Confidential computing alleviates the concerns of distrustful customers by removing the cloud provider from their trusted computing base and resolves their disincentive to migrate their workloads to the cloud. This is facilitated by new hardware extensions, like AMD's SEV Secure Nested Paging (SEV-SNP), which can run a whole virtual machine with confidentiality and integrity protection against a potentially malicious hypervisor owned by an untrusted cloud provider. However, the assurance of such protection to either the service providers deploying sensitive workloads or the end-users passing sensitive data to services requires sending proof to the interested parties. Service providers can retrieve such proof by performing remote attestation while end-users have typically no means to acquire this proof or validate its correctness and therefore have to rely on the trustworthiness of the service providers. In this paper, we present Revelio, an approach that features two main contributions: i) it allows confidential virtual machine (VM)-based workloads to be designed and deployed in a way that disallows any tampering even by the service providers and ii) it empowers users to easily validate their integrity. In particular, we focus on web-facing workloads, protect them leveraging SEV-SNP, and enable end-users to remotely attest them seamlessly each time a new web session is established. To highlight the benefits of Revelio, we discuss how a standalone stateful VM that hosts an open-source collaboration office suite can be secured and present a replicated protocol proxy that enables commodity users to securely access the Internet Computer, a decentralized blockchain infrastructure.

翻译：机密计算通过将云服务提供商从可信计算基中移除，缓解了不信任客户对迁移工作负载至云端的抵触情绪。AMD的SEV安全嵌套分页（SEV-SNP）等新型硬件扩展使这一技术成为可能，该技术可在不受信任的云服务提供商所拥有的潜在恶意虚拟机管理程序威胁下，为整个虚拟机提供机密性与完整性保护。然而，向部署敏感工作负载的服务提供商或向服务传输敏感数据的最终用户提供此类安全保障，需向相关方发送证明。服务提供商可通过执行远程证明获取此类证明，而最终用户通常无法获取或验证其正确性，因此必须依赖服务提供商的可信性。本文提出Revelio方法，其两大核心贡献为：i）使基于机密虚拟机的工作负载能够以禁止包括服务提供商在内的任何篡改方式进行设计部署；ii）赋能用户轻松验证其完整性。我们重点针对面向网络的工作负载，利用SEV-SNP进行保护，并实现最终用户在每次建立新Web会话时无缝执行远程证明。为凸显Revelio的优势，我们探讨了如何保护托管开源协作办公套件的独立有状态虚拟机，并提出了一个复制协议代理，使普通用户能够安全访问去中心化区块链基础设施——互联网计算机。