NestedSGX: Bootstrapping Trust to Enclaves within Confidential VMs
CoRR(2024)
摘要
Integrity is critical for maintaining system security, as it ensures that
only genuine software is loaded onto a machine. Although confidential virtual
machines (CVMs) function within isolated environments separate from the host,
it is important to recognize that users still encounter challenges in
maintaining control over the integrity of the code running within the trusted
execution environments (TEEs). The presence of a sophisticated operating system
(OS) raises the possibility of dynamically creating and executing any code,
making user applications within TEEs vulnerable to interference or tampering if
the guest OS is compromised. This paper introduces NestedSGX, which leverages
virtual machine privilege level (VMPL), a recent hardware feature available on
AMD SEV-SNP to enable the creation of hardware enclaves within the guest VM.
Similar to Intel SGX, NestedSGX considers the guest OS untrusted for loading
potentially malicious code. It ensures that only trusted and measured code
executed within the enclave can be remotely attested. To seamlessly protect
existing applications, NestedSGX aims for compatibility with Intel SGX by
simulating SGX leaf functions. We have also ported the SGX SDK to NestedSGX,
enabling the use of existing SGX toolchains and applications in the system.
Performance evaluations show that context switches in NestedSGX take about
35,000-37,000 cycles, approximately 2-3 times that of Intel SGX. NestedSGX
incurs minimal overhead in most real-world applications, with an average
overhead below 5
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要