Search papers, labs, and topics across Lattice.
The paper introduces Mica, a confidential computing architecture that decouples confidentiality from trust in multi-component TEE pipelines. Mica allows tenants to define, restrict, and attest communication paths between components within Arm CCA, preventing sensitive data leakage. The implementation requires modest changes to the TCB and supports realistic cloud pipelines while providing strong, attestable confidentiality guarantees.
Decoupling confidentiality from trust, Mica lets you build secure TEE pipelines where components don't need to trust each other.
Confidential computing protects data in use within Trusted Execution Environments (TEEs), but current TEEs provide little support for secure communication between components. As a result, pipelines of independently developed and deployed TEEs must trust one another to avoid the leakage of sensitive information they exchange -- a fragile assumption that is unrealistic for modern cloud workloads. We present Mica, a confidential computing architecture that decouples confidentiality from trust. Mica provides tenants with explicit mechanisms to define, restrict, and attest all communication paths between components, ensuring that sensitive data cannot leak through shared resources or interactions. We implement Mica on Arm CCA using existing primitives, requiring only modest changes to the trusted computing base. Our extension adds a policy language to control and attest communication paths among Realms and with the untrusted world via shared protected and unprotected memory and control transfers. Our evaluation shows that Mica supports realistic cloud pipelines with only a small increase to the trusted computing base while providing strong, attestable confidentiality guarantees.
Microsoft Research