Cloud-computing and software-as-a-service (SAAS) providers operate increasingly complex computer servers and server farms, where information security remains a top concern. Recent advances in security include cryptographic isolation between customer workloads, typically implemented as distinct virtual machines (VMs) running on a common platform.
One security approach involves the use of multi-key total memory encryption (MKTME) where a hypervisor may assign a cryptographic key to each of the customer workloads running in its own VM. Each workload may use its key to protect information that it stores in the server's physical memory. A secure MKTME engine may be used as part of the memory-access subsystem to perform encryption and decryption operations as part of providing secured memory access.
Although MKTME has shown much promise as an effective component of a server's system architecture for improving isolation between customer workloads, some important challenges remain to be solved. These include protection from certain types of attacks, such as hardware-replay attacks, and cross-domain injection attacks.