Confidential Computing Summit 2026

The AWS Nitro System is the foundation for modern Amazon EC2 instances that enables AWS to innovate faster, reduce cost for customers, and deliver added benefits like increased security and new instance types. We've applied formal methods to the Nitro System since day one. AWS has reimagined our virtualization infrastructure. Traditionally, hypervisors protect physical hardware and BIOS, virtualize CPU, storage, and networking, and provide management capabilities. The Nitro System breaks apart those functions, offloads them to dedicated hardware and software, and reduces costs by delivering nearly all server resources to instances.

This session explores the architecture and security model of the Nitro System, demonstrating how offloading virtualization functions minimizes the hypervisor attack surface and enables features like secure boot and Nitro Enclaves. We'll introduce the Nitro Isolation Engine, where we've applied formal methods. Starting from proving correctness properties of early boot firmware and the API endpoint component of the Nitro Controller, the Nitro Isolation Engine is a minimal trusted computing base and is a default capability of AWS Graviton5 processors