Existing confidential container solutions place the entire runtime within a Trusted Execution Environment (TEE), resulting in an overly large Trusted Computing Base (TCB), redundant components, and high cross-layer overhead. This work proposes Arca, which introduces an innovative TEE-in-Container architecture that isolates each workload within its own hardware-enforced trust domain while moving orchestration logic outside the TEE. This design significantly reduces the TCB, strengthens isolation, and adheres to the principle of minimal trust inherent to TEEs. Built upon hardware technologies such as Intel SGX, TDX, and AMD SEV, Arca implements a lightweight confidential container framework that achieves near-native performance across most benchmarks, substantially outperforms Confidential Containers (CoCo), and greatly enhances verifiability and resilience against host-level attacks.

Confidential containers protect cloud-native workloads using trusted execution environments (TEEs). However, existing Container-in-TEE designs (e.g., Confidential Containers (CoCo)) encapsulate the entire runtime within the TEE, inflating the trusted computing base (TCB) and introducing redundant components and cross-layer overhead. We present Arca, a lightweight confidential container framework based on a TEE-in-Container architecture that isolates each workload in an independent, hardware-enforced trust domain while keeping orchestration logic outside the TEE. This design minimizes inter-layer dependencies, confines compromise to per-container boundaries, and restores the TEE's minimal trust principle. We implemented Arca on Intel SGX, Intel TDX, and AMD SEV. Experimental results show that Arca achieves near-native performance and outperforms CoCo in most benchmarks, while the reduced TCB significantly improves verifiability and resilience against host-level compromise. Arca emonstrates that efficient container management and strong runtime confidentiality can be achieved without sacrificing security assurance.