NDSS 2025 – The Road To Trust: Building Enclaves Within Confidential VMs
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内,并且不需要特定的开头。首先,我得仔细阅读文章内容,找出主要信息。
文章标题是《The Road To Trust: Building Enclaves Within Confidential VMs》,看起来是关于可信执行环境的。作者们来自中国科学院和蚂蚁集团等机构。文章主要讨论了如何在保密虚拟机中构建 enclave,以确保代码的完整性。
文章提到,虽然CVM在隔离环境中运行,但用户仍然面临维护代码完整性的挑战。特别是当Guest OS被攻破时,用户应用可能受到干扰。为了解决这个问题,他们提出了NestedSGX框架,利用AMD SEV-SNP的VMPL功能,在Guest VM中创建硬件enclave。
NestedSGX模拟了Intel SGX的功能,支持现有的SGX工具链和应用。性能评估显示上下文切换次数略高于Intel SGX,但在大多数实际应用中开销很小。
总结一下,文章的核心是介绍NestedSGX框架如何在CVM中增强代码完整性,并保持与现有SGX生态的兼容性。
</think>
文章介绍了一种名为NestedSGX的框架,用于在保密虚拟机(CVM)中构建硬件enclave,以增强代码完整性。该框架利用AMD SEV-SNP的VMPL功能,并模拟Intel SGX功能以支持现有工具链和应用。尽管上下文切换开销略高,但其在实际应用中的性能表现良好。
2025-12-29 16:0:0
Author: securityboulevard.com(查看原文)
阅读量:0
收藏
NDSS 2025 – The Road To Trust: Building Enclaves Within Confidential VMs
Session 7B: Trusted Hardware and Execution
Authors, Creators & Presenters: Wenhao Wang (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Linke Song (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Benshan Mei (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Shuang Liu (Ant Group), Shijun Zhao (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Shoumeng Yan (Ant Group), XiaoFeng Wang (Indiana University Bloomington), Dan Meng (Institute of Information Engineering, CAS), Rui Hou (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS)
PAPER
The Road to Trust: Building Enclaves within Confidential VMs
Integrity is critical for maintaining system security, as it ensures that only genuine software is loaded onto a machine. Although confidential virtual machines (CVMs) function within isolated environments separate from the host, it is important to recognize that users still encounter challenges in maintaining control over the integrity of the code running within the trusted execution environments (TEEs). The presence of a sophisticated operating system (OS) raises the possibility of dynamically creating and executing any code, making user applications within TEEs vulnerable to interference or tampering if the guest OS is compromised. To address this issue, this paper introduces NestedSGX, a framework which leverages virtual machine privilege level (VMPL), a recent hardware feature available on AMD SEV-SNP to enable the creation of hardware enclaves within the guest VM. Similar to Intel SGX, NestedSGX considers the guest OS untrusted for loading potentially malicious code. It ensures that only trusted and measured code executed within the enclave can be remotely attested. To seamlessly protect existing applications, NestedSGX aims for compatibility with Intel SGX by simulating SGX leaf functions. We have also ported the SGX SDK and the Occlum library OS to NestedSGX, enabling the use of existing SGX toolchains and applications in the system. Performance evaluations show that context switches in NestedSGX take about 32,000 — 34,000 cycles, approximately 1.9 times — 2.1 times higher than that of Intel SGX. NestedSGX incurs minimal overhead in most real-world applications, with an average overhead below 2% for computation and memory intensive workloads and below 15.68% for I/O intensive workloads.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
