Architecting Trust: Building Secure and High-Performance Confidential VMs

Srivastava, Shashvat

Author(s)

Srivastava, Shashvat

DownloadThesis PDF (1.197Mb)

Advisor

Yan, Mengjia

Terms of use

In Copyright - Educational Use Permitted Copyright retained by author(s) https://rightsstatements.org/page/InC-EDU/1.0/

Metadata

Show full item record

Abstract

Recent research in TEE (Trusted Execution Environment) design have focused on the development of confidential VMs — virtual machines completely protected by secure hardware. All major CPU vendors have rolled out support for VM based TEEs — AMD created SEV (2017), Intel created TDX (2020), and ARM launched CCA (2021). Confidential VMs are a quite promising new technology as they are significantly more user-friendly, allow existing applications to run without modifications, and have better performance compared to process-based TEE. However, confidential VMs still face two large design challenges: security and performance. In the first part of this thesis, we propose a secure confidential VM design on the RISC-V platform, which currently has no official confidential VM support. We specifically focus on the task of secure CPU virtualization and build a security monitor that hides the virtual CPU register state from the hypervisor during context switches. To allow the hypervisor to properly handle interrupts and emulate instructions, we summarize a specification listing which registers need to be exposed in specific scenarios. In the second part of this thesis, we aim to improve the network I/O performance of existing confidential VMs. The hardware protections of TEEs create additional I/O overhead in confidential VMs, and Trusted I/O (TIO) is a promising solution to reduce this overhead. However, TIO has several drawbacks — it relies on hardware support from the I/O device and expands the Trusted Computing Base (TCB) to include these TIO devices. Furthermore, TIO devices will not be commercially available for several years. We aim to create a I/O solution that can reach the performance of TIO without relying on TIO devices. In particular, we present Folio, a system for high-performance network I/O compatible with AMD SEV-SNP. Compared to network I/O in a non-TEE VM, Folio performs only a single extra memory-copy of packet data. Our extensive evaluation shows that Folio performs only 6% worse than the ideal TIO solution.

Date issued

2023-09

URI

https://hdl.handle.net/1721.1/152816

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Collections

Graduate Theses