Bridge the Future: High-Performance Networks in Confidential VMs without Trusted I/O devices

arXiv:2403.03360v1 Announce Type: new
Abstract: Trusted I/O (TIO) is an appealing solution to improve I/O performance for confidential VMs (CVMs), with the potential to eliminate broad sources of I/O overhead. However, this paper emphasizes that not all types of I/O can derive substantial benefits from TIO, particularly network I/O. Given the obligatory use of encryption protocols for network traffic in CVM's threat model, TIO's approach of I/O encryption over the PCIe bus becomes redundant. Furthermore, TIO solutions need to expand …

arxiv benefits bridge can confidential cs.cr devices future high network networks performance solution types vms