Cloud computing processes and stores critical data, necessitating robust protections against unauthorized access. Confidential Com- puting (CC) technologies address this need by enabling secure computation in hardware-backed Trusted Execution Environments (TEEs). While solutions like AMD’s Secure Encrypted Virtualiza- tion (SEV) provide strong protections, they remain vulnerable to attacks targeting applications within virtual machines (VMs). Sim- ilarly, the recent Armv9-A architecture introduces a promising Realm World for enhanced security, but its adoption is limited by hardware availability and upgrade constraints. ARM TrustZone, while widely supported, lacks native support for multiple isolated TEEs. In this paper we proposed framework eliminates the need for these components in the Trusted Computing Base (TCB), enabling secure integration of TEEs with VMs. It features a VS-TEE Driver for VM interaction and a VS-TEE Hypervisor for secure communi- cation, ensuring compatibility with ARM TrustZone and OP-TEE libraries. We developed and evaluated an open-source prototype, demonstrating its effectiveness in addressing challenges like mem- ory translation, resource management, and interoperability. Our framework enhances security for cloud environments, allowing multiple VMs to securely share TEE capabilities.
VS-TEE: A Framework for Virtualizing TEEs in ARM Cloud Contexts / M. Zoia, M. Cutecchia, D. Rusconi, A. Monzani, M. Picca, D. Bruschi, A. Lanzi - In: CODASPY '25: Proceedings / [a cura di] J. Joshi, J. Vaidya, H. Schulmann. - [s.l] : ACM, 2025. - ISBN 979-8-4007-1476-4. - pp. 143-154 (( Intervento presentato al 15. convegno CODASPY'25 tenutosi a Pittsburgh nel 2025 [10.1145/3714393.3726515].
VS-TEE: A Framework for Virtualizing TEEs in ARM Cloud Contexts
M. Zoia
Primo
;D. Rusconi
;A. Monzani
;M. Picca
;D. Bruschi;A. LanziUltimo
2025
Abstract
Cloud computing processes and stores critical data, necessitating robust protections against unauthorized access. Confidential Com- puting (CC) technologies address this need by enabling secure computation in hardware-backed Trusted Execution Environments (TEEs). While solutions like AMD’s Secure Encrypted Virtualiza- tion (SEV) provide strong protections, they remain vulnerable to attacks targeting applications within virtual machines (VMs). Sim- ilarly, the recent Armv9-A architecture introduces a promising Realm World for enhanced security, but its adoption is limited by hardware availability and upgrade constraints. ARM TrustZone, while widely supported, lacks native support for multiple isolated TEEs. In this paper we proposed framework eliminates the need for these components in the Trusted Computing Base (TCB), enabling secure integration of TEEs with VMs. It features a VS-TEE Driver for VM interaction and a VS-TEE Hypervisor for secure communi- cation, ensuring compatibility with ARM TrustZone and OP-TEE libraries. We developed and evaluated an open-source prototype, demonstrating its effectiveness in addressing challenges like mem- ory translation, resource management, and interoperability. Our framework enhances security for cloud environments, allowing multiple VMs to securely share TEE capabilities.
| File | Dimensione | Formato | |
|---|---|---|---|
|
3714393.3726515.pdf
accesso aperto
Tipologia:
Publisher's version/PDF
Licenza:
Creative commons
Dimensione
1.22 MB
Formato
Adobe PDF
|
1.22 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
