CCxTrust: Confidential Computing Platform Based on TEE and TPM Collaborative Trust (2412.03842v3)

Abstract: Confidential Computing has emerged to address data security challenges in cloud-centric deployments by protecting data in use through hardware-level isolation. However, reliance on a single hardware root of trust (RoT) limits user confidence in cloud platforms, especially for high-performance AI services, where end-to-end protection of sensitive models and data is critical. Furthermore, the lack of interoperability and a unified trust model in multi-cloud environments prevents the establishment of a cross-platform, cross-cloud chain of trust, creating a significant trust gap for users with high privacy requirements. To address the challenges mentioned above, this paper proposes CCxTrust (Confidential Computing with Trust), a confidential computing platform leveraging collaborative roots of trust from TEE and TPM. CCxTrust combines the black-box RoT embedded in the CPU-TEE with the flexible white-box RoT of TPM to establish a collaborative trust framework. The platform implements independent Roots of Trust for Measurement (RTM) for TEE and TPM, and a collaborative Root of Trust for Report (RTR) for composite attestation. The Root of Trust for Storage (RTS) is solely supported by TPM. We also present the design and implementation of a confidential TPM supporting multiple modes for secure use within confidential virtual machines. Additionally, we propose a composite attestation protocol integrating TEE and TPM to enhance security and attestation efficiency, which is proven secure under the PCL protocol security model. We implemented a prototype of CCxTrust on a confidential computing server with AMD SEV-SNP and TPM chips, requiring minimal modifications to the TPM and guest Linux kernel. The composite attestation efficiency improved by 24% without significant overhead, while Confidential TPM performance showed a 16.47% reduction compared to standard TPM.

• The paper introduces CCxTrust, a novel confidential computing platform that integrates TEE and TPM to establish a collaborative trust framework for enhanced security in multi-cloud environments.
• CCxTrust utilizes a composite attestation protocol integrating TEE and TPM reports and introduces a Confidential TPM (CTPM) for secure cloud runtime operations.
• Experimental results show CCxTrust improves attestation efficiency by 24% and reduces CTPM latency by 16.47%, demonstrating its practical effectiveness for secure multi-cloud applications.

Overview of CCxTrust: A Confidential Computing Platform

The evolution of cloud-centric services has elevated the importance of Confidential Computing, a paradigm addressing the protection of data in use via hardware-level isolation. However, existing solutions are constrained by their reliance on a single root of trust, and the lack of interoperability across heterogeneous cloud platforms. This paper introduces "CCxTrust,” a robust confidential computing platform designed to establish a collaborative trust framework by integrating Trusted Execution Environments (TEE) and Trusted Platform Modules (TPM). The intent is to bridge the trust gap in multi-cloud deployments and enhance secure data processing environments.

CCxTrust leverages several novel elements:

1. Collaborative Roots of Trust (RoT), incorporating TEE and TPM architectures, to facilitate a cross-platform trust system significantly more robust than independent architectures.
2. A composite attestation protocol that melds the security benefits of TEE and TPM. This involves enhancing remote attestation capabilities by integrating the Root of Trust for Measurement (RTM) and Root of Trust for Report (RTR).
3. A Confidential TPM (CTPM), which uniquely supports secure runtime operations in cloud environments.

Key Components

Collaborative Trust Framework: At the core of CCxTrust is the establishment of a dual RoT. This architecture delineates the roles of TEE and TPM in the system’s trust hierarchy. While TEE provides the environment for secure execution, TPM underpins storage trust. This dual structure makes CCxTrust uniquely flexible and comprehensive, securing data from boot time through to runtime applications.

Composite Attestation Protocol: The system implements a novel composite attestation mechanism that integrates attestation reports from both TEE and TPM nodes. This dual attestation reduces the risk of forgery or spliced reports, ensuring that the integrity of confidentiality assurances is maintained throughout the lifecycle of cloud applications.

Confidential TPM: CCxTrust introduces a CTPM, which tackles secure operations within cloud environments while enhancing the efficiency of trust chains and reducing latency associated with traditional TPM operations by 16.47%.

Performance and Results

The experimental evaluation illustrates CCxTrust’s improved attestation efficiency, demonstrated by a 24% increase in composite attestation performance without introducing significant overhead. The system sustains low latency and high throughput in scenarios with large-scale node concurrent attestations, validating its effectiveness in practical cloud environments handling complex and data-sensitive applications.

Theoretical and Practical Implications

The theoretical contributions of CCxTrust manifest in designing a trust model that transcends the limitations of existing cloud-based confidential computing solutions. By consolidating TEE and TPM roots, CCxTrust mitigates the trust fragmentation inherent in heterogeneous cross-cloud systems. Practically, this unified trust architecture offers a scalable, efficient, and user-controlled framework for managing secure multi-cloud deployments, crucial for high-security applications in financial services, healthcare, and AI cloud services.

Future Outlook

CCxTrust is poised to influence the development trajectory of confidential computing by setting a precedent for trust integration across disparate systems. Future research could explore integrating additional secure co-processors or extending the framework’s applicability to AI-centric workloads requiring immediate processing and real-time security validations. The genesis of this research marks a significant stride toward deploying applications across diversified cloud services without re-establishing trust parameters incessantly.

In summary, CCxTrust advances the field of Confidential Computing by comprehensively addressing cross-platform trust interoperability and security efficiency, establishing a robust foundation for secure data handling in multi-cloud landscapes. The implications are promising not only for immediate cloud security enhancements but also in laying the groundwork for next-generation confidential computing models.