Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Sharing is caring: Attestable and Trusted Workflows out of Distrustful Components

Amir Al Sadi, Sina Abdollahi, Adrien Ghosn, Hamed Haddadi, Marios Kogias

TL;DR

This work presents Mica, a confidential computing architecture that decouples confidentiality from trust, and implements Mica on Arm CCA using existing primitives, requiring only modest changes to the trusted computing base.

Abstract

Confidential computing protects data in use within Trusted Execution Environments (TEEs), but current TEEs provide little support for secure communication between components. As a result, pipelines of independently developed and deployed TEEs must trust one another to avoid the leakage of sensitive information they exchange -- a fragile assumption that is unrealistic for modern cloud workloads. We present Mica, a confidential computing architecture that decouples confidentiality from trust. Mica provides tenants with explicit mechanisms to define, restrict, and attest all communication paths between components, ensuring that sensitive data cannot leak through shared resources or interactions. We implement Mica on Arm CCA using existing primitives, requiring only modest changes to the trusted computing base. Our extension adds a policy language to control and attest communication paths among Realms and with the untrusted world via shared protected and unprotected memory and control transfers. Our evaluation shows that Mica supports realistic cloud pipelines with only a small increase to the trusted computing base while providing strong, attestable confidentiality guarantees.

Sharing is caring: Attestable and Trusted Workflows out of Distrustful Components

TL;DR

This work presents Mica, a confidential computing architecture that decouples confidentiality from trust, and implements Mica on Arm CCA using existing primitives, requiring only modest changes to the trusted computing base.

Abstract

Confidential computing protects data in use within Trusted Execution Environments (TEEs), but current TEEs provide little support for secure communication between components. As a result, pipelines of independently developed and deployed TEEs must trust one another to avoid the leakage of sensitive information they exchange -- a fragile assumption that is unrealistic for modern cloud workloads. We present Mica, a confidential computing architecture that decouples confidentiality from trust. Mica provides tenants with explicit mechanisms to define, restrict, and attest all communication paths between components, ensuring that sensitive data cannot leak through shared resources or interactions. We implement Mica on Arm CCA using existing primitives, requiring only modest changes to the trusted computing base. Our extension adds a policy language to control and attest communication paths among Realms and with the untrusted world via shared protected and unprotected memory and control transfers. Our evaluation shows that Mica supports realistic cloud pipelines with only a small increase to the trusted computing base while providing strong, attestable confidentiality guarantees.
Paper Structure (24 sections, 5 figures, 3 tables)

This paper contains 24 sections, 5 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Background & Motivation
  3. TEE interfaces and communication
  4. Approaches to confidential pipelines
  5. Background on Arm CCA
  6. Design
  7. Threat Model
  8. Design Overview
  9. Mica Policies
  10. Policy validation & Enforcement
  11. Attestation
  12. Implementation
  13. Overview
  14. Creation and Pre-population
  15. Supplying Realm Policies
  16. ...and 9 more sections

Figures (5)

  • Figure 1: Prior designs for confidential pipelines. Red indicate untrusted components (boxes or communication arrows), green indicates trusted components (secure communication or TCB). The dotted lines indicate the exposed interface to the untrusted host.
  • Figure 2: CCA Architecture.
  • Figure 3: Example of policy file used by Mica defining two peers with one shared memory region. P1 is the component supplying the policy as indicated by Self.
  • Figure 4: Application scenarios deployed over Mica. Green indicates trusted/confidential components, red indicates untrusted components, yellow indicates confidential but distrustful components. Arrows represent different access rights over shared memory (incoming arrow $\rightarrow$ read access, outgoing arrow $\rightarrow$ write access).
  • Figure 5: Attestation size comparison (in KB) between vanilla CCA and Mica. Mica's group attestation size growth is linear wrt the number of Realms in the pipeline.