org/10.1145/3447786.3456243
[92]
Tyler Hunt, Zhipeng Jia, Vance Miller, Ariel Szekely, Yige Hu, Christopher J. Rossbach, and Emmett Witchel. 2020. Telekine: Secure Computing with Cloud GPUs. In Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation. USENIX Association. https://www.usenix.org/conference/nsdi20/presentation/hunt
[93]
IBM. 2019. Confidential computing on IBM Cloud. https://www.ibm.com/cloud/confidential-computing Retrieved 2024-07--24 from
[94]
IBM. [n.,d.]. IBM Documentation -- Introducing IBM Secure Execution for Linux. https://www.ibm.com/docs/en/linux-on-systems?topic=virtualization-secure-execution Retrieved 2024-07--24 from
[95]
IETF. [n.,d.]. The Transport Layer Security (TLS) Protocol Version 1.3. https://datatracker.ietf.org/doc/html/rfc8446 Retrieved 2024-07--24 from
[96]
Intel. [n.,d.]. Runtime Integrity Measurement and Attestation in a Trust Domain. https://www.intel.com/content/www/us/en/developer/articles/community/runtime-integrity-measure-and-attest-trust-domain.html Retrieved 2024-07--24 from
[97]
Intel. 2018. Host Firmware Speculative Execution Side Channel Mitigation. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/host-firmware-speculative-side-channel-mitigation.html Retrieved 2024-07--24 from
[98]
Intel. 2022. Guidelines for Mitigating Timing Side Channels Against Cryptographic Implementations. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/mitigate-timing-side-channel-crypto-implementation.html Retrieved 2024-07--24 from
[99]
Intel. 2022. Intel Architecture Memory Encryption Technologies Specification Revision 1.4. https://cdrdv2-public.intel.com/679154/multi-key-total-memory-encryption-spec-1.4.pdf Retrieved 2024-07--24 from
[100]
Intel. 2022. White Paper Intel® Trust Domain Extensions. https://cdrdv2-public.intel.com/690419/TDX-Whitepaper-February2022.pdf Retrieved 2024-07--24 from
[101]
Intel. 2023. Architecture Specification: Intel® Trust Domain Extensions (Intel® TDX) Module Version 1.0. https://cdrdv2.intel.com/v1/dl/getContent/733568 Retrieved 2024-07--24 from
[102]
Intel. 2023. intel/MigTD. https://github.com/intel/MigTD Retrieved 2024-07--24 from
[103]
Intel. 2023. intel/vtpm-td. https://github.com/intel/vtpm-td Retrieved 2024-07--24 from
[104]
Intel. 2023 d. Intel® TDX Connect Architecture Specification March 2023. https://www.intel.com/content/www/us/en/content-details/773614/intel-tdx-connect-architecture-specification.html Retrieved 2024-07--24 from
[105]
Intel. 2023 e. Intel® TDX Module Architecture Application Binary Interface (ABI) Reference Specification. https://www.intel.com/content/www/us/en/content-details/795381/intel-tdx-module-architecture-application-binary-interface-abi-reference-specification.html Retrieved 2024-07--24 from
[106]
Intel. 2023 f. Intel® TDX Module v1.5 TD Partitioning Architecture Specification November 2023. https://www.intel.com/content/www/us/en/content-details/795474/intel-tdx-module-v1--5-td-partitioning-architecture-specification.html Retrieved 2024-07--24 from
[107]
Intel. 2023 g. Performance Considerations of Intel® Trust Domain Extensions on 4th Generation Intel® Xeon® Scalable Processors. https://www.intel.com/content/www/us/en/developer/articles/technical/trust-domain-extensions-on-4th-gen-xeon-processors.html Retrieved 2024-07--24 from
[108]
Intel. [n.,d.] a. Intel Software Guard Extensions. https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/overview.html Retrieved 2024-07--24 from
[109]
Intel. [n.,d.] b. intel/SGXDataCenterAttestationPrimitives -- tdx_attest. https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/main/QuoteGeneration/quote_wrapper/tdx_attest Retrieved 2024-07--24 from
[110]
Intel. [n.,d.] c. Intel® Memory Latency Checker (Intel® MLC). https://www.intel.com/content/www/us/en/download/736633/intel-memory-latency-checker-intel-mlc.html Retrieved 2024-07--24 from
[111]
Intel. [n.,d.] d. Intel® Trust Domain Extension Guest Kernel Hardening Documentation. https://intel.github.io/ccc-linux-guest-hardening-docs/index.html Retrieved 2024-07--24 from
[112]
Intel. [n.,d.] e. Intel® Trust Domain Extensions (Intel TDX). https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html Retrieved 2024-07--24 from
[113]
Intel. [n.,d.] f. Runtime Encryption of Memory with Intel Total Memory Encryption -- Multi-Key (IntelTME-MK). https://www.intel.com/content/www/us/en/developer/articles/news/runtime-encryption-of-memory-with-intel-tme-mk.html Retrieved 2024-07--24 from
[114]
iPerf Developers. [n.,d.]. iPerf - The ultimate speed test tool for TCP, UDP and SCTP. https://iperf.fr/ Retrieved 2024-07--24 from
[115]
Insu Jang, Adrian Tang, Taehoon Kim, Simha Sethumadhavan, and Jaehyuk Huh. 2019. Heterogeneous Isolated Execution for Commodity GPUs. In Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM. https://doi.org/10.1145/3297858.3304021
[116]
Patrick Jauernig, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2020. Trusted Execution Environments: Properties, Applications, and Challenges. IEEE Security & Privacy, Vol. 18, 2 (2020), 56--60.
[117]
Jianyu Jiang, Ji Qi, Tianxiang Shen, Xusheng Chen, Shixiong Zhao, Sen Wang, Li Chen, Gong Zhang, Xiapu Luo, and Heming Cui. 2022. CRONUS: Fault-isolated, Secure and High-performance Heterogeneous Computing for Trusted Execution Environment. In Proceedings of the 55th IEEE/ACM International Symposium on Microarchitecture. IEEE. https://doi.org/10.1109/MICRO56248.2022.00019
[118]
Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping Bits in Memory without Accessing Them: An Experimental Study of DRAM Disturbance Errors. In Proceedings of the 2014 ACM/IEEE 41st International Symposium on Computer Architecture. IEEE. https://doi.org/10.1109/ISCA.2014.6853210
[119]
Thomas Knauth, Michael Steiner, Somnath Chakrabarti, Li Lei, Cedric Xing, and Mona Vij. 2019. Integrating Remote Attestation with Transport Layer Security. arxiv: 1801.05863 [cs.CR] https://arxiv.org/abs/1801.05863
[120]
Alex Krizhevsky, Ilya Sutskever, and Geoffrey E Hinton. 2012. ImageNet Classification with Deep Convolutional Neural Networks. In Proceedings of Advances in Neural Information Processing Systems 25. Curran Associates, Inc. https://papers.nips.cc/paper_files/paper/2012/hash/c399862d3b9d6b76c8436e924a68c45b-Abstract.html
[121]
Dmitrii Kuvaiskii, Dimitrios Stavrakakis, Kailun Qin, Cedric Xing, Pramod Bhatotia, and Mona Vij. 2024. Gramine-TDX: A Lightweight OS Kernel for Confidential VMs. In Proceedings of the 31st ACM Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3658644.3690323
[122]
Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanoviç, and Dawn Song. 2020. Keystone: An Open Framework for Architecting Trusted Execution Environments. In Proceedings of the 15th European Conference on Computer Systems. ACM. https://doi.org/10.1145/3342195.3387532
[123]
Dingji Li, Zeyu Mi, Chenhui Ji, Yifan Tan, Binyu Zang, Haibing Guan, and Haibo Chen. 2023. Bifrost: Analysis and Optimization of Network I/O Tax in Confidential Virtual Machines. In Proceedings of the 2023 USENIX Annual Technical Conference. USENIX Association. https://www.usenix.org/conference/atc23/presentation/li-dingji
[124]
Mengyuan Li, Luca Wilke, Jan Wichelmann, Thomas Eisenbarth, Radu Teodorescu, and Yinqian Zhang. 2022. A Systematic Look at Ciphertext Side Channels on AMD SEV-SNP. In Proceedings of the 43rd IEEE Symposium on Security and Privacy. IEEE. https://doi.org/10.1109/SP46214.2022.9833768
[125]
Mengyuan Li, Yuheng Yang, Guoxing Chen, Mengjia Yan, and Yinqian Zhang. 2024. SoK: Understanding Design Choices and Pitfalls of Trusted Execution Environments. In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3634737.3644993
[126]
Mengyuan Li, Yinqian Zhang, and Zhiqiang Lin. 2021. CrossLine: Breaking "Security-by-Crash" Based Memory Isolation in AMD SEV. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3460120.3485253
[127]
Mengyuan Li, Yinqian Zhang, Zhiqiang Lin, and Yan Solihin. 2019. Exploiting Unprotected I/O Operations in AMDtextquoterights Secure Encrypted Virtualization. In Proceedings of the 28th USENIX Security Symposium. USENIX Association. https://www.usenix.org/conference/usenixsecurity19/presentation/li-mengyuan
[128]
Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, and Yueqiang Cheng. 2021. CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel. In Proceedings of the 30th USENIX Security Symposium. USENIX Association. https://www.usenix.org/conference/usenixsecurity21/presentation/li-mengyuan
[129]
Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, and Yueqiang Cheng. 2021. TLB Poisoning Attacks on AMD Secure Encrypted Virtualization. In Proceedins of the 2021 Annual Computer Security Applications Conference. ACM. https://doi.org/10.1145/3485832.3485876
[130]
Xiaoxuan Lou, Kangjie Chen, Guowen Xu, Han Qiu, Shangwei Guo, and Tianwei Zhang. 2024. Protecting Confidential Virtual Machines from Hardware Performance Counter Side Channels. In Proceedings of the 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. IEEE. https://doi.org/10.1109/DSN58291.2024.00031
[131]
Abhishek Mahalle, Jianming Yong, Xiaohui Tao, and Jun Shen. 2018. Data Privacy and System Security for Banking and Financial Services Industry based on Cloud Computing Infrastructure. In Proceedings of the IEEE 22nd International Conference on Computer Supported Cooperative Work in Design. https://doi.org/10.1109/CSCWD.2018.8465318
[132]
HaoHui Mai, Jiacheng Zhao, Hongren Zheng, Yiyang Zhao, Zibin Liu, Mingyu Gao, Cong Wang, Huimin Cui, Xiaobing Feng, and Christos Kozyrakis. 2023. Honeycomb: Secure and Efficient GPU Executions via Static Validation. In Proceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation. USENIX Association. https://www.usenix.org/conference/osdi23/presentation/mai
[133]
André Martin, Cong Lian, Franz Gregor, Robert Krahn, Valerio Schiavoni, Pascal Felber, and Christof Fetzer. 2021. ADAM-CS: Advanced Asynchronous Monotonic Counter Service. In Proceedings of the 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks. https://doi.org/10.1109/DSN48987.2021.00053
[134]
Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, and Srdjan Capkun. 2017. ROTE: Rollback Protection for Trusted Execution. In Proceedings of the 26th USENIX Security Symposium. USENIX Association. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/matetic
[135]
John D. McCalpin. [n.,d.]. STREAM: Sustainable Memory Bandwidth in High Performance Computers. https://www.cs.virginia.edu/stream/ Retrieved 2024-07--24 from
[136]
Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative Instructions and Software Model for Isolated Execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM. https://doi.org/10.1145/2487726.2488368
[137]
Phoronix Media. [n.,d.] a. CacheBench Benchmark -- OpenBenchmarking.org. https://openbenchmarking.org/test/pts/cachebench Retrieved 2024-07--24 from
[138]
Phoronix Media. [n.,d.] b. Memory Test Suite Test Suite Collection -- OpenBenchmarking.org. https://openbenchmarking.org/suite/pts/memory Retrieved 2024-07--24 from
[139]
Phoronix Media. [n.,d.] c. Phoronix Test Suite -- Linux Testing & Benchmarking Platform, Automated Testing, Open-Source Benchmarking. https://www.phoronix-test-suite.com/ Retrieved 2024-07--24 from
[140]
Benshan Mei, Saisai Xia, Wenhao Wang, and Dongdai Lin. 2024. Cabin: Confining Untrusted Programs within Confidential VMs. In Proceedings of the 26th International Conference on Information and Communications Security. Springer Nature Singapore.
[141]
Jämes Ménétrey, Christian Göttel, Anum Khurshid, Marcelo Pasin, Pascal Felber, Valerio Schiavoni, and Shahid Raza. 2022. Attestation Mechanisms for Trusted Execution Environments Demystified. In Proceedings of the 2022 Distributed Applications and Interoperable Systems. Springer International Publishing. https://doi.org/10.1007/978--3-031--16092--9_7
[142]
Ralph C. Merkle. 1988. A Digital Signature Based on a Conventional Encryption Function. In Advances in Cryptology -- CRYPTO '87. Springer Berlin Heidelberg, Berlin, Heidelberg.
[143]
Microsoft. 2019. Azure Confidential Computing. https://azure.microsoft.com/en-us/solutions/confidential-compute Retrieved 2024-07--24 from
[144]
Microsoft. 2023. Virtual TPMs in Azure confidential VMs. https://learn.microsoft.com/en-us/azure/confidential-comp Retrieved 2024-07--24 from
[145]
Microsoft. [n.,d.]. Common Azure confidential computing scenarios and use cases | Microsoft Learn. https://learn.microsoft.com/en-us/azure/confidential-computing/use-cases-scenarios Retrieved 2024-07--24 from
[146]
Masanori Misono, Toshiki Hatanaka, and Takahiro Shinagawa. 2022. DMAFV: Testing Device Drivers against DMA Faults. In Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing. ACM. https://doi.org/10.1145/3477314.3507082
[147]
Masanori Misono, Masahiro Ogino, Takaaki Fukai, and Takahiro Shinagawa. 2018. FaultVisor2: Testing Hypervisor Device Drivers Against Real Hardware Failures. In Proceedings of the 2018 IEEE International Conference on Cloud Computing Technology and Science. IEEE. https://doi.org/10.1109/CloudCom2018.2018.00048
[148]
Fan Mo, Zahra Tarkhani, and Hamed Haddadi. 2024. Machine Learning with Confidential Computing: A Systematization of Knowledge. ACM Comput. Surv., Vol. 56, 11 (2024).
[149]
Saeid Mofrad, Fengwei Zhang, Shiyong Lu, and Weidong Shi. 2018. A Comparison Study of Intel SGX and AMD Memory Encryption Technology. In Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy. ACM. https://doi.org/10.1145/3214292.3214301
[150]
Apoorve Mohan, Mengmei Ye, Hubertus Franke, Mudhakar Srivatsa, Zhuoran Liu, and Nelson Mimura Gonzalez. 2024. Securing AI Inference in the Cloud: Is CPU-GPU Confidential Computing Ready?. In Proceedings of the IEEE 17th International Conference on Cloud Computing. IEEE. https://doi.org/10.1109/CLOUD62652.2024.00028
[151]
Mathias Morbitzer, Manuel Huber, Julian Horsch, and Sascha Wessel. 2018. SEVered: Subverting AMD's Virtual Machine Encryption. In Proceedings of the 11th European Workshop on Systems Security. ACM. https://doi.org/10.1145/3193111.3193112
[152]
Mathias Morbitzer, Sergej Proskurin, Martin Radev, Marko Dorfhuber, and Erick Quintanar Salas. 2021. SEVerity: Code Injection Attacks against Encrypted Virtual Machines. In Proceedings of the 2021 IEEE Security and Privacy Workshops. https://doi.org/10.1109/SPW53761.2021.00063
[153]
Dov Murik. 2023. [edk2-devel] [PATCH v3 0/2] OvmfPkg: Enable Measured Direct Boot on AMD SEV-SNP. https://patchew.org/EDK2/[email protected]/ Retrieved 2024-07--24 from
[154]
Dov Murik and Hubertus Franke. 2021. Securing Linux VM Boot with AMD SEV Measurement. Presented at KVM Forum 2021. https://kvmforum2021.sched.com/event/ke4h/securing-linux-vm-boot-with-amd-sev-measurement-dov-murik-hubertus-franke-ibm-research Retrieved 2024-07--24 from
[155]
Vikram Narayanan, Claudio Carvalho, Angelo Ruocco, Gheorghe Almasi, James Bottomley, Mengmei Ye, Tobin Feldman-Fitzthum, Daniele Buono, Hubertus Franke, and Anton Burtsev. 2023. Remote Attestation of Confidential VMs Using Ephemeral vTPMs. In Proceedings of the 2023 Annual Computer Security Applications Conference. ACM. https://doi.org/10.1145/3627106.3627112
[156]
Jianyu Niu, Wei Peng, Xiaokuan Zhang, and Yinqian Zhang. 2022. NARRATOR: Secure and Practical State Continuity for Trusted Execution in the Cloud. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3548606.3560620
[157]
OASIS Open. [n.,d.]. Virtual I/O Device (VIRTIO) Version 1.2. https://docs.oasis-open.org/virtio/virtio/v1.2/csd01/virtio-v1.2-csd01.html Retrieved 2024-07--24 from
[158]
Oracle. 2019. Oracle Cloud Infrastructure Documentation -- Confidential Computing. https://docs.oracle.com/en-us/iaas/Content/Compute/References/confidential_compute.htm Retrieved 2024-07--24 from
[159]
Wojciech Ozga, Guerney D. H. Hunt, Michael V. Le, Elaine R. Palmer, and Avraham Shinnar. 2023. Towards a Formally Verified Security Monitor for VM-Based Confidential Computing. In Proceedings of the 12th International Workshop on Hardware and Architectural Support for Security and Privacy. ACM. https://doi.org/10.1145/3623652.3623668
[160]
Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, Alban Desmaison, Andreas Kopf, Edward Yang, Zachary DeVito, Martin Raison, Alykhan Tejani, Sasank Chilamkurthy, Benoit Steiner, Lu Fang, Junjie Bai, and Soumith Chintala. 2019. PyTorch: An Imperative Style, High-Performance Deep Learning Library. In Proceedings of the Advances in Neural Information Processing Systems 32. Curran Associates, Inc. https://papers.neurips.cc/paper_files/paper/2019/hash/bdbca288fee7f92f2bfa9f7012727740-Abstract.html
[161]
PCI-SIG. 2020. Integrity and Data Encryption (IDE) ECN Deep Dive. https://pcisig.com/sites/default/files/files/PCIe%20Security%20Webinar_Aug%202020_PDF.pdf Retrieved 2024-07--24 from
[162]
PCI-SIG. 2022. TEE Device Interface Security Protocol (TDISP) Specification Revision 5.x. https://pcisig.com/tee-device-interface-security-protocol-tdisp Retrieved 2024-07--24 from
[163]
Joana Pecholt and Sascha Wessel. 2022. CoCoTPM: Trusted Platform Modules for Virtual Machines in Confidential Computing Environments. In Proceedings of the 38th Annual Computer Security Applications Conference. ACM. https://doi.org/10.1145/3564625.3564648
[164]
Caroline Perez-Vargas. 2023. Confidential VMs on Azure. https://techcommunity.microsoft.com/t5/windows-os-platform-blog/confidential-vms-on-azure/ba-p/3836282 Retrieved 2024-07--24 from
[165]
Lina Qiu, Rebecca Taft, Alexander Shraer, and George Kollios. 2024. The Price of Privacy: A Performance Study of Confidential Virtual Machines for Database Systems. In Proceedings of the 20th International Workshop on Data Management on New Hardware. ACM. https://doi.org/10.1145/3662010.3663440
[166]
Martin Radev and Mathias Morbitzer. 2021. Exploiting Interfaces of Secure Encrypted Virtual Machines. In Proceedings of the 2021 Reversing and Offensive-Oriented Trends Symposium. ACM. https://doi.org/10.1145/3433667.3433668
[167]
Pranav Rajpurkar, Jian Zhang, Konstantin Lopyrev, and Percy Liang. 2016. SQuAD: 100,000 Questions for Machine Comprehension of Text. In Proceedings of the 2016 Conference on Empirical Methods in Natural Language Processing. Association for Computational Linguistics. https://doi.org/10.18653/v1/D16--1264
[168]
Mark Russinovich. [n.,d.]. Azure AI Confidential Inferencing: Technical Deep-Dive. https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-ai-confidential-inferencing-technical-deep-dive/ba-p/4253150 Retrieved 2024--10-06 from
[169]
Marta Rybczy'nska. 2019. Bounce Buffers for Untrusted Devices [LWN.net]. https://lwn.net/Articles/786558/ Retrieved 2024-07--24 from
[170]
Marta Rybczy'nska. 2021. Hardening VirtIO [LWN.net]. https://lwn.net/Articles/865216/ Retrieved 2024-07--24 from
[171]
Ravi Sahita, Dror Caspi, Barry Huntley, Vincent Scarlata, Baruch Chaikin, Siddhartha Chhabra, Arie Aharon, and Ido Ouziel. 2021. Security Analysis of Confidential-compute Instruction Set Architecture for Virtualized Workloads. In Proceedings of the 2021 International Symposium on Secure and Private Execution Environment Design. IEEE Computer Society. https://doi.org/10.1109/SEED51797.2021.00024
[172]
Ravi Sahita, Vedvyas Shanbhogue, Andrew Bresticker, Atul Khare, Atish Patra, Samuel Ortiz, Dylan Reid, and Rajnesh Kanwal. 2023. CoVE: Towards Confidential Computing on RISC-V Platforms. In Proceedings of the 20th ACM International Conference on Computing Frontiers. ACM. https://doi.org/10.1145/3587135.3592168
[173]
Muhammad Usama Sardar, Saidgani Musaev, and Christof Fetzer. 2021. Demystifying Attestation in Intel Trust Domain Extensions via Formal Verification. IEEE Access, Vol. 9 (2021). https://doi.org/10.1109/ACCESS.2021.3087421
[174]
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde. 2024. WESEE: Using Malicious #VC Interrupts to Break AMD SEV-SNP. In Proceedings of the 45rd IEEE Symposium on Security and Privacy. IEEE. https://doi.org/10.1109/SP54263.2024.00262
[175]
Benedict Schlüter, Supraja Sridhara, Mark Kuhne, Andrin Bertschi, and Shweta Shinde. 2024. HECKLER: Breaking Confidential VMs with Malicious Interrupts. In Proceedings of the 33rd USENIX Security Symposium. USENIX Association. https://www.usenix.org/conference/usenixsecurity24/presentation/schl%C3%BCter
[176]
Carlos Segarra, Tobin Feldman-Fitzthum, Daniele Buono, and Peter Pietzuch. 2024. Serverless Confidential Containers: Challenges and Opportunities. In Proceedings of the 2nd Workshop on SErverless Systems, Applications and MEthodologies. ACM. https://doi.org/10.1145/3642977.3652097
[177]
Amazon Web Services. 2019. AMD SEV-SNP - Amazon Elastic Compute Cloud. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html Retrieved 2024-07--24 from
[178]
Kripa Shanker, Arun Joseph, and Vinod Ganapathy. 2020. An Evaluation of Methods to Port Legacy Code to SGX Enclaves. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM, New York, NY, USA. https://doi.org/10.1145/3368089.3409726
[179]
Satoru Takekoshi, Takahiro Shinagawa, and Kazuhiko Kato. 2016. Testing Device Drivers against Hardware Failures in Real Environmentsi. In Proceedings of the 31st Annual ACM Symposium on Applied Computing. ACM. https://doi.org/10.1145/2851613.2851740
[180]
Michael S. Tsirkin and Stefan Hanjnoczi. 2023. Trust, Confidentiality, and Hardening The VirtIO Lessons. https://vmsplice.net/ stefan/stefanha-lpc-2023.pdf Retrieved 2024-07--24 from
[181]
Dalton Cézane Gomes Valadares, Newton Carlos Will, Marco Aurélio Spohn, Danilo Freire de Souza Santos, Angelo Perkusich, and Kyller Costa Gorgônio. 2022. Confidential Computing in Cloud/fog-based Internet of Things Scenarios. Internet of Things, Vol. 19 (2022).
[182]
VirTEE. [n.,d.]. virtee/snpguest: A CLI tool for interacting with SEV-SNP guest environment Resources. https://github.com/virtee/snpguest Retrieved 2024-07--24 from
[183]
Stavros Volos, Kapil Vaswani, and Rodrigo Bruno. 2018. Graviton: Trusted Execution Environments on GPUs. In Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation. USENIX Association. https://www.usenix.org/conference/osdi18/presentation/volos
[184]
Pengfei Wang, Jens Krinke, Kai Lu, Gen Li, and Steve Dodier-Lazaro. 2017. How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel. In Proceedings of the 26th USENIX Security Symposium. USENIX Association. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-pengfei
[185]
Qifan Wang and David Oswald. 2024. Confidential Computing on Heterogeneous CPU-GPU Systems: Survey and Future Directions. arxiv: 2408.11601 [cs.CR] https://arxiv.org/abs/2408.11601
[186]
Wubing Wang, Mengyuan Li, Yinqian Zhang, and Zhiqiang Lin. 2023. PwrLeak: Exploiting Power Reporting Interface for Side-Channel Attacks on AMD SEV. In Proceedings of the 20th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer-Verlag. https://doi.org/10.1007/978--3-031--35504--2_3
[187]
Ofir Weisse, Valeria Bertacco, and Todd Austin. 2017. Regaining Lost Cycles with HotCalls: A Fast Interface for SGX Secure Enclaves. In Proceedings of the 44th Annual International Symposium on Computer Architecture. ACM. https://doi.org/10.1145/3079856.3080208
[188]
Jan Werner, Joshua Mason, Manos Antonakakis, Michalis Polychronakis, and Fabian Monrose. 2019. The SEVerESt Of Them All: Inference Attacks Against Secure Virtual Enclaves. In Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3321705.3329820
[189]
Jan Wichelmann, Anna Pätschke, Luca Wilke, and Thomas Eisenbarth. 2023. Cipherfix: Mitigating Ciphertext Side-Channel Attacks in Software. In Proceedings of the 32nd USENIX Security Symposium. USENIX Association. https://www.usenix.org/conference/usenixsecurity23/presentation/wichelmann
[190]
Luca Wilke, Jan Wichelmann, Mathias Morbitzer, and Thomas Eisenbarth. 2020. SEVurity: No Security Without Integrity : Breaking Integrity-Free Memory Encryption with Minimal Assumptions. In Proceedings of the 41st IEEE Symposium on Security and Privacy. IEEE. https://doi.org/10.1109/SP40000.2020.00080
[191]
Luca Wilke, Jan Wichelmann, Florian Sieck, and Thomas Eisenbarth. 2021. undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation. In Proceedings of the 2021 IEEE Security and Privacy Workshops. IEEE Computer Society. https://doi.org/10.1109/SPW53761.2021.00064
[192]
Newton C. Will and Carlos A. Maziero. 2023. Intel Software Guard Extensions Applications: A Survey. ACM Comput. Surv., Vol. 55, 14s (2023). https://doi.org/10.1145/3593021
[193]
Hasini Witharana, Debapriya Chatterjee, and Prabhat Mishra. 2024. Verifying Memory Confidentiality and Integrity of Intel TDX Trusted Execution Environments. In Proceedings of the 2024 IEEE International Symposium on Hardware Oriented Security and Trust. IEEE Computer Society. https://doi.org/10.1109/HOST55342.2024.10545349
[194]
wrk Developers. [n.,d.]. wg/wrk: Modern HTTP Benchmarking Tool. https://github.com/wg/wrk Retrieved 2024-07--24 from
[195]
Rafael J. Wysocki. [n.,d.]. CPU Idle Time Management -- The Linux Kernel Documentation. https://www.kernel.org/doc/html/v6.8/admin-guide/pm/cpuidle.html Retrieved 2024-07--24 from
[196]
Mingjie Yan and Kartik Gopalan. 2023. Performance Overheads of Confidential Virtual Machines. In Proceedings of the 31st International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems. IEEE. https://doi.org/10.1109/MASCOTS59514.2023.10387607
[197]
Jason Zhijingcheng Yu, Shweta Shinde, Trevor E. Carlson, and Prateek Saxena. 2022. Elasticlave: An Efficient Memory Model for Enclaves. In Proceedings of the 31st USENIX Security Symposium. USENIX Association. https://www.usenix.org/conference/usenixsecurity22/presentation/yu-jason
[198]
Ardhi Wiratama Baskara Yudha, Jake Meyer, Shougang Yuan, Huiyang Zhou, and Yan Solihin. 2022. LITE: a Low-cost Practical Inter-operable GPU TEE. In Proceedings of the 36th ACM International Conference on Supercomputing. ACM. https://doi.org/10.1145/3524059.3532361
[199]
Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, and Michael Schwarz. 2024. CacheWarp: Software-based Fault Injection using Selective State Reset. In Proceedings of the 33rd USENIX Security Symposium. USENIX Association. https://www.usenix.org/conference/usenixsecurity24/presentation/zhang-ruiyi
[200]
Rui Zhang and Ling Liu. 2010. Security Models and Requirements for Healthcare Application Clouds. In Proceedings of the IEEE 3rd International Conference on Cloud Computing. https://doi.org/10.1109/CLOUD.2010.62
[201]
Jianping Zhu, Rui Hou, XiaoFeng Wang, Wenhao Wang, Jiangfeng Cao, Boyan Zhao, Zhongpu Wang, Yuhui Zhang, Jiameng Ying, Lixin Zhang, and Dan Meng. 2020. Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment. In Proceedings of the 41st IEEE Symposium on Security and Privacy. IEEE. https://doi.org/10.1109/SP40000.2020.00054
Index Terms
- Confidential VMs Explained: An Empirical Analysis of AMD SEV-SNP and Intel TDX
Recommendations
Gramine-TDX: A Lightweight OS Kernel for Confidential VMs
CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications SecurityWhile Confidential Virtual Machines (CVMs) have emerged as a prominent way for hardware-assisted confidential computing, their primary usage is not suitable for small, specialized, security-critical workloads, i.e., legacy VMs with their conventional OS ...
Multi-Platform and Vault-Free Attestation of Confidential VMs
LADC '24: Proceedings of the 13th Latin-American Symposium on Dependable and Secure ComputingConfidential virtual machine (CVM) offers are increasing among most cloud providers and provide additional confidentiality and integrity features. Nevertheless, performing remote attestation of CVMs is not trivial. The integrity and confidentiality ...
Trustworthy confidential virtual machines for the masses
Middleware '23: Proceedings of the 24th International Middleware ConferenceConfidential computing alleviates the concerns of distrustful customers by removing the cloud provider from their trusted computing base and resolves their disincentive to migrate their workloads to the cloud. This is facilitated by new hardware ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
December 2024
588 pages
EISSN:2476-1249
DOI:10.1145/3708555
- Editors:
- John C.S. Lui,
- Leana Golubchik,
- Zhi-Li Zhang
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 13 December 2024
Published in POMACS Volume 8, Issue 3
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- European Research Council
- IAPMEI
- Fundação para a Ciência e Tecnologia
- HORIZON EUROPE Framework Programme
- Federal Ministry of Education and Research of Germany
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 24Total Downloads
- Downloads (Last 12 months)24
- Downloads (Last 6 weeks)24
Reflects downloads up to 14 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in