CAREER: Building on Foundations: A Roadmap for Decomposable, Feature-Rich, Accelerated, and Extensible Confidential Computing

Today's confidential computing hardware provides the fundamental building blocks for data privacy in the cloud. However, current solutions built on this technology fail to deliver the level of security or the performance needed, while still demanding prohibitive resources. This project identifies the root cause as the inappropriate application of software abstractions originally designed for traditional computing environments to confidential computing contexts. Its goal is to evolve these abstractions to support elastic confidential computing and translate research outcomes into practical, widely accessible learning opportunities that position confidential computing as a first-order software design principle rather than an afterthought. The project's novelty lies in identifying the key primitives missing from confidential computing for elastic cloud settings and designing secure and automated mechanisms to realize them. Beyond advancing a technology capable of transforming data privacy and accelerating growth in the public cloud domain, the project's broader impact and significance also stem from coordinated translational efforts with the confidential computing industry. This project advances confidential computing through four innovations. First, it develops a compiler-driven analysis and validation framework to automate the adoption of trustworthy isolation primitives within Confidential Virtual Machines (VMs). Second, it introduces a multi-process Library operating system design that enables compatibility with elastic container workloads and essential features. Third, it creates a secure GPU sharing abstraction that compartmentalizes critical user- and kernel-level components to guarantee confidentiality and integrity. Fourth, it proposes a collaborative page-swapping architecture that enables Confidential VMs and hypervisors to efficiently leverage remote, disaggregated memory. Results are widely disseminated through research forums and direct industry collaborations. The integrated education plan broadens participation in computer science and confidential computing by expanding initiatives, open-source tools, and accessible online platforms to reach learners nationwide. In summary, the project integrates research, education, and translationanal aspects to advance trustworthy data protection in the cloud. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria. NSF Award ID: 2543639 | Program: 01002930DB NSF RESEARCH & RELATED ACTIVIT,01003031DB NSF RESEARCH & RELATED ACTIVIT,01002627DB NSF RESEARCH & RELATED ACTIVIT | Principal Investigator: Adil Ahmad | Institution: Arizona State University, SCOTTSDALE, AZ | Award Amount: $361,774 View on NSF Award Search: https://www.nsf.gov/awardsearch/show-award/?AWD_ID=2543639 View on Research.gov: https://www.research.gov/awardapi-service/v1/awards/2543639.html