Modern confidential computing executes sensitive computation in an abstraction called confidential VMs and protects from the hypervisor, host OS, and other co-resident VMs. It has been shown that an attacker can inject malicious interrupts to break the confidentiality and integrity of confidential VMs. We present Devlore, a device interrupt isolation mechanism that protects confidential VMs from interrupt manipulation attacks. Our design employs a delegate-but-check strategy by offloading interrupt management to the hypervisor, but adds correctness checks in the trusted software. We prototype our design on Arm Confidential Computing Architecture (CCA). We evaluate it on Arm FVP to demonstrate four diverse devices attached to confidential VMs and report costs on a Rock5b board. Our case studies show the feasibility of real-world use cases and that Devlore incurs minimal overheads of 0.06% for typical integrated GPU applications.

翻译：现代机密计算将敏感计算置于机密虚拟机这一抽象中执行，以防范来自虚拟机监控器、宿主操作系统及其他共存虚拟机的攻击。已有研究表明，攻击者可通过注入恶意中断来破坏机密虚拟机的机密性与完整性。本文提出Devlore——一种设备中断隔离机制，用于保护机密虚拟机免受中断操纵攻击。我们的设计采用“委托-校验”策略：将中断管理卸载至虚拟机监控器执行，同时在可信软件中增设正确性校验模块。我们在Arm机密计算架构上实现了该设计的原型系统，通过在Arm固定虚拟平台上评估四类连接至机密虚拟机的异构设备，并在Rock5b开发板上量化性能开销。案例研究表明，该系统可支撑实际应用场景，且对于典型集成GPU应用仅产生0.06%的极低开销。