Master Thesis: Live Migration of Confidential Virtual Machine

2026-04-13

Recently my thesis, "Live Migration of Confidential Virtual Machines," was published, and with that I wrapped up my studies. You can find the full text of the thesis here.

The research introduced me to a fascinating area of confidential computing: running virtual machines inside a trusted execution environment (TEE) that is tamper‑proof and ensures all data leaving it is encrypted. As a result, dumping the virtual machine's memory yields no useful information.

The second crucial piece is remote attestation: when we deploy a virtual machine, we can obtain proof—claims and measurements—that it is indeed running inside a genuine TEE. For that to work, the TEE must provide verifiable attestations about its state and the software it is running.

Taken together, these capabilities let you run workloads on remote hardware with reasonable confidence — though no security is absolute — that the host cannot inspect the virtual machine's memory or other data in use.

I am further exploring this area with Canary Bit!