Driven by the increasing recognition of data as a critical asset, alongside rising concerns over data security, legal and regulatory compliance, and privacy protection, encrypted data computation is anticipated to become the dominant approach for data utilization in the future. Traditional methods rely heavily on anonymization and cryptographic techniques serve as the foundational building blocks. However, anonymization-based security enhancement strategies often compromise data utility, reducing its availability, while existing cryptographic schemes suffer from limitations in both performance and functionality. To overcome these challenges, the integration of Trusted Execution Environments (TEE) with conventional encrypted computation techniques has emerged as a focal point of research in both academia and industry. This study reviewed existing solutions that combined TEEs with encrypted data computation, analyzing them in terms of research background, current progress, and representative works. Based on this analysis, a secure model integrating TEEs and encrypted computation was proposed, and potential future research directions were explored.

With the widespread adoption of data-intensive applications such as artificial intelligence, heterogeneous computing systems centered on CPU and GPU have become essential infrastructure. However, in untrusted environments such as cloud and edge computing, sensitive data face severe security threats during processing, which cannot be effectively mitigated by traditional encryption methods. Confidential computing, leveraging hardware-based trusted execution environments (TEE), provides an effective mechanism for protecting data in use. Nevertheless, existing technologies have primarily focused on CPU. Extending TEE security boundaries seamlessly to GPU, the core of modern computing engines, has therefore become a major focus of both academic and industrial research. This paper provided a comprehensive review of confidential computing technologies in CPU-GPU heterogeneous systems. It first revisited the fundamental concepts of confidential computing and analyzed representative attack vectors targeting GPU. Subsequently, existing GPU confidential computing solutions were categorized into three paradigms: hardware-assisted, hardware-software co-design, and software-based approaches. Finally, the key challenges in this domain were summarized, and potential directions for future research were discussed.

Blockchain technology has been widely adopted due to its decentralization and immutability, but privacy protection and trust issues remain a major bottleneck hindering its development. Trusted execution environments (TEE) effectively address these challenges by providing hardware-isolated secure execution environments. This paper reviewed blockchain technology based on TEE and their integrated applications. Starting from the layered architecture of blockchain, it explored optimizations using TEE at different levels—data layer, transaction layer, consensus layer, contract layer, and interoperability layer—and analyzed their advantages and limitations. Additionally, this paper summarized decentralized applications combining TEE with blockchain, including decentralized trusted AI, federated learning, and private auctions.

Fully homomorphic encryption (FHE), a fundamental cryptographic technology that enables computation directly on encrypted data, is increasingly recognized as a core enabler for building highly secure confidential computing systems. Gate bootstrapping, as the key mechanism for supporting the evaluation of circuits with arbitrary depth, plays a decisive role in determining the practicality and efficiency of FHE in real-world applications. This article presents a comprehensive review of recent advances in gate bootstrapping, with a particular focus on classical blind rotation techniques such as AP, GINX, and LMKC+, along with their evolutionary trajectories. It further investigates efficient blind rotation schemes based on the NTRU architecture. Moreover, the article surveys mainstream fine-grained noise management strategies, including noise control in blind rotation, optimizations in modulus and key switching, and compact secret key structure design. It also summarizes representative parameter configurations and performance metrics of existing schemes, and reviews both software and hardware acceleration implementations—especially those achieving low latency and high throughput. This work provides a systematic reference and technical foundation for the application of gate bootstrapping in practical confidential computing deployments.

Confidential computing aims to protect data in use by making it inaccessible to applications in main memory through a hardware-based TEE. To optimize the paging overhead and system I/O performance of confidential computing technology during operation, this article implemented a key-value data storage and operation optimization method based on confidential computing in light of SGX1 technology for key-value data query and update operations. This approach stored frequently queried key-value data in plaintext within the TEE’s min-heap, while the primary data structures were maintained as ciphertext hash tables in unprotected main memory. By leveraging the TEE to optimize hot data queries, the method also enhanced cold data queries and updates in main memory through the use of data tags. Experimental results demonstrate that this method is more efficient than directly encrypting and decrypting key-value data for query and update operations, effectively reducing paging overhead and improving system I/O performance.

The scheme of encrypted database based on trusted execution environment has significant performance advantages compared with other schemes, but it faces security challenges in the design of index structure. The existing schemes will leak data sequence information and there is a threat of abuse of decryption interface. To address the above problems, this paper proposed a security-enhanced index scheme in encrypted database based on trusted execution environment. The scheme accelerated equivalent and range queries by using an index structure based on dynamic searchable symmetric encryption to ensure that the index structure leakage was controllable. In addition, this paper designed a verification mechanism for embedded indexes to prevent malicious attackers from obtaining the plaintext information of sensitive data through arbitrary called to the interface. This paper conducted a security analysis, which proved that the scheme in this paper effectively prevented malicious arbitrary call attacks while protecting data privacy. This paper conducted performance tests in the Intel SGX environment, and the results show that the index in this paper significantly improves the query efficiency compared to the no-index scheme. Compared with the leaked index scheme, the efficiency is flat, and it is also feasible in indicators such as update efficiency, verification mechanism lightweight, and trusted area processing data volume.

In decentralized systems involving hardware data acquisition, hardware-level device authentication, trusted computing and data traceability with multi-party verification are critical to ensuring end-to-end data security. As a secure and cost-effective hardware security primitive, physical unclonable function (PUF) has been adopted for device authentication and data verification. However, traditional PUF verification schemes are prone to leakage in multi-node environments, leading to authentication failure. To address this risk, a novel scheme that distributed differentiated and re-configurable PUF models to verification nodes for device authentication was proposed in this work. Taking hardware supply chain as the representative scenario, dedicated hardware module design, authentication protocols, and smart contract implementation were performed. Experimental results on the Hyperledger Fabric demonstrate that our approach maintaines system authentication efficiency while significantly enhancing robustness against verification data leakage. Furthermore, it effectively mitigates machine learning-based modeling attacks targeting PUF.

Container security threats have become increasingly complex. Trusted Execution Environment (TEE)-based solutions emerged as an effective way to enhance container trustworthiness. However, existing approaches mainly focus on static measurements at the container launch stage or monitor only partial runtime behaviors, making it difficult to comprehensively cover the entire container lifecycle and defend against complex attacks such as control-flow hijacking. In addition, TEE communication often relies on synchronous interactions, where frequent data transmissions may lead to blocking and performance bottlenecks. To address these issues, this paper proposed a multidimensional security measurement Architecture for the container lifecycle. The Architecture covered both image construction and runtime stages, and monitored memory changes and key control-flow events, including indirect jumps, indirect function calls, and returns. Furthermore, a TrustZone-based cross-domain communication mechanism was designed, which integrated shared memory, a ring buffer, and semaphores to enable efficient and secure transmission of measurement data. Experimental results show that the proposed system enhances container integrity protection with low performance overhead. It meets the requirements of cloud-native environments and multi-tenant platforms.

In existing privacy-preserving schemes for federated learning, hardware-based trusted execution environment (TEE) have emerged as a new paradigm due to their efficiency and security. However, constrained by hardware limitations, protecting too many layers with TEE drastically reduces training efficiency, while protecting too few layers compromises privacy. To address this challenge, this paper proposed a hierarchical dynamic protection algorithm for federated learning based on TEE. Specifically, a sensitive layer dynamic selection mechanism was designed on the server side. This mechanism achieved secure parameter optimization under memory constraints through layer-wise greedy training. It combined an adversarial robustness evaluation model to quantify the defensive efficacy of different sensitive layer configurations, thereby determining which layered require protection. On the client side, a hierarchical trusted training mechanism was implemented using dual-channel parameter aggregation to enable differentiated training for sensitive and non-sensitive layers. Experiments demonstrate that this hierarchical protection strategy effectively disrupts the semantic continuity of features, inducing systematic deviations between the decision boundaries of substitute models and the original model. The algorithm significantly mitigates various adversarial attacks, reducing the effectiveness of targeted attacks by up to 82%. Furthermore, the study validates the algorithm’s defense capability against data poisoning attacks, showing that model accuracy can recover by over 35% in gradient poisoning scenarios.

Networked intelligent terminals are constantly exposed to diverse security threats in open environments. Although trusted execution environment (TEE) technology provides a hardware-based isolated execution environment for sensitive applications, its security capabilities are confined to individual devices, making it difficult to establish cross-device secure services. As a result, a large number of terminals without TEE support cannot perform hardware-level confidential computing, leading to insufficient TEE coverage. To address this issue, this paper proposed a cloud-native TEE sharing mechanism that leverages cloud-based TEE and abundant computing resources to provide remote confidential computing capabilities for non-TEE terminals. The mechanism employed a lightweight cloud confidential virtual machine (CVM) as the isolated execution environment to deliver TEE services to remote terminals. Furthermore, a secure communication channel, combined with a zero-knowledge proof-based device authentication and key agreement protocol, ensured the confidentiality, integrity, and replay-resistance of remote TEE services. A prototype system was implemented on the Intel TDX platform. Experimental results demonstrate that the proposed mechanism effectively extends TEE security capabilities to terminal devices, with remote execution performance approaching that of conventional virtual machines, thereby validating the effectiveness and practicality of the approach.

In recent years, confidential computing has played an increasingly important role in safeguarding user privacy and data security. With the growing demand for confidential computing platforms that handle massive AI workloads, establishing trusted channels and confidential interconnections has become a critical research issue. This paper proposed a trusted channel construction scheme based on trusted execution environments (TEE) and trusted platform modules (TPM), leveraging a hardware-based key exchange mechanism to meet the security requirements of attestation, trusted data transmission, and secure storage on confidential computing platforms. The proposed scheme consisted of three protocols. First, in the subsystem mutual attestation protocol, a trusted third party issued verifiable attestation tokens to the subsystems within a trusted computing platform node, enabling unified attestation in a heterogeneous hardware root-of-trust environment. Second, the TEE and TPM based hardware key exchange protocol ensured compatibility with existing TEE specifications and TPM key exchange interfaces and derived encryption keys to protect confidential data during transmission. Compared to application-layer communication, the use of hardware-based trusted channels significantly enhanced communication security. Third, the TEE key/secret data provisioning protocol enabled the TPM to securely provide keys or secret data to TEE applications over the established trusted channel, improving the protection of sensitive data stored within the TEE. Security analysis demonstrated that the proposed scheme effectively defends against common attacks such as forgery, spoofing, and tampering. Prototype system evaluations show that the TEE and TPM based hardware key exchange introduces only a 2% increase in latency compared to traditional virtual machines. Furthermore, the overall performance overhead for key exchange and sustained data transmission in the TEE runtime system is less than 0.7%. In summary, the proposed scheme enhances the communication security of confidential computing platforms with minimal impact on runtime and communication performance.

With the rapid development of cloud-native technologies, confidential computing has become an important means to ensure data security in cloud environments. Cloud service providers offer security guarantees for data during computation through hardware-protected trusted execution environment (TEE). However, existing remote attestation schemes for TEE face new challenges in confidential container scenarios, remote attestation schemes under different hardware architectures lack uniformity, and the measurement scope of existing confidential container remote attestation is limited to the Pod operating system kernel level, leading to measurement gaps in application-layer components such as container orchestrators, resulting in broken trust chains in remote attestation schemes. In light of this, this paper proposed a unified remote attestation framework based on virtual trusted platform module (vTPM) and a confidential container measurement extension method. The framework protected the security of vTPM through confidential containers and utilized the non-exportable keys of hardware TPM to issue authentication key certificates for vTPM, constructing a full-chain trusted verification system from authoritative institutions to remote attestation reports. The confidential container measurement extension method was based on kernel namespace mechanisms, achieving complete trust chain extension from boot code to operating system kernel and then to container orchestrators. To validate the effectiveness of the proposed methods, this paper conducted functional and performance testing based on the Kata Container open-source framework on the CSV platform. Experimental results show that the unified remote attestation framework incurs approximately 10% performance overhead, while the modified integrity measurement architecture introduces less than 1% additional overhead, demonstrating the practicality and efficiency of the proposed methods.