This work addresses the fragmentation in existing confidential container systems, which often rely on virtual machines or specific trusted execution environments (TEEs), thereby disrupting unified management with standard OCI runtimes. The paper proposes EBCC, an architecture that treats the rich execution environment (REE) anchor and the TEE-side confidential stage as a unified containerized entity. By introducing a TEE backend adapter to abstract underlying heterogeneity, EBCC enables OCI-compliant lifecycle operations. It is the first framework to seamlessly integrate diverse TEEs—including Keystone, SGX, TDX, and OP-TEE—while avoiding significant expansion of the trusted computing base. Experimental results demonstrate EBCC’s functional correctness and strong concurrency on Keystone, broad cross-TEE portability, and only modest, manageable latency overheads, with additional costs primarily confined to host-side management operations.

Container runtimes provide a stable operational interface for deploying, monitoring, and controlling modern workloads, while trusted execution environments (TEEs) provide hardware-enforced isolation for sensitive computation. Existing confidential-container systems often rely on VM-backed deployment stacks or TEE-specific execution substrates, which can separate confidential execution from the conventional OCI runtime lifecycle. This paper presents EBCC (Enclave-Backed Confidential Containers), an OCI-compatible runtime architecture for managing composite confidential-computing workloads. EBCC treats the REE-side anchor and TEE-side confidential stages as a single containerized confidential-computing composite, preserves standard OCI lifecycle operations, and keeps TEE-specific execution behind a backend adapter. It also maintains persistent per-instance state and per-stage artifacts for request handling, response generation, logging, and evidence binding. We implement EBCC on a Keystone backend and evaluate its correctness, performance, footprint, and concurrent execution behavior. The results show that EBCC introduces additional latency over native Keystone execution, mainly due to lifecycle mediation, request validation, EID allocation, backend dispatch, and artifact persistence, while keeping the added footprint concentrated on host-side management state. Cross-TEE case studies on SGX, TDX, and OP-TEE show that the same lifecycle and stage abstraction can be mapped to enclave-style, VM-style, and embedded-style TEEs. These results indicate that EBCC can make TEE-backed execution manageable through an OCI-style lifecycle without materially enlarging the protected-side TCB.