2026-06-09 –, Poster Island B
Trusted Execution Environments (TEEs) are essential for cloud security, with Confidential Virtual Machines (CVMs) as the prevailing approach. While proprietary solutions dominate deployments, the RISC-V ecosystem lacks mature open-source CVM implementations despite CoVE progress. This paper presents a VM-level TEE architecture on the open-source XiangShan RISC-V processor, featuring physical isolation of Enclave Management Tasks via dedicated secure cores. We implement bitmap-based page-granularity memory isolation and multi-key memory encryption for fine-grained access control and software-defined full-memory cryptographic protection. Evaluation on FPGA prototypes demonstrates minimal EMS area overhead (<1% of SoC area).
Wenhao Wang is an Associate Professor at the Institute of Information Engineering, Chinese Academy of Sciences. His research focuses on confidential computing, side-channel attacks, hardware-assisted security, and trustworthy systems. He has published extensively in top-tier venues such as USENIX Security, IEEE S&P, ACM CCS, NDSS, and ASPLOS. The confidential computing architectures proposed by his team have been deployed at scale in commercial systems by companies including Ant Group, Alibaba Cloud, and Huawei.