Confidential Computing for Cloud Security: Exploring Hardware based Encryption Using Trusted Execution Environments

• URL: http://arxiv.org/abs/2511.04550v1
• Date: Thu, 06 Nov 2025 17:03:33 GMT
• Title: Confidential Computing for Cloud Security: Exploring Hardware based Encryption Using Trusted Execution Environments
• Authors: Dhruv Deepak Agarwal, Aswani Kumar Cherukuri,
• Abstract summary: Cloud computing has created a huge challenge of security, especially in terms of safeguarding sensitive data.<n>In response to this problem, Confidential Computing has been a tool seeking to secure data in processing by usage of hardware-based Trusted Execution Environments (TEEs)
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The growth of cloud computing has revolutionized data processing and storage capacities to another levels of scalability and flexibility. But in the process, it has created a huge challenge of security, especially in terms of safeguarding sensitive data. Classical security practices, including encryption at rest and during transit, fail to protect data in use and expose it to various possible breaches. In response to this problem , Confidential Computing has been a tool ,seeking to secure data in processing by usage of hardware-based Trusted Execution Environments (TEEs). TEEs, including Intel's Software Guard Extensions (SGX) and ARM's TrustZone, offers protected contexts within the processor, where data is kept confidential ,intact and secure , even with malicious software or compromised operating systems. In this research, we have explored the architecture and security features of TEEs like Intel SGX and ARM TrustZone, and their effectiveness in improving cloud data security. From a thorough literature survey ,we have analyzed the deployment strategies, performance indicators, and practical uses of these TEEs for the same purpose. In addition, we have discussed the issues regarding deployment, possible weaknesses, scalability issues, and integration issues. Our results focuses on the central position of TEEs in strengthening and advancing cloud security infrastructures, pointing towards their ability to create a secure foundation for Confidential Computing.

Related papers

• Securing Generative AI in Healthcare: A Zero-Trust Architecture Powered by Confidential Computing on Google Cloud [0.0]
  Confidential Zero-Trust Framework (CZF) is a security paradigm that combines Zero-Trust Architecture for granular access control with the hardware-enforced data isolation of Confidential Computing.<n>CZF provides a defense-in-depth architecture where data remains encrypted while in-use within a hardware-based Trusted Execution Environment.
  arXiv  Detail & Related papers  (2025-11-14T19:56:52Z)
• Functional Encryption in Secure Neural Network Training: Data Leakage and Practical Mitigations [45.88028371034407]
  We present an attack on neural networks that uses Functional Encryption (FE) for secure training over encrypted data.<n>One approach ensures security without relying on encryption, while the other uses function-hiding inner-product techniques.
  arXiv  Detail & Related papers  (2025-09-25T19:56:05Z)
• A Systematic Literature Review on Continuous Integration and Deployment (CI/CD) for Secure Cloud Computing [0.6117371161379209]
  Continuous Software Engineering is essential for software development and deployment.<n>We reviewed 66 papers, summarising tools, approaches, and challenges related to the security of CI/CD in the cloud.<n>Challenges such as image manipulation, unauthorised access, and weak authentication were highlighted.
  arXiv  Detail & Related papers  (2025-06-09T04:21:29Z)
• TEE-based Key-Value Stores: a Survey [1.1060425537315088]
  Key-Value Stores (KVSs) store data as key-value pairs and have gained popularity due to their simplicity, scalability, and fast retrieval capabilities.<n> storing sensitive data in KVSs requires strong security properties to prevent data leakage and unauthorized tampering.<n>This paper examines the state of the art in TEE-based confidential KVSs and highlights common design strategies used in KVSs to leverage TEE security features.
  arXiv  Detail & Related papers  (2025-01-06T16:26:44Z)
• TRUST: A Toolkit for TEE-Assisted Secure Outsourced Computation over Integers [30.72930396939045]
  We propose a toolkit for TEE-assisted (Trusted Execution Environment) SOC over integers, named TRUST.<n>In terms of system architecture, TRUST falls in a single TEE-equipped cloud server only through seamlessly integrating the computation of REE (Rich Execution Environment) and TEE.<n>We present textttSEAT, secure data trading based on TRUST.
  arXiv  Detail & Related papers  (2024-12-02T03:19:29Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• Enc2DB: A Hybrid and Adaptive Encrypted Query Processing Framework [47.11111145443189]
  We introduce Enc2DB, a novel secure database system following a hybrid strategy on and openGauss. We present a micro-benchmarking test and self-adaptive mode switch strategy that can choose the best execution path (cryptography or TEE) to answer a given query. We also design and implement a ciphertext index compatible with native cost model and querys to accelerate query processing.
  arXiv  Detail & Related papers  (2024-04-10T08:11:12Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
  Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
  arXiv  Detail & Related papers  (2024-01-03T07:47:22Z)
• Fortress: Securing IoT Peripherals with Trusted Execution Environments [2.2476099815732518]
  Internet of Things (IoT) devices often collect confidential information, such as audio and visual data, through peripheral inputs like microphones and cameras. We propose a generic design to enhance the privacy in IoT-based systems by isolating peripheral I/O memory regions in a secure kernel space of a trusted execution environment (TEE) The sensitive peripheral data is then securely transferred to a user-space TEE, where obfuscation mechanisms can be applied before it is relayed to third parties, e.g., the cloud.
  arXiv  Detail & Related papers  (2023-12-05T07:12:58Z)
• secureTF: A Secure TensorFlow Framework [1.1006321791711173]
  secureTF is a distributed machine learning framework based on the onflow for the cloud infrastructure. SecureTF supports unmodified applications, while providing end-to-end security for the input data, ML model, and application code. This paper reports on our experiences about the system design choices and the system deployment in production use-cases.
  arXiv  Detail & Related papers  (2021-01-20T16:36:53Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.