Application Integrity Verification in Confidential Computing Scenario

The proliferation of cloud computing has trans formed the deployment and scalability of applications, enabling organizations to leverage virtualized infrastructures for enhanced flexibility and efficiency. However, this shift has also introduced significant security and privacy challenges, particularly concerning the protection of sensitive data during processing. Confidential Computing has emerged as a paradigm to address these concerns by safeguarding data in use through hardware-based Trusted Execution Environments (TEEs). TEEs provide isolated environments that ensure the confidentiality and integrity of code and data, even in the presence of potentially compromised host systems. Despite the advancements in TEE technologies, the heterogeneity among implementations poses challenges for developers aiming to create portable and secure applications. Enarx, an open-source project under the Confidential Computing Consortium, addresses this issue by offering a platform-agnostic framework that abstracts the complexities of various TEE architectures, facilitating the deployment of applications across different environments. While Enarx ensures the attestation of the underlying hardware and its own components, it currently lacks mechanisms to allow remote attestation of user-developed applications deployed and running within the TEE. This paper proposes an extension to the Enarx framework that incorporates a mechanism that enables application-level remote attestation, guaranteeing the trustworthiness of workloads deployed in TEEs. By integrating a Trust Monitor system into the remote attestation process, our approach enables the validation of application authenticity and integrity, thereby strengthening the overall security posture of Confidential Computing deployments. This advancement is particularly pertinent for sectors requiring stringent data protection measures, such as finance, healthcare, and critical infrastructure.