Blinded Memory

ABSTRACT: Outsourcing computing to a remote processor is popular and compelling. Cryptographic techniques like homomorphic encryption allow a client to outsource computation on sensitive data while ensuring that the data cannot be leaked. However, such techniques incur substantial computation and communication costs. Leveraging hardware assistance to efficiently ensure security is thus an attractive proposition. Trusted Execution Environments (TEEs), which saw widespread deployment in the early 2000s by mobile device manufacturers to run sensitive computations on commodity devices, can help to realize secure outsourced computing. But the security guarantees provided by traditional TEEs have been called into question by various recent attacks that exploit the inherent complexity of modern hardware and software. In this talk, I will describe Blinded Memory (BliMe): on-going work by my students to design minimal processor extensions that can help to efficiently realize secure outsourced computing. BliMe consists of a minimal set of Instruction Set Architecture (ISA) extensions that use taint-tracking to ensure confidentiality of sensitive (client) data even in the presence of server malware, run-time attacks, or side-channel attacks. To secure outsourced computation, BliMe extensions can be used together with an attestable, fixed-function hardware security module (HSM) and an encryption engine that provides atomic decrypt-and-taint and encrypt-and-untaint operations. I will describe the overall architecture, the current status of the work, and the challenges we face.