João Henriques Sereno
A Unified Framework for Attested Confidential VM Workloads in Public Clouds
Tese submetida para provas de mestrado em Engenharia
Informática e de Computadores Instituto Superior
Técnico, Universidade de Lisboa.
Abstract
Confidential Virtual Machines (VMs) backed by AMD Secure Encrypted Virtualization–Secure Nested
Paging (SEV-SNP) allow workloads to execute on public cloud infrastructure while excluding the infras-
tructure operator from accessing the VM memory or execution state. Remote attestation makes this
protection verifiable, but in practice the verification is rarely performed independently. The tools and
provider-specific interfaces needed to derive expected measurements exist in fragments, and no co-
herent pipeline assembles them into a workflow that a verifying party can use to predict and verify the
measurements of an arbitrary workload across providers.
This thesis analyzes the attestation properties of AMD SEV-SNP confidential VM offerings from Ama-
zon Web Services, Microsoft Azure, and Google Cloud Platform, and classifies the software verification
depth assurance each provider makes achievable according to a proposed taxonomy. It then introduces
Evident, a lifecycle management framework that integrates and extends tooling into a single pipeline
spanning image construction, measurement derivation, deployment, and cross-provider remote attesta-
tion. The verifying party derives expected measurements directly from the VM image artifacts, removing
the dependency on externally supplied reference values. The framework requires no modifications to
the deployed workload. Evaluation through a confidential inference use case confirmed the predicted
measurements match, with remote attestation completing under two or eight seconds, depending on
the cloud provider, and the accompanying server component posing little to no interference with the
workload execution.
Publicações
- A Unified Framework for Attested Confidential VM Workloads in Public Clouds
- João Henriques Sereno
- MSc Thesis. Instituto Superior Técnico,
Universidade de Lisboa.
- May 2026.
- Available BibTeX, MSC Thesis, and extended abstract, and
mid-term
report.
- Secure Lifecycle Management of Confidential Virtual
Machines in Public Clouds (poster).
- J. Sereno,
D. Castro, N. Santos and L. Rodrigues.
- Proceedings of the 23rd
IEEE International Symposium on Network Computing and Applications
(NCA), Lisbon, Portugal, Nov 2025.
-
Luís Rodrigues