VS-TEE: A Framework for Virtualizing TEEs in ARM Cloud Contexts

Cloud computing processes and stores critical data, necessitating robust protections against unauthorized access. Confidential Com- puting (CC) technologies address this need by enabling secure computation in hardware-backed Trusted Execution Environments (TEEs). While solutions like AMD’s Secure Encrypted Virtualiza- tion (SEV) provide strong protections, they remain vulnerable to attacks targeting applications within virtual machines (VMs). Sim- ilarly, the recent Armv9-A architecture introduces a promising Realm World for enhanced security, but its adoption is limited by hardware availability and upgrade constraints. ARM TrustZone, while widely supported, lacks native support for multiple isolated TEEs. In this paper we proposed framework eliminates the need for these components in the Trusted Computing Base (TCB), enabling secure integration of TEEs with VMs. It features a VS-TEE Driver for VM interaction and a VS-TEE Hypervisor for secure communi- cation, ensuring compatibility with ARM TrustZone and OP-TEE libraries. We developed and evaluated an open-source prototype, demonstrating its effectiveness in addressing challenges like mem- ory translation, resource management, and interoperability. Our framework enhances security for cloud environments, allowing multiple VMs to securely share TEE capabilities.