TEE containers face systemic security risks—including information leakage, rollback attacks, denial-of-service (DoS), and Iago attacks—due to ambiguously defined trust boundaries and isolation failures. This paper introduces the first automated boundary identification framework that jointly leverages static and dynamic analysis to reverse-engineer and formally verify isolation policies of mainstream TEE containers (e.g., SCONE, Gramine). Our analysis uncovers critical trust boundary misalignments in multiple production-deployed containers, empirically reproduces four classes of high-severity attacks, and quantifies their exploitability and impact scope. The work establishes a reusable trust boundary modeling paradigm and provides concrete hardening guidelines for TEE middleware design. By enabling rigorous, artifact-based boundary validation, it advances trusted execution environments from opaque “black-box” encapsulation toward verifiable, architecture-aware isolation.

Trusted Execution Environments (TEEs) have emerged as a cornerstone of confidential computing, garnering significant attention from both academia and industry. To enable the secure development, execution, and deployment, of applications on TEE platforms, TEE containers have been introduced as middleware solutions. These containers aim to shield applications from potentially malicious operating systems and orchestration interfaces while maintaining usability and reliability. In this paper, we analyze the isolation strategies employed by existing TEE containers to protect secure applications. To address the challenges in analyzing these interfaces, we designed an automated analyzer to precisely identify and evaluate their isolation boundaries. We observed that some TEE containers fail to achieve their intended goals due to critical design and implementation flaws, such as information leakage, rollback attacks, denial-of-service, and Iago attacks, which pose significant security risks. Drawing from our findings, we share key lessons to guide the development of more secure container solutions and discuss emerging trends in TEE containerization design.