CCASim: Research on Performance Simulator for Arm Confidential Compute Architecture

doi:10.3969/j.issn.1671-1122.2026.02.002

Abstract

Abstract:

Armv9 introduces the Arm Confidential Compute Architecture (Arm CCA), which protects confidential virtual machines from untrusted software and system environments by executing them in an isolated Realm world. The architectural design and software ecosystem development of CCA urgently require a simulation platform that supports both functional modeling and performance evaluation. However, existing studies either focus on functional virtualization of CCA without performance modeling capabilities, or provide performance simulation while lacking support for CCA mechanisms, making them inadequate for architectural exploration and performance analysis. To address this gap, this paper presented CCASim, a performance simulation platform with support for CCA functional modeling. CCASim provided a front-end/back-end decoupled simulation mode based on SniperSim and a full-system simulation mode based on Gem5, enabling configurable modeling of core CCA mechanisms and parallel simulation of multiple Realm virtual machines. Experimental results demonstrate that CCASim can correctly implement fine-grained memory protection and multi-VM isolation with only limited performance overhead, while ensuring functional correctness. Compared with existing solutions, the proposed platform offers clear advantages in simulation accuracy, flexibility, and performance evaluation capability, providing an effective tool for architectural research and software optimization of Arm CCA.

Key words: simulator, confidential computing, trusted execution environment, Arm confidential compute architecture, performance simulation analysis

CLC Number:

TP309

LIN Tiantian, WANG Yitian, WANG Xiaohang, ZHU Ting, REN Kui. CCASim: Research on Performance Simulator for Arm Confidential Compute Architecture[J]. Netinfo Security, 2026, 26(2): 189-210.

Figures/Tables 56

References 20

[1]	XU Xiangyi, WANG Wenhao, WU Yongzheng, et al. virtCCA: Virtualized Arm Confidential Compute Architecture with TrustZone[EB/OL]. (2024-02-18)[2025-06-11]. https://doi.org/10.48550/arXiv.2306.1101.
[2]	Huawei. Huawei CCA QEMU[EB/OL]. [2025-06-11]. https://github.com/Huawei/Huawei_CCA_QEMU.
[3]	ZHANG Yiming, HU Yuxin, NING Zhenyu, et al. SHELTER: Extending Arm CCA with Isolation in User Space[C]// USENIX. The 32nd USENIX Security Symposium (USENIX Security 23). Berkely: USENIX, 2023: 6257-6274.
[4]	Gem5. Gem5: The Gem5 Simulator System[EB/OL]. [2025-06-11]. https://www.gem5.org/.
[5]	Sniper. The Sniper Multi-Core Simulator[EB/OL]. [2025-06-11]. https://snipersim.org//w/The_Sniper_Multi-Core_Simulator.
[6]	ARM. TrustZone for Cortex-A[EB/OL]. [2025-06-11]. https://www.arm.com/technologies/trustzone-for-cortex-a.
[7]	ARM. Exception Levels[EB/OL]. [2025-06-11]. https://developer.arm.com/documentation/102412/0103/Privilege-and-Exception-levels.
[8]	DAVID C, NUNO S, PEDRO F, et al. SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-Assisted TEE Systems[C]// IEEE. 2020 IEEE Symposium on Security and Privacy (SP). New York: IEEE, 2020: 1416-1432.
[9]	DAVID C, JOSÉ M, NUNO S, et al. ReZone: Disarming TrustZone with TEE Privilege Reduction[C]// USENIX. The 31st USENIX Security Symposium (USENIX Security 22). Berkely: USENIX, 2022: 2261-2279.
[10]	DAVID S. Arm Introduces Its Confidential Compute Architecture[EB/OL]. (2021-06-23)[2025-06-11]. https://fuse.wikichip.org/news/5699/arm-introduces-its-confidential-compute-architecture/.
[11]	LI Xupeng, LI Xuheng, CHRISTOFFER D, et al. Enabling Realms with the Arm Confidential Compute Architecture[EB/OL]. (2023-07-13)[2025-06-11]. https://www.usenix.org/publications/loginonline/enabling-realms-arm-confidential-compute-architecture.
[12]	Trusted Firmware-A. Realm Management Extension (RME)[EB/OL]. [2025-06-11]. https://trustedfirmware-a.readthedocs.io/en/latest/components/realm-management-extension.html.
[13]	ARM. Realm Management Monitor[EB/OL]. [2025-06-11]. https://developer.arm.com/documentation/den0127/0200/Software-components/Realm-Management-Monitor.
[14]	WANG Chenxu, ZHANG Fengwei, DENG Yunjie, et al. CAGE: Complementing Arm CCA with GPU Extensions[C]// NDSS. The Network and Distributed System Security Symposium (NDSS Symposium 2024). Reston: Internet Society, 2024: 1-16.
[15]	ARM. Granule Protection Checks[EB/OL]. [2025-06-11]. https://developer.arm.com/documentation/den0126/0101/Granule-Protection-Checks.
[16]	DynamoRIO. DynamoRIO Home Page[EB/OL]. [2025-06-11]. https://dynamorio.org/.
[17]	Capstone Engine. Capstone[EB/OL]. [2025-06-11]. https://github.com/capstone-engine/capstone.
[18]	ARM. Arm CCA Hardware Architecture-Memory Management for Arm CCA[EB/OL]. [2025-06-11]. https://developer.arm.com/documentation/den0125/0300/Arm-CCA-Hardware-ArchitectureArm.
[19]	ANDREW F, ANDREW B, CHRIS H, et al. Using Verification to Disentangle Secure-Enclave Hardware from Software[C]// ACM. The 26th Symposium on Operating Systems Principles(SOSP ’17). New York: ACM, 2017: 287-305.
[20]	HIMANSHU R, STEFAN S, ALEC W, et al. fTPM: A Software-Only Implementation of a TPM Chip[C]// USENIX. The 25th USENIX Conference on Security Symposium(SEC’16). Berkely: USENIX, 2016: 841-856.

仿真器	支持CCA功能仿真	支持性能仿真
virtCCA^[1]	√	—
QEMU CCA^[2]	√	—
Shelter^[3]	√	—
Gem5^[4]	—	√
SniperSim^[5]	—	√

安全状态	Non-Secure世界	Secure世界	Realm世界	Root世界
Non-Secure PAS	√	√	√	√
Secure PAS	×	√	×	√
Realm PAS	×	×	√	√
Root PAS	×	×	×	√

组件	功能
gem5.opt	编译指定版本Gem5得到的可执行文件，用于运行仿真
仿真脚本	通常为Python脚本，决定仿真系统的软硬件配置、工作负载等
vmlinux	Linux内核编译后生成的未压缩的、可执行的ELF格式内核文件，作为全系统仿真的内核镜像
Bootloader	Arm系统启动时运行的第一段代码，负责初始化硬件、加载操作系统内核vmlinux并移交控制权
IMG格式磁盘镜像	作为系统存储设备的完整数据副本，仿真真实的存储设备，包含仿真对象的操作系统、环境配置、CCA仿真程序与基准测试

当前世界	目标世界
当前世界	目标Secure 世界	目标Normal世界	目标Root 世界	目标Realm 世界
Secure世界	√	√	×	×
Normal世界	×	√	×	×
Root世界	√	√	√	√
Realm世界	×	√	×	√

实验环境	Arm架构前端	x86架构后端
设备	华为鲲鹏920平台	Intel Xeon Gold6330
DynamoRIO	drrun v11.0.20027	—
SniperSim	Sniper 8.0	Sniper 8.0
Capstone	—	Capstone v4.0.1