NDSS 2025 – The Road To Trust: Building Enclaves Within Confidential VMs
NDSS 2025 – The Road To Trust: Building Enclaves Within Confidential VMs
Session 7B: Trusted Hardware and Execution
Authors, Creators & Presenters: Wenhao Wang (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,
SoftBank expands AI infrastructure ambitions with $4B DigitalBridge acquisition
NDSS 2025 – The Road To Trust: Building Enclaves Within Confidential VMs
Session 7B: Trusted Hardware and Execution
Authors, Creators & Presenters: Wenhao Wang (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Linke Song (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Benshan Mei (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Shuang Liu (Ant Group), Shijun Zhao (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Shoumeng Yan (Ant Group), XiaoFeng Wang (Indiana University Bloomington), Dan Meng (Institute of Information Engineering, CAS), Rui Hou (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS)
PAPERThe Road to Trust: Building Enclaves within Confidential VMs
Integrity is critical for maintaining system security, as it ensures that only genuine software is loaded onto a machine. Although confidential virtual machines (CVMs) function within isolated environments separate from the host, it is important to recognize that users still encounter challenges in maintaining control over the integrity of the code running within the trusted execution environments (TEEs). The presence of a sophisticated operating system (OS) raises the possibility of dynamically creating and executing any code, making user applications within TEEs vulnerable to interference or tampering if the guest OS is compromised. To address this issue, this paper introduces NestedSGX, a framework which leverages virtual machine privilege level (VMPL), a recent hardware feature available on AMD SEV-SNP to enable the creation of hardware enclaves within the guest VM. Similar to Intel SGX, NestedSGX considers the guest OS untrusted for loading potentially malicious code. It ensures that only trusted and measured code executed within the enclave can be remotely attested. To seamlessly protect existing applications, NestedSGX aims for compatibility with Intel SGX by simulating SGX leaf functions. We have also ported the SGX SDK and the Occlum library OS to NestedSGX, enabling the use of existing SGX toolchains and applications in the system. Performance evaluations show that context switches in NestedSGX take about 32,000 — 34,000 cycles, approximately 1.9 times — 2.1 times higher than that of Intel SGX. NestedSGX incurs minimal overhead in most real-world applications, with an average overhead below 2% for computation and memory intensive workloads and below 15.68% for I/O intensive workloads.
ABOUT NDSSThe Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations’ YouTube Channel.
Permalink
*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/IHvQy6qPFe8?si=Y-E5CA2sAonSPmfd
About Author
