Bringing Confidential Computing to Android
Abstract
The Android Virtualization Framework (AVF) enables the execution of security-sensitive workloads in protected virtual machines (pVMs) using trusted hypervisors. We present Aster, an in-depth analysis of the AVF security model as defined in the Android Compatibility Definition Document (CDD). Through this analysis, we identify key limitations and security concerns in existing AVF requirements and propose a structured approach to address them. Using an alternate AVF backend namely Arm Confidential Computing Architecture (Arm CCA), Aster strengthens AVF’s isolation guarantees by introducing improved memory protection to mitigate physical attacks, enhancing independent memory management, and enforcing stricter privilege separation. We implement and validate Aster on two platforms: Functional emulator that supports Android and Arm CCA (QEMU), performance prototype on a Arm board that captures microarchitectural aspects. Our in-depth evaluation of impact of Aster on pVMs and non-pVM execution under stress benchmarks (CPU, system, IO) as well as representative pVM-bound applications (public key generation, OTP, isolated compilation) show the minimal runtime performance impact.
Research Areas: Secure Ranging and Positioning, Secure Ranging and Positioning, Trusted Computing, Trusted Computing, Trusted Computing, Trusted Computing and Users and Security
People
BibTex
@inproceedings{kuhne2026bringing,
author = {Kuhne, Mark and Sridhara, Supraja and Bertschi, Andrin and Dutly, Nicolas and Aliberti, Fabio and Capkun, Srdjan and Shinde, Shweta},
title = {{Bringing Confidential Computing to Android}},
booktitle = {24th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys)},
year = 2026,
month = jun
}