Mengyuan Li (USC)- Confidential Computing and Trusted Execution Environments: Challenges and Opportunities for Trustworthy AI

Abstract: Confidential Computing, or Trusted Execution Environment (TEE), represents a cutting-edge design in server-grade CPUs. This technology acts as a protective shield for cloud tasks, safeguarding the confidentiality and integrity of cloud workloads against a range of threats, including attacks from privileged software, physical attackers, and untrustworthy hypervisors. As the demand for secure private data handling continues to rise, the adoption of Confidential Computing has become widespread across various industries. Evidence of this includes the adoption of TEE in server-grade CPUs from major vendors such as Intel, AMD, and ARM. Furthermore, leading cloud service providers, including AWS, Google Cloud, Microsoft Azure, and IBM Cloud, now offer commercial Confidential Computing services.

In this talk, I will outline my contributions to the study of complex, heterogeneous Confidential Computing systems. I will share insights into real-world vulnerabilities we uncovered in commercial Confidential Computing deployments, along with our joint efforts with CPU manufacturers to address these issues in the latest server-grade CPUs. At the hardware design level, I will discuss a novel ciphertext side-channel attack targeting hardware-accelerated memory encryption, a critical mechanism for protecting the memory of cloud workloads. Looking ahead to AI, I will present my ongoing efforts and future research directions on strengthening Confidential Computing as a foundation for building trustworthy, privacy-preserving AI systems that are both secure and performant.