Wenhao Wang
Wenhao Wang is an Associate Professor at the Institute of Information Engineering, Chinese Academy of Sciences. His research focuses on confidential computing, side-channel attacks, hardware-assisted security, and trustworthy systems. He has published extensively in top-tier venues such as USENIX Security, IEEE S&P, ACM CCS, NDSS, and ASPLOS. The confidential computing architectures proposed by his team have been deployed at scale in commercial systems by companies including Ant Group, Alibaba Cloud, and Huawei.
Session
Trusted Execution Environments (TEEs) are essential for cloud security, with Confidential Virtual Machines (CVMs) as the prevailing approach. While proprietary solutions dominate deployments, the RISC-V ecosystem lacks mature open-source CVM implementations despite CoVE progress. This paper presents a VM-level TEE architecture on the open-source XiangShan RISC-V processor, featuring physical isolation of Enclave Management Tasks via dedicated secure cores. We implement bitmap-based page-granularity memory isolation and multi-key memory encryption for fine-grained access control and software-defined full-memory cryptographic protection. Evaluation on FPGA prototypes demonstrates minimal EMS area overhead (<1% of SoC area).