The new threat model of confidential computing
In the traditional computing threat model, privileged system software like the hypervisor, host OS, firmware, and DMA-capable devices were all granted access to the data and code of your workloads. This was widely accepted because it seemed necessary for the system managing VM resources (memory, execution, and hardware access) to also have access to the workload’s data. How else could it manage it after all?
Today, confidential computing is here to fundamentally disrupt this conventional model, by introducing a new system security primitive which decouples resource management from data access. In this new paradigm, the hypervisor and other system software retain their responsibilities for workload scheduling, execution and memory management but no longer have direct access to the data within the virtual machines. In practice, this means that even if a vulnerability would exist within the hypervisor, for example, it still won’t be…