Blindfold: Confidential Memory Management by Untrusted Operating System
Caihua Li
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Confidential Computing 1
In an era where operating systems (OS) are increasingly complex and prone to vulnerabilities, the security of sensitive application data stored in memory remains a critical concern. The talk "Blindfold: Confidential Memory Management by Untrusted Operating System" by Caihua Li addresses this fundamental challenge, proposing a novel architecture that allows an untrusted OS to manage memory without ever directly accessing or knowing the values of sensitive user data. This work is crucial because traditional OS designs, like Linux, possess excessive access capabilities, making them a prime target for attackers seeking to exfiltrate passwords, cryptographic keys, and other confidential information directly from memory if the OS itself is compromised.
AI review
Blindfold presents a genuinely novel systems security contribution: a principled semantic/non-semantic access decomposition that lets an untrusted OS do real memory management work without ever touching plaintext sensitive data. The capability-mediated copy_from_user approach and read-only page table design are clean, the TCB minimization argument is credible, and the ARM EL3 prototype on Raspberry Pi 4 grounds the claims in hardware reality.