Table of Contents
Fetching ...

Arca: A Lightweight Confidential Container Architecture for Cloud-Native Environments

Di Lu, Mengna Sun, Qingwen Zhang, Yujia Liu, Jia Zhang, Xuewen Dong, Yulong Shen, Jianfeng Ma

TL;DR

Arca addresses the security and performance limitations of Container-in-TEE designs by proposing a TEE-in-Container architecture where each container runs its own hardware-protected TEE. The approach confines the trusted computing base to the security-critical workload, while orchestration, management, and I/O remain outside the TEE, enabling lightweight, auditable, and scalable confidentiality for cloud-native workloads. The authors implement Arca on Intel SGX, Intel TDX, and AMD SEV, and show through micro-benchmarks and system-level tests that Arca achieves near-native performance and often outperforms CoCo, with improved verifiability and resilience to host compromise. The work demonstrates that strong runtime confidentiality can be achieved without enlarging the TCB, preserving container ecosystem compatibility, and enabling practical confidential computing across heterogeneous TEEs.

Abstract

Confidential containers protect cloud-native workloads using trusted execution environments (TEEs). However, existing Container-in-TEE designs (e.g., Confidential Containers (CoCo)) encapsulate the entire runtime within the TEE, inflating the trusted computing base (TCB) and introducing redundant components and cross-layer overhead. We present Arca, a lightweight confidential container framework based on a TEE-in-Container architecture that isolates each workload in an independent, hardware-enforced trust domain while keeping orchestration logic outside the TEE. This design minimizes inter-layer dependencies, confines compromise to per-container boundaries, and restores the TEE's minimal trust principle. We implemented Arca on Intel SGX, Intel TDX, and AMD SEV. Experimental results show that Arca achieves near-native performance and outperforms CoCo in most benchmarks, while the reduced TCB significantly improves verifiability and resilience against host-level compromise. Arca emonstrates that efficient container management and strong runtime confidentiality can be achieved without sacrificing security assurance.

Arca: A Lightweight Confidential Container Architecture for Cloud-Native Environments

TL;DR

Arca addresses the security and performance limitations of Container-in-TEE designs by proposing a TEE-in-Container architecture where each container runs its own hardware-protected TEE. The approach confines the trusted computing base to the security-critical workload, while orchestration, management, and I/O remain outside the TEE, enabling lightweight, auditable, and scalable confidentiality for cloud-native workloads. The authors implement Arca on Intel SGX, Intel TDX, and AMD SEV, and show through micro-benchmarks and system-level tests that Arca achieves near-native performance and often outperforms CoCo, with improved verifiability and resilience to host compromise. The work demonstrates that strong runtime confidentiality can be achieved without enlarging the TCB, preserving container ecosystem compatibility, and enabling practical confidential computing across heterogeneous TEEs.

Abstract

Confidential containers protect cloud-native workloads using trusted execution environments (TEEs). However, existing Container-in-TEE designs (e.g., Confidential Containers (CoCo)) encapsulate the entire runtime within the TEE, inflating the trusted computing base (TCB) and introducing redundant components and cross-layer overhead. We present Arca, a lightweight confidential container framework based on a TEE-in-Container architecture that isolates each workload in an independent, hardware-enforced trust domain while keeping orchestration logic outside the TEE. This design minimizes inter-layer dependencies, confines compromise to per-container boundaries, and restores the TEE's minimal trust principle. We implemented Arca on Intel SGX, Intel TDX, and AMD SEV. Experimental results show that Arca achieves near-native performance and outperforms CoCo in most benchmarks, while the reduced TCB significantly improves verifiability and resilience against host-level compromise. Arca emonstrates that efficient container management and strong runtime confidentiality can be achieved without sacrificing security assurance.
Paper Structure (26 sections, 12 figures, 3 tables)

This paper contains 26 sections, 12 figures, 3 tables.

Figures (12)

  • Figure 1: Conceptual distinction between process-based and VM-based TEEs, highlighting their differences in protection scope, trust boundary, and TCB size.
  • Figure 2: Overall architecture of Arca, which implements a TEE-in-Container model. Each container embeds an independent hardware-protected TEE instance for secure computation.
  • Figure 3: Intel SGX architecture overview. Sensitive code and data execute inside hardware-protected enclaves within the encrypted EPC, isolated from the untrusted OS and runtime environment to preserve confidentiality and integrity.
  • Figure 4: Intel SGX–based Arca architecture. An App Enclave executes sensitive programs, and a persistent Agent Enclave manages image deployment, attestation (RMAM), and secure host communication (SCM). Together with the host agent and container engine, they realize lightweight per-container TEEs with minimal TCB.
  • Figure 5: Remote attestation protocol among a verifier User, an Agent Enclave and an Application Enclave
  • ...and 7 more figures