Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Cabin: Confining Untrusted Programs within Confidential VMs

Benshan Mei, Saisai Xia, Wenhao Wang, Dongdai Lin

TL;DR

Confidential Virtual Machines protect computations but risk kernel-level attacks from untrusted code due to large kernels and coarse memory protections. Cabin addresses this by confining untrusted programs to the user-space of a lower VMPL, mediated by a trusted proxy-kernel, and by employing VMPL-enhanced execute-only protection and asynchronous forwarding to minimize VMPL-switch overhead. Key contributions include a proxy-kernel design, cross-layer execute-only protection, dynamic VMPL management, and a Linux prototype on AMD SEV-SNP with performance evaluation showing modest overhead (roughly 5% on Nbench and 10% on WolfSSL). The approach yields practical, generalizable hardening for CVMs, enabling flexible monitoring and threat detection while preserving guest OS integrity and compatibility with existing Confidential Computing ecosystems.

Abstract

Confidential computing safeguards sensitive computations from untrusted clouds, with Confidential Virtual Machines (CVMs) providing a secure environment for guest OS. However, CVMs often come with large and vulnerable operating system kernels, making them susceptible to attacks exploiting kernel weaknesses. The imprecise control over the read/write access in the page table has allowed attackers to exploit vulnerabilities. The lack of security hierarchy leads to insufficient separation between untrusted applications and guest OS, making the kernel susceptible to direct threats from untrusted programs. This study proposes Cabin, an isolated execution framework within guest VM utilizing the latest AMD SEV-SNP technology. Cabin shields untrusted processes to the user space of a lower virtual machine privilege level (VMPL) by introducing a proxy-kernel between the confined processes and the guest OS. Furthermore, we propose execution protection mechanisms based on fine-gained control of VMPL privilege for vulnerable programs and the proxy-kernel to minimize the attack surface. We introduce asynchronous forwarding mechanism and anonymous memory management to reduce the performance impact. The evaluation results show that the Cabin framework incurs a modest overhead (5% on average) on Nbench and WolfSSL benchmarks.

Cabin: Confining Untrusted Programs within Confidential VMs

TL;DR

Confidential Virtual Machines protect computations but risk kernel-level attacks from untrusted code due to large kernels and coarse memory protections. Cabin addresses this by confining untrusted programs to the user-space of a lower VMPL, mediated by a trusted proxy-kernel, and by employing VMPL-enhanced execute-only protection and asynchronous forwarding to minimize VMPL-switch overhead. Key contributions include a proxy-kernel design, cross-layer execute-only protection, dynamic VMPL management, and a Linux prototype on AMD SEV-SNP with performance evaluation showing modest overhead (roughly 5% on Nbench and 10% on WolfSSL). The approach yields practical, generalizable hardening for CVMs, enabling flexible monitoring and threat detection while preserving guest OS integrity and compatibility with existing Confidential Computing ecosystems.

Abstract

Confidential computing safeguards sensitive computations from untrusted clouds, with Confidential Virtual Machines (CVMs) providing a secure environment for guest OS. However, CVMs often come with large and vulnerable operating system kernels, making them susceptible to attacks exploiting kernel weaknesses. The imprecise control over the read/write access in the page table has allowed attackers to exploit vulnerabilities. The lack of security hierarchy leads to insufficient separation between untrusted applications and guest OS, making the kernel susceptible to direct threats from untrusted programs. This study proposes Cabin, an isolated execution framework within guest VM utilizing the latest AMD SEV-SNP technology. Cabin shields untrusted processes to the user space of a lower virtual machine privilege level (VMPL) by introducing a proxy-kernel between the confined processes and the guest OS. Furthermore, we propose execution protection mechanisms based on fine-gained control of VMPL privilege for vulnerable programs and the proxy-kernel to minimize the attack surface. We introduce asynchronous forwarding mechanism and anonymous memory management to reduce the performance impact. The evaluation results show that the Cabin framework incurs a modest overhead (5% on average) on Nbench and WolfSSL benchmarks.
Paper Structure (23 sections, 4 figures, 2 tables)

This paper contains 23 sections, 4 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Background
  3. SEV-SNP and VMPL
  4. Execute-only memory
  5. Syscall filtering
  6. Threat model
  7. Design
  8. Overview
  9. System design
  10. Performance optimization
  11. Case studies
  12. Execute-only protection
  13. Process monitoring
  14. Implementation
  15. Syscalls and interrupts handling
  16. ...and 8 more sections

Figures (4)

  • Figure 1: An overview of the Cabin framework.
  • Figure 2: The evaluation of syscall overhead in different scenarios.
  • Figure 3: The performance evaluation on Nbench.
  • Figure 4: The performance evaluation on WolfSSL benchmark.