SYSTEM Cited by 1 source
TDXray (side-channel research)¶
What it is¶
TDXray is Google Research's published microarchitectural side-channel analysis of Intel TDX — full title TDXray: Microarchitectural Side-Channel Analysis of Intel TDX for Real-World Workloads. The work demonstrates that production workloads running inside Intel TDX trust domains can leak information through microarchitectural side-channels, despite TDX's nominal isolation guarantees.
Significance for production privacy architectures¶
The 2026-05-27 Google zero-trust-aggregation post cites TDXray as evidence that TEE-only privacy architectures are structurally exposed to ongoing side-channel discovery:
"Researchers regularly discover side-channel vulnerabilities that can be leveraged by an attacker to either invalidate TEE guarantees, or application-level specific guarantees (SNPeek, TDXray)."
The TDXray work specifically focuses on real-world workloads — not synthetic microbenchmarks — strengthening the argument that the risk class is operationally relevant for production deployments. The architectural response in the 2026 Google federated-analytics design is cryptography-plus-TEE defense in depth.
Caveats¶
- Stub wiki page. The research details (specific side-channel mechanisms, workload categories, severity, mitigations) live in the published paper; this page records the citation context within the wiki's TEE-side-channel-vulnerability discussion.
- Sibling to SNPeek which applies the same research approach to AMD SEV-SNP.
Seen in¶
- sources/2026-05-27-google-private-analytics-via-zero-trust-aggregation — cited alongside SNPeek as evidence for ongoing TEE side-channel discovery, motivating the cryptographic-plus-TEE composition.
Related¶
- systems/intel-tdx — the TEE substrate analysed
- systems/snpeek-side-channel-research — sibling research, AMD SEV-SNP
- concepts/tee-side-channel-vulnerability — the risk class TDXray evidences
- concepts/trusted-execution-environment
- patterns/cryptography-plus-tee-defense-in-depth