Architectural Extensions for Hardware Virtual Machine Isolation to Advance Confidential Computing in Public Clouds

Explore architectural extensions for hardware virtual machine isolation in this conference talk focused on advancing confidential computing in public clouds. Delve into cloud threat vectors, the evolution of hardware-based cloud workload isolation, and Intel's Trust Domain Extensions (TDX) architecture. Learn about security goals, CPU ISA, VMX, and SEAM technologies. Examine threat models, memory confidentiality and integrity, private key management, hardware address translation, and physical memory management. Discover how attestation leverages Intel SGX and understand threat coverage for various attack types, including software, hardware, and side-channel attacks. Gain insights into TDX software implications, deployment models, and KVM touchpoints. Investigate Linux TD guest touchpoints, Guest-Hypervisor Communication Interface (GHCI), and TDX platform and software lifecycles. Enhance your understanding of cutting-edge confidential computing technologies and their implementation in public cloud environments.

Intro
CLOUD THREAT VECTORS
HARDWARE-BASED CLOUD WORKLOAD ISOLATION EVOLUTION
INTEL TDX-HIGH LEVEL SECURITY GOAL OF ARCHITECTURE
CPU ISA
VMX AND SEAM
THREAT MODEL
TD MEMORY CONFIDENTIALITY
TD MEMORY INTEGRITY
PRIVATE KEY MANAGEMENT
HW ADDRESS TRANSLATION
PHYSICAL MEMORY MANAGEMENT
ATTESTATION LEVERAGES INTEL SGX
THREAT COVERAGE - SOFTWARE ADVERSARY ATTACKS
THREAT COVERAGE - HARDWARE ADVERSARY ATTACKS
THREAT COVERAGE-TOX MODULE AND ATTESTATION ATTACKS
THREAT COVERAGE - SIDECHANNEL ATTACKS
INTEL TDX -PUTTING IT ALL TOGETHER
INTEL TDX SOFTWARE IMPLICATIONS
INTEL TDX-SW DEPLOYMENT MODELS
KVM TOUCHPOINTS
MORE ON MMU
LINUX TD GUEST TOUCHPOINTS
GHCI (GUEST-HYPERVISOR COMMUNICATION INTERFACE)
INTEL TDX PLATFORM AND SW LIFECYCLE
SUMMARY