NDSS 2025 – RContainer

Containers dominate modern cloud workloads, yet their reliance on a shared operating system leaves them vulnerable to privilege‑escalation attacks and data leakage. Traditional software‑only sandboxing can be bypassed, prompting researchers to explore hardware‑assisted isolation. ARM's Confidential Computing Architecture, originally designed for secure enclaves, offers cryptographic guarantees that can be repurposed for container security, but integrating these primitives into existing container runtimes has remained a challenge.

RContainer tackles this challenge by inserting a tiny, trusted mini‑OS that co‑exists with the untrusted host OS. This mini‑OS intercepts system calls and validates control‑flow transitions, ensuring that containers cannot corrupt each other or the kernel. At the kernel layer, RContainer creates a dedicated physical address space—con‑shim—using the Granule Protection Check mechanism, effectively segmenting memory at the granule level. By extending ARM CCA's secure world capabilities, the architecture provides end‑to‑end confidentiality and integrity for container workloads while keeping the Trusted Computing Base small and auditable.

Performance measurements on ARMv9‑A virtual platforms and real ARMv8 SoCs reveal only a modest overhead, typically under 10 % for typical micro‑service benchmarks, making the solution viable for production clouds. The minimal TCB reduces attack surface, and the hardware‑rooted guarantees simplify compliance for regulated industries. As confidential computing gains traction, RContainer’s design could influence container orchestration platforms, prompting broader adoption of hardware‑backed isolation and reshaping security expectations for multi‑tenant cloud services.