Ensuring the security and confidentiality of cloud computing workloads is essential. To this end, major cloud providers offer computing instances based on trusted execution environments (TEEs) to support confidential computing in vir- tual machines. TEEs are hardware-based shielded environments building on technologies available today such as Intel TDX or AMD SEV-SNP, as well as ARM CCA in the future. To lower the barriers of experimenting with these technologies for researchers and practitioners, we developed CONFBENCH, a tool for easy evaluation of confidential virtual machines. CONFBENCH supports cloud-native workloads (function-as-a- service), as well as more generic and standard applications (i.e., DBMS, machine-learning, stress tests, etc.). CONFBENCH facilitates the management of the full lifecycle of such workloads, from their deployment to the gathering of performance metrics, taking into account the specifics of TEE-enabled confidential virtual machines. We use CONFBENCH to measure the execution overheads of different VM-enabled TEEs (e.g., Intel TDX, AMD SEV-SNP) using various programming languages through an extensive evaluation leveraging real-world datasets. We demon- strate how our architecture allows to validate hardware-based as well as simulation-based TEEs, by including preliminary results with ARM CCA. We highlight the intrinsic overheads of such confidential VMs conducting stress tests against machine learning inference tasks, DBMS and native-OS operations benchmarking, as well as evaluating the costs of attestation operations, required in the context of confidential computing. We release CONFBENCH to the research community and provide instructions to reproduce our experiments.
ConfBench: A Tool for Easy Evaluation of Confidential Virtual Machines / De Murtas, Andrea; D'Elia, Daniele Cono; Di Luna, Giuseppe Antonio; Felber, Pascal; Querzoni, Leonardo; Schiavoni, Valerio. - (2025), pp. 279-288. ( 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2025 Napoli ) [10.1109/DSN64029.2025.00038].
ConfBench: A Tool for Easy Evaluation of Confidential Virtual Machines
Daniele Cono D’Elia
;Giuseppe Antonio Di Luna;Leonardo Querzoni;Valerio Schiavoni
2025
Abstract
Ensuring the security and confidentiality of cloud computing workloads is essential. To this end, major cloud providers offer computing instances based on trusted execution environments (TEEs) to support confidential computing in vir- tual machines. TEEs are hardware-based shielded environments building on technologies available today such as Intel TDX or AMD SEV-SNP, as well as ARM CCA in the future. To lower the barriers of experimenting with these technologies for researchers and practitioners, we developed CONFBENCH, a tool for easy evaluation of confidential virtual machines. CONFBENCH supports cloud-native workloads (function-as-a- service), as well as more generic and standard applications (i.e., DBMS, machine-learning, stress tests, etc.). CONFBENCH facilitates the management of the full lifecycle of such workloads, from their deployment to the gathering of performance metrics, taking into account the specifics of TEE-enabled confidential virtual machines. We use CONFBENCH to measure the execution overheads of different VM-enabled TEEs (e.g., Intel TDX, AMD SEV-SNP) using various programming languages through an extensive evaluation leveraging real-world datasets. We demon- strate how our architecture allows to validate hardware-based as well as simulation-based TEEs, by including preliminary results with ARM CCA. We highlight the intrinsic overheads of such confidential VMs conducting stress tests against machine learning inference tasks, DBMS and native-OS operations benchmarking, as well as evaluating the costs of attestation operations, required in the context of confidential computing. We release CONFBENCH to the research community and provide instructions to reproduce our experiments.| File | Dimensione | Formato | |
|---|---|---|---|
|
DeMurtas_preprint_ConfBench_2025.pdf.pdf
accesso aperto
Note: DOI: 10.1109/DSN64029.2025.00038
Tipologia:
Documento in Pre-print (manoscritto inviato all'editore, precedente alla peer review)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
676.83 kB
Formato
Adobe PDF
|
676.83 kB | Adobe PDF | |
|
DeMurtas_ConfBench_2025.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
656.2 kB
Formato
Adobe PDF
|
656.2 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
