Accepted Paper at AsiaCCS 2026

28. January 2026

We are happy to announce that our paper “CoCoRADE: Introducing Replay Protection for Data-at-Rest of Confidential Virtual Machines” is accepted and will appear at the 21st ACM ASIA Conference on Computer and Communications Security (AsiaCCS'26).

Abstract: CoCoRADE: Introducing Replay Protection for Data-at-Rest of Confidential Virtual Machines

The cloud has become a popular tool for companies to host and process data. To keep this data safe from cloud providers, multiple Confidential Computing technologies have emerged. Confidential Virtual Machines protect the memory of VMs and thus all data in use. Full Disk Encryption (FDE) and Authenticated Disk Encryption (ADE) solutions are commonly used to store data at rest on a host-provided disk. However, disk encryption does not provide replay protection, meaning an older disk version or parts of an older disk can be replayed by the host to the Confidential VM. With no countermeasures taken, this is impossible to detect and opens new attack vectors, e.g., allowing to undo critical changes made to configuration files and data. In this paper, we solve this problem by proposing CoCoRADE, a way to store data on a disk while maintaining confidentiality, integrity and replay protection of data. In addition, we highlight how freshness is maintained across reboots. Our proof of concept demonstrates how this is easily added to existing Confidential VM offerings in the cloud without needing any additional support from the cloud provider or specialized hardware. The evaluation results show that CoCoRADE provides more security while performing comparably to, if not better than, existing ADE solutions with acceptable overheads in memory usage and remount time.