Devlore: Device Interrupt Protection for Confidential VMs
This addresses security vulnerabilities in confidential computing for cloud and edge environments, offering a novel protection mechanism against interrupt manipulation attacks.
The paper tackles the problem of malicious interrupt injection attacks that compromise confidentiality and integrity in confidential VMs, presenting Devlore, a device interrupt isolation mechanism that incurs minimal overheads of 0.06% for typical integrated GPU applications.
Modern confidential computing executes sensitive computation in an abstraction called confidential VMs and protects from the hypervisor, host OS, and other co-resident VMs. It has been shown that an attacker can inject malicious interrupts to break the confidentiality and integrity of confidential VMs. We present Devlore, a device interrupt isolation mechanism that protects confidential VMs from interrupt manipulation attacks. Our design employs a delegate-but-check strategy by offloading interrupt management to the hypervisor, but adds correctness checks in the trusted software. We prototype our design on Arm Confidential Computing Architecture (CCA). We evaluate it on Arm FVP to demonstrate four diverse devices attached to confidential VMs and report costs on a Rock5b board. Our case studies show the feasibility of real-world use cases and that Devlore incurs minimal overheads of 0.06% for typical integrated GPU applications.