Data di Pubblicazione:
2025
Citazione:
VS-TEE: A Framework for Virtualizing TEEs in ARM Cloud Contexts / M. Zoia, M. Cutecchia, D. Rusconi, A. Monzani, M. Picca, D. Bruschi, A. Lanzi - In: CODASPY '25: Proceedings / [a cura di] J. Joshi, J. Vaidya, H. Schulmann. - [s.l] : ACM, 2025. - ISBN 979-8-4007-1476-4. - pp. 143-154 (( Intervento presentato al 15. convegno CODASPY'25 tenutosi a Pittsburgh nel 2025 [10.1145/3714393.3726515].
Abstract:
Cloud computing processes and stores critical data, necessitating
robust protections against unauthorized access. Confidential Com-
puting (CC) technologies address this need by enabling secure
computation in hardware-backed Trusted Execution Environments
(TEEs). While solutions like AMD’s Secure Encrypted Virtualiza-
tion (SEV) provide strong protections, they remain vulnerable to
attacks targeting applications within virtual machines (VMs). Sim-
ilarly, the recent Armv9-A architecture introduces a promising
Realm World for enhanced security, but its adoption is limited by
hardware availability and upgrade constraints. ARM TrustZone,
while widely supported, lacks native support for multiple isolated
TEEs. In this paper we proposed framework eliminates the need for
these components in the Trusted Computing Base (TCB), enabling
secure integration of TEEs with VMs. It features a VS-TEE Driver
for VM interaction and a VS-TEE Hypervisor for secure communi-
cation, ensuring compatibility with ARM TrustZone and OP-TEE
libraries. We developed and evaluated an open-source prototype,
demonstrating its effectiveness in addressing challenges like mem-
ory translation, resource management, and interoperability. Our
framework enhances security for cloud environments, allowing
multiple VMs to securely share TEE capabilities.
robust protections against unauthorized access. Confidential Com-
puting (CC) technologies address this need by enabling secure
computation in hardware-backed Trusted Execution Environments
(TEEs). While solutions like AMD’s Secure Encrypted Virtualiza-
tion (SEV) provide strong protections, they remain vulnerable to
attacks targeting applications within virtual machines (VMs). Sim-
ilarly, the recent Armv9-A architecture introduces a promising
Realm World for enhanced security, but its adoption is limited by
hardware availability and upgrade constraints. ARM TrustZone,
while widely supported, lacks native support for multiple isolated
TEEs. In this paper we proposed framework eliminates the need for
these components in the Trusted Computing Base (TCB), enabling
secure integration of TEEs with VMs. It features a VS-TEE Driver
for VM interaction and a VS-TEE Hypervisor for secure communi-
cation, ensuring compatibility with ARM TrustZone and OP-TEE
libraries. We developed and evaluated an open-source prototype,
demonstrating its effectiveness in addressing challenges like mem-
ory translation, resource management, and interoperability. Our
framework enhances security for cloud environments, allowing
multiple VMs to securely share TEE capabilities.
Tipologia IRIS:
03 - Contributo in volume
Keywords:
TEE; Trusted Execution Environments; Computational privacy; Virtualization; ARM; Cloud
Elenco autori:
M. Zoia, M. Cutecchia, D. Rusconi, A. Monzani, M. Picca, D. Bruschi, A. Lanzi
Link alla scheda completa:
Titolo del libro:
CODASPY '25: Proceedings