Scheme of Runtime Monitoring in Confidential Computing with Dynamic Integrity Measurement

Confidential computing (CC) is based on the hardware TEE, which protects the confidentiality and integrity of data in use through isolation, integrity measurement, and remote attestation, and is protected from attacks by privileged adversaries. However, the measurement and attestation mechanisms of existing CC platforms focus on the launch time integrity instead of the runtime. When potential memory vulnerabilities in user workloads are exploited by adversaries, it can lead to attacks such as control flow hijacking. The existing CC platforms that only protect integrity at startup cannot effectively prevent or detect such runtime attacks. To address that, we propose a scheme of runtime monitoring in CC based on dynamic integrity measurement. By introducing control and data flow measurements into the TEE and verifying the measurements by a trusted verifier, the remote attestation and runtime integrity protection are achieved on the CC platform. The implementation of our prototype on CSV/SEV servers with confidential VM/container architecture shows that the scheme achieves higher runtime security with about 16% performance overhead.