The Road to Trust: Building Enclaves within Confidential VMs
Wenhao Wang
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Trusted Hardware and Execution
This talk, "The Road to Trust: Building Enclaves within Confidential VMs," presented by Wenhao Wang, introduces **Nested SGX**, a novel architecture designed to enhance the security of confidential computing environments. The core problem Nested SGX addresses is a critical vulnerability in existing VM-based Trusted Execution Environments (TEEs): what happens if the guest operating system (OS) itself is compromised? While VM-based TEEs like AMD SEV encrypt the entire virtual machine, they traditionally trust the guest OS to manage applications. Nested SGX challenges this assumption by creating isolated enclaves *within* confidential VMs, ensuring that sensitive applications remain secure even if the underlying guest OS is compromised.
AI review
Solid systems security research that tackles a real and underappreciated gap in the confidential computing trust model: the untrusted guest OS inside an AMD SEV-SNP CVM. The VMPL-based privilege separation approach is technically clean, the implementation is on real hardware, and the SGX compatibility story makes this practically deployable rather than just academically interesting.