Confidential containers protect cloud-native workloads using trusted execution environments (TEEs). However, existing Container-in-TEE designs (e.g., Confidential Containers (CoCo)) encapsulate the entire runtime within the TEE, inflating the trusted computing base (TCB) and introducing redundant components and cross-layer overhead. We present Arca, a lightweight confidential container framework based on a TEE-in-Container architecture that isolates each workload in an independent, hardware-enforced trust domain while keeping orchestration logic outside the TEE. This design minimizes inter-layer dependencies, confines compromise to per-container boundaries, and restores the TEE's minimal trust principle. We implemented Arca on Intel SGX, Intel TDX, and AMD SEV. Experimental results show that Arca achieves near-native performance and outperforms CoCo in most benchmarks, while the reduced TCB significantly improves verifiability and resilience against host-level compromise. Arca emonstrates that efficient container management and strong runtime confidentiality can be achieved without sacrificing security assurance.

翻译：机密容器利用可信执行环境（TEE）保护云原生工作负载。然而，现有的“容器在TEE内”设计（例如机密容器（CoCo））将整个运行时封装在TEE内部，导致可信计算基（TCB）膨胀，并引入了冗余组件和跨层开销。我们提出了Arca，一个基于“TEE在容器内”架构的轻量级机密容器框架。该架构将每个工作负载隔离在独立的、硬件强制的信任域中，同时将编排逻辑保留在TEE之外。此设计最小化了层间依赖，将安全威胁限制在每个容器的边界内，并恢复了TEE的最小信任原则。我们在Intel SGX、Intel TDX和AMD SEV上实现了Arca。实验结果表明，Arca实现了接近原生的性能，在大多数基准测试中优于CoCo，同时其缩减的TCB显著提升了可验证性以及对宿主机级安全威胁的抵御能力。Arca证明了高效的容器管理和强大的运行时机密性可以在不牺牲安全保障的前提下实现。