Core Slicing - Closing the Gap Between Leaky Confidential VMs and Bare-Metal Cloud

Explore a 15-minute conference talk from OSDI '23 that delves into the innovative concept of core slicing, a novel approach to enhance security in cloud computing. Learn how this technique aims to bridge the gap between confidential virtual machines (VMs) and bare-metal cloud servers. Discover the vulnerabilities of current hypervisor-based VM isolation and the motivations behind hardware extensions for confidential VMs. Understand the limitations of existing solutions and the potential security risks they pose. Examine the proposed core slicing design, which enables multiple untrusted guest operating systems to run on shared bare-metal hardware without the need for a hypervisor. Gain insights into the simple hardware extensions that restrict guests to static slices of machine resources and the delegation of resource allocation to a dedicated management slice. Evaluate the practicality and performance of this approach through prototypes developed for RISC-V and x86 architectures.

OSDI '23 - Core slicing: closing the gap between leaky confidential VMs and bare-metal cloud