Hardware-based solutions for trusted cloud computing

摘要

The increasing number of threats targeting cloud computing and the exploitation of specifically privileged software vulnerabilities have pushed the security managers of cloud service providers to deploy hardware-based solutions. These solutions can offer better hardware-assisted security features for a broad range of computing platforms including both CISC and RISC architecture families in datacenters. Their goal is to reduce the attack surface by rooting the trust into the hardware instead of some high-privileged pieces of system software such as the operating system or the hypervisor which have been demonstrated that they include severe security vulnerabilities, thus limiting the adoption of the cloud computing model for some security-skeptical users. In this paper, we give cloud users and customers, application developers and security managers a comprehensive overview of four major industrial-scale commercial hardware-based solutions brought by major vendors in the cloud market. We present, analyze and compare Intel TXT, ARM TrustZone, AMD SEV, and Intel SGX technologies with respect to more than twenty criteria fitting within three categories: security, functional and deployment. We discuss each of these technologies and show the cases where they particularly excel. Our comparison can help IT managers to take the right decision about which better industrial technology to adopt for their particular security requirements and future cloud migrations.