Cyber Daily Report

News

Home News

NDSS 2025 – Blindfold: Confidential Memory Management By Untrusted Operating System

  • None--securityboulevard.com
  • published date: 2025-12-17 00:00:00 UTC

None

<p>Session 6B: Confidential Computing 1 </p><p></p><center data-preserve-html-node="true"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" src="https://www.youtube-nocookie.com/embed/jsBot6dtfD0?si=_uXqX3t6LCSP6pJA" width="560" frameborder="0" data-preserve-html-node="true" title="YouTube video player" height="315"></iframe> <p></p><center data-preserve-html-node="true">Authors, Creators &amp; Presenters: Caihua Li (Yale University), Seung-seob Lee (Yale University), Lin Zhong (Yale University) <p></p><center data-preserve-html-node="true">PAPER<br> <center data-preserve-html-node="true">Blindfold: Confidential Memory Management by Untrusted Operating System <p></p><center data-preserve-html-node="true">Confidential Computing (CC) has received increasing attention in recent years as a mechanism to protect user data from untrusted operating systems (OSes). Existing CC solutions hide confidential memory from the OS and/or encrypt it to achieve confidentiality. In doing so, they render OS memory optimization unusable or complicate the trusted computing base (TCB) required for optimization. This paper presents our results toward overcoming these limitations, synthesized in a CC design named Blindfold. Like many other CC solutions, Blindfold relies on a small trusted software component running at a higher privilege level than the kernel, called Guardian. It features three techniques that can enhance existing CC solutions. First, instead of nesting page tables, Blindfold’s Guardian mediates how the OS accesses memory and handles exceptions by switching page and interrupt tables. Second, Blindfold employs a lightweight capability system to regulate the OS’s semantic access to user memory, unifying case-by-case approaches in previous work. Finally, Blindfold provides carefully designed secure ABI for confidential memory management without encryption. We report an implementation of Blindfold that works on ARMv8-A/Linux. Using Blindfold’s prototype, we are able to evaluate the cost of enabling confidential memory management by the untrusted Linux kernel. We show Blindfold has a smaller runtime TCB than related systems and enjoys competitive performance. More importantly, we show that the Linux kernel, including all of its memory optimizations except memory compression, can function properly for confidential memory. This requires only about 400 lines of kernel modifications. <hr> <p></p><center data-preserve-html-node="true">ABOUT NDSS<br> <center data-preserve-html-node="true">The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. <hr> <p>Our thanks to the <a href="https://www.ndss-symposium.org/">Network and Distributed System Security (NDSS) Symposium</a> for publishing their Creators, Authors and Presenter’s superb <a href="https://www.youtube.com/@NDSSSymposium">NDSS Symposium 2025 Conference</a> content on the <a href="https://www.ndss-symposium.org/">Organizations’</a> <a href="https://youtube.com/@ndsssymposium?si=lLtn9sVVEwmZ8J9h3">YouTube Channel</a>. </p> <p></p></center></center></center></center></center></center></center><p><a href="https://www.infosecurity.us/blog/2025/12/17/ndss-2025-blindfold-confidential-memory-management-by-untrusted-operating-system-1">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/12/ndss-2025-blindfold-confidential-memory-management-by-untrusted-operating-system/" data-a2a-title="NDSS 2025 – Blindfold: Confidential Memory Management By Untrusted Operating System"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-blindfold-confidential-memory-management-by-untrusted-operating-system%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Blindfold%3A%20Confidential%20Memory%20Management%20By%20Untrusted%20Operating%20System" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-blindfold-confidential-memory-management-by-untrusted-operating-system%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Blindfold%3A%20Confidential%20Memory%20Management%20By%20Untrusted%20Operating%20System" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-blindfold-confidential-memory-management-by-untrusted-operating-system%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Blindfold%3A%20Confidential%20Memory%20Management%20By%20Untrusted%20Operating%20System" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-blindfold-confidential-memory-management-by-untrusted-operating-system%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Blindfold%3A%20Confidential%20Memory%20Management%20By%20Untrusted%20Operating%20System" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-blindfold-confidential-memory-management-by-untrusted-operating-system%2F&amp;linkname=NDSS%202025%20%E2%80%93%20Blindfold%3A%20Confidential%20Memory%20Management%20By%20Untrusted%20Operating%20System" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://www.youtube-nocookie.com/embed/jsBot6dtfD0?si=_uXqX3t6LCSP6pJA">https://www.youtube-nocookie.com/embed/jsBot6dtfD0?si=_uXqX3t6LCSP6pJA</a> </p>

Most Popular

SSH vs SSL/TLS: Definitions & Differences of Communication Protocols

  • None -- securityboulevard.com
  • Published date: 2025-12-18 00:00:00 UTC

Security by Design: Why Multi-Factor Authentication Matters More Than Ever

  • None -- securityboulevard.com
  • Published date: 2025-12-17 00:00:00 UTC

NDSS 2025 – Blindfold: Confidential Memory Management By Untrusted Operating System

  • None -- securityboulevard.com
  • Published date: 2025-12-17 00:00:00 UTC

The 12 Months of Innovation: How Salt Security Helped Rewrite API & AI Security in 2025

  • None -- securityboulevard.com
  • Published date: 2025-12-17 00:00:00 UTC

New Feature | Spamhaus Reputation Checker: Troubleshoot your listing

  • None -- securityboulevard.com
  • Published date: 2025-12-17 00:00:00 UTC