Toward Process-Level TEEs with OS Compatibility and Minimal TCB

Guojun Wu, Keisuke Iida, Satoru Takekoshi, Takahiro Shinagawa
October 2025
PDF Project Poster

Abstract

This paper introduces a new trusted execution environment (TEE) abstraction called a Confidential Process, which aims to combine the strong compatibility of confidential virtual machines (CVMs) with the minimal trusted computing base (TCB) of enclave-based TEEs. By confining only a single user-level process within the TEE and securely delegating system calls to an untrusted host OS, Confidential Processes allow unmodified applications to run securely without including the OS kernel in the TCB. The prototype, implemented on AMD SEV-SNP, demonstrates the practicality of this approach while identifying data copying overhead as the main performance bottleneck to be optimized in future work.

Type
Poster
Publication
In 30th ACM Symposium on Operating Systems Principles

Reference

Guojun Wu, Keisuke Iida, Satoru Takekoshi, and Takahiro Shinagawa. Toward Process-Level TEEs with OS Compatibility and Minimal TCB. In 30th ACM Symposium on Operating Systems Principles, Oct, 2025. .
Security Virtualization TEE
Guojun Wu
1st-Year Master’s Student
Dept. of CS
Keisuke Iida
2nd-Year Master’s Student
Dept. of GSS
Satoru Takekoshi
4th-Year Ph.D. Student (Working Adult)
Dept. of IPC
Takahiro Shinagawa
Takahiro Shinagawa
Professor

Professor, Department of Computer Science, The University of Tokyo