English
Related papers

Related papers: Cabin: Confining Untrusted Programs within Confide…

200 papers

Confidential Computing (CC) has received increasing attention in recent years as a mechanism to protect user data from untrusted operating systems (OSes). Existing CC solutions hide confidential memory from the OS and/or encrypt it to…

Cryptography and Security · Computer Science 2024-12-06 Caihua Li , Seung-seob Lee , Lin Zhong

Protected user-level libraries have been proposed as a way to allow mutually distrusting applications to safely share kernel-bypass services. In this paper, we identify and solve several previously unaddressed obstacles to realizing this…

Operating Systems · Computer Science 2025-09-04 Alan Beadle , Michael L. Scott , John Criswell

AMD's Secure Encrypted Virtualization (SEV) is an emerging security feature on AMD processors that allows virtual machines to run on encrypted memory and perform confidential computing even with an untrusted hypervisor. This paper first…

Cryptography and Security · Computer Science 2022-04-01 Mengyuan Li , Yinqian Zhang , Zhiqiang Lin

The eBPF framework enables execution of user-provided code in the Linux kernel. In the last few years, a large ecosystem of cloud services has leveraged eBPF to enhance container security, system observability, and network management.…

Cryptography and Security · Computer Science 2024-09-13 Soo Yee Lim , Tanya Prasad , Xueyuan Han , Thomas Pasquier

Cloud computing has emerged as a corner stone of today's computing landscape. More and more customers who outsource their infrastructure benefit from the manageability, scalability and cost saving that come with cloud computing. Those…

Cryptography and Security · Computer Science 2022-05-13 Ferdinand Brasser , Patrick Jauernig , Frederik Pustelnik , Ahmad-Reza Sadeghi , Emmanuel Stapf

The kernels of operating systems such as Windows, Linux, and MacOS are vulnerable to control-flow hijacking. Defenses exist, but many require efficient intra-address-space isolation. Execute-only memory, for example, requires read…

Cryptography and Security · Computer Science 2021-08-04 Spyridoula Gravani , Mohammad Hedayati , John Criswell , Michael L. Scott

Confidential Virtual Machines (CVMs) are increasingly adopted to protect sensitive workloads from privileged adversaries such as the hypervisor. While they provide strong isolation guarantees, existing CVM architectures lack first-class…

Cryptography and Security · Computer Science 2026-05-07 Sina Abdollahi , Amir Al Sadi , David Kotz , Marios Kogias , Hamed Haddadi

AMD Secure Encrypted Virtualization technologies enable confidential computing by protecting virtual machines from highly privileged software such as hypervisors. In this work, we develop the first, comprehensive symbolic model of the…

Cryptography and Security · Computer Science 2025-01-13 Petar Paradžik , Ante Derek , Marko Horvat

Secure container runtimes serve as the foundational layer for creating and running containers, which is the bedrock of emerging computing paradigms like microservices and serverless computing. Although existing secure container runtimes…

Networking and Internet Architecture · Computer Science 2023-10-10 Chenxingyu Zhao , Yulin Sun , Ying Xiong , Arvind Krishnamurthy

Secure containers isolate each container with its own kernel, mitigating shared-kernel attacks prevalent in traditional container systems. However, existing designs still face a fundamental isolation--performance trade-off. Nested-cloud…

Operating Systems · Computer Science 2026-05-21 Yiyang Wu , Xunjie Wang , Jinyu Gu , Haibo Chen

Since its debut, SGX has been used in many applications, e.g., secure data processing. However, previous systems usually assume a trusted enclave and ignore the security issues caused by an untrusted enclave. For instance, a vulnerable (or…

Cryptography and Security · Computer Science 2020-10-26 Yuan Chen , Jiaqi Li , Guorui Xu , Yajin Zhou , Zhi Wang , Cong Wang , Kui Ren

The growth of cloud computing has revolutionized data processing and storage capacities to another levels of scalability and flexibility. But in the process, it has created a huge challenge of security, especially in terms of safeguarding…

Cryptography and Security · Computer Science 2025-11-07 Dhruv Deepak Agarwal , Aswani Kumar Cherukuri

AMD SEV is a hardware extension for main memory encryption on multi-tenant systems. SEV uses an on-chip coprocessor, the AMD Secure Processor, to transparently encrypt virtual machine memory with individual, ephemeral keys never leaving the…

Cryptography and Security · Computer Science 2019-01-08 Mathias Morbitzer , Manuel Huber , Julian Horsch

Confidential computing in the public cloud intends to safeguard workload privacy while outsourcing infrastructure management to a cloud provider. This is achieved by executing customer workloads within so called Trusted Execution…

Container-based technologies empower cloud tenants to develop highly portable software and deploy services in the cloud at a rapid pace. Cloud privacy, meanwhile, is important as a large number of container deployments operate on…

Cryptography and Security · Computer Science 2023-03-08 Matthew A. Johnson , Stavros Volos , Ken Gordon , Sean T. Allen , Christoph M. Wintersteiger , Sylvan Clebsch , John Starks , Manuel Costa

Both AMD and Intel have presented technologies for confidential computing in cloud environments. The proposed solutions - AMD SEV (-ES, -SNP) and Intel TDX - protect Virtual Machines (VMs) against attacks from higher privileged layers…

Cryptography and Security · Computer Science 2021-09-23 Felicitas Hetzelt , Martin Radev , Robert Buhren , Mathias Morbitzer , Jean-Pierre Seifert

This paper presents C8s, a confidential computing architecture for Kubernetes that provides cryptographically rooted confidentiality, integrity, and verifiability guarantees for Kubernetes clusters from infrastructure operators. These…

Cryptography and Security · Computer Science 2026-05-01 Amean Asad , Patrick McClurg , João Andrade

Trust is of paramount concern for tenants to deploy their security-sensitive services in the cloud. The integrity of VMs in which these services are deployed needs to be ensured even in the presence of powerful adversaries with…

Cryptography and Security · Computer Science 2021-07-07 Wojciech Ozga , Do Le Quoc , Christof Fetzer

Arm Confidential Computing Architecture (CCA) currently isolates at the granularity of an entire Confidential Virtual Machine (CVM), leaving intra-VM bugs such as Heartbleed unmitigated. The state-of-the-art narrows this to the process…

Cryptography and Security · Computer Science 2025-06-10 Shiqi Liu , Yongpeng Gao , Mingyang Zhang , Jie Wang

The Virtual Machine (VM)-based Trusted-Execution-Environment (TEE) technology, like AMD Secure-Encrypted-Virtualization (SEV), enables the establishment of Confidential VMs (CVMs) to protect data privacy. But CVM lacks ways to provide the…

Cryptography and Security · Computer Science 2024-05-03 Jingkai Mao , Haoran Zhu , Junchao Fan , Lin Li , Xiaolin Chang