Litcius/Paper detail

CoVE

Ravi Sahita, Vedvyas Shanbhogue, Andrew Bresticker, Atul Khare, Atish Patra, Samuel Ortiz, Dylan Reid, Rajnesh Kanwal

202317 citationsDOIOpen Access PDF

Abstract

Multi-tenant computing platforms are typically comprised of several software and hardware components including platform firmware, operating system, virtualization monitor, and tenant workloads (typically in a virtual machine, container, or application). This model is well established in large scale commercial deployments, but the downside is that all platform components and operators are in the Trusted Computing Base (TCB) of the tenant. This aspect is ill-suited for privacy-oriented workloads that aim to minimize the TCB. Confidential computing [1] presents a good stepping-stone towards providing a quantifiable TCB for computing. Confidential computing requires the use of a HW-attested Trusted Execution Environment for data-in-use protection. The RISC-V architecture presents a strong foundation for meeting the requirements for Confidential Computing in a clean slate manner. This paper describes a reference architecture and discusses ISA, non-ISA and System-on-Chip (SoC) requirements for confidential computing on RISC-V Platforms. It discusses proposed RISC-V ISA and non-ISA for Confidential Virtual-machine Extension, referred to as CoVE.

Topics & Concepts

Computer scienceTrusted computing baseVirtualizationConfidentialityOperating systemTrusted ComputingHypervisorEmbedded systemSymmetric multiprocessor systemComputer securityCloud computingCloud computing securitySecurity and Verification in ComputingCloud Data Security SolutionsAdvanced Malware Detection Techniques
CoVE | Litcius