Private Delegated Computations Using Strong Isolation

A new solution for confidential computing demonstrated on private in-cloud object detection on encrypted video streaming from a video camera.


Computations are now routinely delegated to third-parties. In response, Confidential Computing technologies are being added to microprocessors offering a trusted execution environment (TEE) that provides confidentiality and integrity guarantees to code and data hosted within—even in the face of a privileged attacker. TEEs, along with an attestation protocol, permit remote third-parties to establish a trusted “beachhead” containing known code and data on an otherwise untrusted machine. Yet, they introduce many new problems, including: how to ease provisioning of computations safely into TEEs; how to develop distributed systems spanning multiple classes of TEE; and what to do about the billions of “legacy” devices without support for Confidential Computing? Tackling these problems, we introduce Veracruz , a pragmatic framework that eases the design and implementation of complex privacy-preserving, collaborative, delegated computations among a group of mutually mistrusting principals. Veracruz supports multiple isolation technologies and provides a common programming model and attestation protocol across all of them, smoothing deployment of delegated computations over supported technologies. We demonstrate Veracruz in operation, on private in-cloud object detection on encrypted video streaming from a video camera. In addition to supporting hardware-backed TEEs—like AWS Nitro Enclaves and Arm ® Confidential Computing Architecture Realms—Veracruz also provides pragmatic “software TEEs” on Armv8-A devices without hardware Confidential Computing capability, using the high-assurance seL4 microkernel and our IceCap framework.

Published in: IEEE Transactions on Emerging Topics in Computing ( Early Access )
Date of Publication: 05 June 2023
Mathias Brossard, Guilhem Bryant, Alexandre Ferreira, Edmund Grimley-Evans, Christopher Haster, Nick Spinale, Eric van Hensbergen, Hugo J. M. Vincent
Arm Ltd., Systems Research Group, Cambridge, Austin, TX, UK

Basma El Gaabouri
Arm Ltd., Systems Research Group,, Austin, TX, UK

Xinxin Fan, Dominic P. Mulligan

Evan Johnson
Cambridge, San Diego

Derek Miller
Arm Ltd., Systems Research Group, Imperial College London, Austin, TX, UK

Fan Mo

Shale Xiong
Arm Ltd., Systems Research Group, University of the West of Scotland, Austin, TX, UK

Click here to read more.

Leave a Reply

(Note: This name will be displayed publicly)