Confidential VMs enable cloud service providers to operate a secure and trustworthy multi-tenant cloud infrastructure.
While confidential VMs ensure comprehensive protection for cloud workloads, such heavy-weight isolation is often omitted for serverless applications that co-locate thousands of cloud workers within the same process to optimize FaaS overheads through efficient context switches.
In this work, we present CAGE-V, a novel confidential computing architecture that supports lightweight enclave-based isolation for individual cloud workers running inside confidential VMs.
Guest enclaves support fast context switches within the confidential VM, as TLB entries are tagged with Domain Identifiers, eliminating overheads that stem from TLB flushes.
We present a CAGE-V prototype, consisting of a hardware extension for the CORE-V CVA6 processor and a small security monitor, and evaluate our design in terms of system performance, demonstrating a minor performance impact.