Cabin: Confining Untrusted Programs within Confidential VMs

TL;DR

Cabin is a novel framework that isolates untrusted programs within confidential VMs using AMD SEV-SNP, enhancing security with minimal performance overhead by employing a proxy-kernel and fine-grained privilege control.

Contribution

It introduces Cabin, a new isolation framework utilizing AMD SEV-SNP, with a proxy-kernel and privilege control mechanisms to better protect untrusted processes in confidential VMs.

Findings

Modest 5% average overhead on benchmarks

Effective shielding of untrusted processes

Enhanced security with minimal performance impact

Abstract

Confidential computing safeguards sensitive computations from untrusted clouds, with Confidential Virtual Machines (CVMs) providing a secure environment for guest OS. However, CVMs often come with large and vulnerable operating system kernels, making them susceptible to attacks exploiting kernel weaknesses. The imprecise control over the read/write access in the page table has allowed attackers to exploit vulnerabilities. The lack of security hierarchy leads to insufficient separation between untrusted applications and guest OS, making the kernel susceptible to direct threats from untrusted programs. This study proposes Cabin, an isolated execution framework within guest VM utilizing the latest AMD SEV-SNP technology. Cabin shields untrusted processes to the user space of a lower virtual machine privilege level (VMPL) by introducing a proxy-kernel between the confined processes and the guest OS. Furthermore, we propose execution protection mechanisms based on fine-gained control of VMPL privilege for vulnerable programs and the proxy-kernel to minimize the attack surface. We introduce asynchronous forwarding mechanism and anonymous memory management to reduce the performance impact. The evaluation results show that the Cabin framework incurs a modest overhead (5% on average) on Nbench and WolfSSL benchmarks.