What problem does this paper attempt to address?

### What problems does this paper attempt to solve? This paper aims to solve the existing trust and security challenges in the current cloud - computing environment, especially in multi - cloud environments and scenarios with high privacy requirements. Specifically, the paper proposes solutions to the following key issues: 1. **Limitations of a single Hardware Root of Trust (RoT)**: - Current confidential computing platforms rely on a single hardware root of trust, such as the Trusted Execution Environment (TEE) in the CPU, which limits users' trust in cloud platforms. Especially in high - performance AI services, end - to - end protection of sensitive models and data is crucial. 2. **Trust interoperability issues across platforms and cross - cloud environments**: - In multi - cloud environments, due to the lack of a unified trust model and interoperability, it is difficult to establish a cross - platform trust chain, resulting in complexity and potential security risks for users when migrating or deploying applications between different cloud services. 3. **Insufficient user control over the trust system**: - Existing CVM solutions mainly rely on the root of trust provided by cloud service providers or hardware manufacturers. Users cannot directly participate in or verify the establishment of the trust system, resulting in limited user control over data security, especially in scenarios requiring high privacy and security. 4. **The technological gap between TEE and TPM**: - There are significant differences between TEE and TPM in security roles and technological implementation. How to make them work together is a challenge. For example, TEE provides a highly secure isolated environment but restricts the use of certain functions, such as IOMMU, which makes it complicated to integrate the hardware TPM into the confidential virtual machine. 5. **Ensuring the security of confidential virtual machines in processing sensitive data**: - In confidential computing, ensuring the integrity and confidentiality of sensitive data processed by virtual machines is a key task. Although TEE ensures data security through memory encryption, its isolation technology is not sufficient to fully protect the workload. Therefore, dynamic integrity measurement and remote authentication are required to enhance security. To solve the above problems, the paper proposes the **CCxTrust** platform. This platform is based on the collaborative trust mechanism of TEE and TPM and constructs a multi - root trust system to improve the trustworthiness and security of the confidential computing platform. Specific measures include: - **Collaborative Roots of Trust (RoT)**: Combine the advantages of TEE and TPM to establish a user - controlled trust framework. - **Confidential TPM (CTPM)**: Design and support multiple - mode TPM operations to provide flexible security guarantees. - **Composite Attestation Protocol**: Integrate static and dynamic trust chains and utilize the advantages of TPM and TEE to ensure the security of the runtime environment. Through these innovations, CCxTrust aims to bridge the existing trust gap, increase users' trust in cloud platforms, and support the secure application deployment in multi - cloud environments.