Confidential Domains of Execution
27 May 2013
Data Confidentiality or Cloud Computing? A true dilemma worthy of Hamlet and a reality for users aiming to exploit computational services in the cloud. Sensitive data can be protected by encryption, but if any computation is to be performed in the cloud, then the decryption key must be available somewhere in the cloud infrastructure. This implies that the cloud provider must be able to offer an unchallengeable level of trustworthiness both in its systems and in its employees. Multi-tenancy of cloud infrastructures adds a dimension of complexity to the problem: despite a provider's trustworthiness, an attack might actually come from software hosted on behalf of other customers. In this paper, we present Confidential Domain of Execution (CDE), a novel mechanism ensuring confidential execution of software in an otherwise untrusted environment. In our proposed solution, confidential data processing in the cloud can be achieved by an isolated execution environment (the CDE) where any communication with the outside untrusted world is forcibly encrypted. Inside a CDE, user's software does not need to be overloaded with expensive cryptographic operations at every memory access or cache miss, but it can compute on plain-text data at native speed. Ultimately, confidentiality relies on hardware-level mechanisms that cannot be circumvented, and all the software inside the confidential environment is provided by the end user. Therefore, the software Trusted Computing Base to be provided by the cloud provider to ensure confidentiality is reduced to zero. The mechanism can be useful to overcome the challenging issues in guaranteeing confidential execution in virtualized infrastructures, including cloud computing and virtualized network functions, among other scenarios. With our proposal, confidential cloud computing can be ensured without requiring that users blindly trust the cloud provider nor any of its employees, and without the performance drawbacks typical of other solutions proposed in the literature for secure computing.