Problem Description
A malicious host of a TEE node can censor information flowing to the Confidential VM (CVM). However, techniques like DPDK with PCI Passthrough allow the binding of the Network Interface Card (NIC) directly to the CVM. This reduces trust assumptions on the host, as the only remaining attack vector is an availability issue (e.g., shutting down the NIC or the host itself)—which is already a standard assumption when using TEEs.
The main challenge arises from lacking attestation mechanisms for the host’s networking stack. Even if the host OS and NIC are correctly configured, there is no clear way for the CVM to verify that this configuration is in place.
Open Question:
How can the CVM gain confidence that the host OS uses the intended networking configuration?
Possible solutions (not very robust…):
- Performance evaluation → The motivation of DPDK + PCI passthrough is mainly performance optimization. If you do not rely on it, the performance is worse. However, the question arises of “worse” to what? What is the baseline in the same setting? Not very scalable…
- Guest OS transparency to see if the device is present as an HW device, not virtualized device (still does not guarantee malicious host…), and/or some NIC telemetry… some ongoing work in the Trusted NIC direction: https://arxiv.org/pdf/2502.05338
Related Notes
- ‣
- PhD Dissertation relying on DPDK for networking solutions with CVM https://dspace.mit.edu/bitstream/handle/1721.1/152816/srivastava-shashvat-meng-eecs-2023-thesis.pdf?sequence=1&isAllowed=y
