# Characterizing Trust Boundary Vulnerabilities in TEE Containers: An Empirical Study

**Authors:** Weijie Liu, Hongbo Chen, Shuo Huai, Zhen Xu, Wenhao Wang, XiaoFeng Wang, Danfeng Zhang, Zhi Li, Haixu Tang, Zheli Liu

arXiv: 2508.20962 · 2026-04-21

## TL;DR

This paper provides the first comprehensive analysis of TEE containers, revealing fundamental vulnerabilities and attack vectors that compromise their security, based on an automated benchmarking tool and empirical evaluation.

## Contribution

It introduces TBouncer, an automated analyzer for TEE containers, and uncovers six attack vectors, twelve bugs, and three CVEs, highlighting security flaws in existing Tcons.

## Key findings

- Uncovered six attack vectors in TEE containers.
- Identified twelve new security bugs.
- Discovered three CVEs related to TEE container vulnerabilities.

## Abstract

Trusted Execution Environments (TEEs) have become a cornerstone of confidential computing, attracting significant attention from academia and industry. To support secure and scalable application deployment on confidential clouds, TEE containers (Tcons) have been introduced as middleware to shield applications from malicious operating systems and orchestration layers while preserving usability. In this paper, we present the first comprehensive analysis of Tcons, focusing on three critical layers: OS interfaces, encrypted I/O, and orchestration mechanisms. To enable systematic evaluation, we design TBouncer, an automated analyzer that precisely exercises and benchmarks Tcon isolation boundaries. Our study uncovers fundamental flaws in existing Tcons, leading to exploitable vulnerabilities such as code execution, denial-of-service, and information leakage. In total, we identify six attack vectors, twelve new bugs, and three CVEs. These findings provide new insights into the underestimated attack surface of Tcons and highlight key directions for building more secure and trustworthy container solutions.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/2508.20962/full.md

## Figures

17 figures with captions in the complete paper: https://tomesphere.com/paper/2508.20962/full.md

---
Source: https://tomesphere.com/paper/2508.20962