What problem does this paper attempt to address?

### Problems the Paper Attempts to Solve This paper aims to address the poor network input/output (I/O) performance in Confidential Virtual Machines (CVMs). Specifically, the paper points out: 1. **I/O Performance Issues**: Current Confidential Virtual Machines (CVMs) face significant bottlenecks in I/O performance, mainly due to: - **Overheads from TEE Security Measures**: Various security measures such as additional TLB flushes and ownership checks lead to widespread side effects. - **I/O Devices Located Outside the CVM's Security Boundary**: To prevent untrusted devices from accessing private memory via Direct Memory Access (DMA), data needs to be copied to an unencrypted shared memory area, and software encryption is also required. 2. **Limitations of TIO Solutions**: Although Trusted I/O (TIO) devices can significantly improve I/O performance, they have some fundamental differences when handling network I/O that limit their performance improvements. For example, in the TEE threat model, network packets must be encrypted with secure protocols (such as TLS or IPsec) before leaving the Network Interface Cards (NICs). Therefore, re-encrypting packets on the PCIe bus with TIO does not enhance security but introduces unnecessary overhead. 3. **Need for Software Solutions**: Given the above issues, the paper proposes a software solution aimed at enabling CVMs to immediately benefit from high-performance networking while relying solely on on-chip CVM without expanding the Trusted Computing Base (TCB). ### Main Contributions 1. **Evaluating Potential Inefficiencies of TIO Devices in Network I/O**: The paper identifies potential inefficiencies of TIO devices in network I/O and promotes the development of a software solution with a smaller TCB size and comparable performance. 2. **Analyzing the Impact of AMD SEV Security Measures on Network Performance**: The study examines how the security measures of the AMD SEV series affect network performance. 3. **Proposing FOLIO**: FOLIO is a DPDK-based network solution specifically designed for AMD SEV-SNP, capable of achieving high-speed network performance comparable to optimal TIO solutions without sacrificing existing I/O security. 4. **Evaluating FOLIO's Performance Gap**: Experimental results show that the performance gap between FOLIO and the optimal solution is within 6%. 5. **Extending DPDK Evaluation Tools**: An existing DPDK evaluation tool was extended to support the evaluation of IPsec in a confidential VM environment. ### Summary The main goal of the paper is to address the poor network I/O performance in Confidential Virtual Machines (CVMs) by designing and implementing a software solution called FOLIO. FOLIO aims to achieve high-performance network transmission comparable to TIO solutions without expanding the TCB while maintaining security.