A Hardware-Based Correct Execution Environment Supporting Virtual Memory

The rapid increase in data generation has led to outsourcing computation to cloud service providers, allowing clients to handle large tasks without investing resources. However, this brings up security concerns, and while there are solutions like fully homomorphic encryption and specific task-oriented methods, challenges in optimizing performance and enhancing security models remain for widespread industry adoption. Outsourcing computations to an untrusted remote computer can be risky, but attestation techniques and verifiable computation schemes aim to ensure the correct execution of outsourced computations. Nevertheless, the latter approach incurs significant overhead in generating a proof for the client. To minimize this overhead, the concept of a Correct Execution Environment (CEE) has been proposed (CEEv1), which omits proof generation for trusted parts of the prover. This paper proposes a new hardware-based CEE (CEEv2) that supports virtual memory and uses an inverted page table mechanism to detect, or prevent, illegal modifications to page mappings. The proposed mechanism supports virtual memory and thwarts virtual-to-physical mapping attacks, while minimizing software modifications. The paper also compares the proposed mechanism to other similar mechanisms used in AMD's SEV-SNP and Intel's SGX.