Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

8-2025

Abstract

Intel TDX empowers cloud service providers to construct confidential virtual machines called trust domains (TDs) on x86 platforms. Similar to its counterparts from AMD and Arm, TDX's hardware based protection over integrity and secrecy of virtual machine memory and vCPU states inevitably hinders legitimate virtual machine management such as introspection. At the presence of compromised high-privileged software (e.g., the guest kernel), neither the cloud service provider nor the TD owner can securely carry out a task within the TD. To tackle this problem, we propose TETD, an in-TD trusted execution technique without trusting any TD system software. Our design does not pivot on in-VM privilege layering, a popular approach used in existing VM security enhancement schemes. Instead, we leverage the virtual machine monitor's existing capability of resource management to directly separate memory and vCPU used for trusted execution from the TD system software. We implement a TETD prototype on a TDX server and run extensive experiments. The performance overhead incurred by TETD to the TD depends on the workload. In our benchmark evaluations, the highest toll is about 6.8%. Moreover, our three applications also demonstrate that TETD provides a TD owner a practical and secure foothold at the presence of a compromised kernel.

Discipline

Information Security

Areas of Excellence

Digital transformation

Publication

SEC '25: Proceedings of the 34th USENIX Conference on Security Symposium, Seattle, USA, August 13-15

First Page

1187

Last Page

1206

Identifier

10.5555/3766078.3766140

Publisher

ACM

City or Country

New York

Additional URL

https://doi.org/10.5555/3766078.3766140

Download

Share

COinS