NDSS 2025 – Blindfold: Confidential Memory Management By Untrusted Operating System
嗯,用户让我总结一篇文章的内容,控制在一百个字以内,而且不需要特定的开头。首先,我需要仔细阅读文章内容,抓住主要信息。
文章标题是“Blindfold: Confidential Memory Management by Untrusted Operating System”,作者来自耶鲁大学。看起来这是一篇关于可信计算的文章。摘要部分提到现有的解决方案隐藏或加密内存,但导致操作系统无法优化内存或使TCB复杂化。Blindfold通过Guardian组件来管理内存访问,使用切换页表和中断表的方法,还有轻量级的能力系统和安全ABI。测试结果表明Blindfold的TCB更小,性能也不错,并且Linux内核除了内存压缩外都能正常工作,修改量不大。
所以,总结时要包括Blindfold的设计目标、主要技术手段以及实验结果。确保在100字以内,语言简洁明了。
</think>
该研究提出了一种名为Blindfold的可信计算设计,通过小型可信组件Guardian管理内存访问和异常处理,并结合轻量级能力系统和安全ABI,在不加密的情况下实现内存保密性。实验表明该方案具有较小的TCB和良好性能,并支持Linux内核的大部分内存优化功能。
2025-12-17 20:0:0
Author: securityboulevard.com(查看原文)
阅读量:1
收藏
Session 6B: Confidential Computing 1
Authors, Creators & Presenters: Caihua Li (Yale University), Seung-seob Lee (Yale University), Lin Zhong (Yale University)
PAPER
Blindfold: Confidential Memory Management by Untrusted Operating System
Confidential Computing (CC) has received increasing attention in recent years as a mechanism to protect user data from untrusted operating systems (OSes). Existing CC solutions hide confidential memory from the OS and/or encrypt it to achieve confidentiality. In doing so, they render OS memory optimization unusable or complicate the trusted computing base (TCB) required for optimization. This paper presents our results toward overcoming these limitations, synthesized in a CC design named Blindfold. Like many other CC solutions, Blindfold relies on a small trusted software component running at a higher privilege level than the kernel, called Guardian. It features three techniques that can enhance existing CC solutions. First, instead of nesting page tables, Blindfold’s Guardian mediates how the OS accesses memory and handles exceptions by switching page and interrupt tables. Second, Blindfold employs a lightweight capability system to regulate the OS’s semantic access to user memory, unifying case-by-case approaches in previous work. Finally, Blindfold provides carefully designed secure ABI for confidential memory management without encryption. We report an implementation of Blindfold that works on ARMv8-A/Linux. Using Blindfold’s prototype, we are able to evaluate the cost of enabling confidential memory management by the untrusted Linux kernel. We show Blindfold has a smaller runtime TCB than related systems and enjoys competitive performance. More importantly, we show that the Linux kernel, including all of its memory optimizations except memory compression, can function properly for confidential memory. This requires only about 400 lines of kernel modifications.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
