As cloud computing services become more and more affordable, the option of outsourcing computationally demanding applications is very appealing to individuals and companies. The benefits of performing computation in cloud computing environments typically include great scalability, minimal maintenance and upgrade costs, as well as all-in-one and pay-as-you-go service options. Unfortunately, these benefits are sometimes outweighed by concerns about data privacy in the cloud. For example, recent security breaches and threats on the cloud provider end, such as known attacks to Amazon EC2/S3 (2011), to LastPass (2011), as well as to Dropbox (2012) have raised concerns over the security of data stored in cloud computing systems. Moreover, on the infrastructure end, the known exploits to popular cloud technologies keep increasing.
In contrast to privately owned datacenters, where many logical and physical controls ensure the privacy of the data and executed programs, in a cloud setting, users are asked to trust a third-party computing services provider with full control on their sensitive information. This is only possible as long as end users trust the reputation of the cloud provider itself and have studied the provider's safety record. In case the risk of handing over sensitive information to a cloud provider is not acceptable, users need to incur the usually much higher costs of building and maintaining private datacenters. One solution towards addressing the security concerns of cloud computing systems is the use of encryption on data stored in the cloud computing systems (e.g., the implementation of an encryption scheme). Encryption requires the use of cryptographic keys in order to read the encrypted data. Accordingly, the use of encryption renders data stored in the cloud computing systems information unreadable to unauthorized entities, and can protect the confidentiality of sensitive data.
In order to perform various processing tasks on the stored data in the cloud environment, the cloud computing system processors are programmed with the cryptographic keys. The processors first decrypt the data with the cryptographic keys, perform the processing tasks, and then re-encrypt the data for storage in the cloud computing system. In such systems, the attack surface (i.e., the vulnerability of the cloud computing system) is substantially limited to data within the processor itself. Although this data is typically secure, the data is still theoretically vulnerable to attackers (e.g., hackers) capable of eavesdropping on the data pipeline within the processor or leaking the cryptographic keys stored within the processor, without triggering the tampering protections. Such attack proposals are possible with the use of a sub-transistor level attack, such as an attack by a Trojan virus, which can extract sensitive information from the internals of the processor. For example, the sub-transistor level attack may extract the cryptographic keys stored within the processor or the decrypted data passing through a data pipeline on the processor. Thus, there is a need for protecting the confidentiality of the information processed in cloud computing systems in a more definitive and effective manner.