The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Many enterprises and their computer systems utilize virtual machines provided by a virtual data center (VDC), such as a cloud service provider (CSP), and other virtualized resources, such as virtual storage, virtual computing resources, or virtual database resources that are accessible through the Internet. Such cloud services may provide a client with many benefits, such as reduced costs, easier scalability, and a reduced administrative burden. However, cloud services also pose new challenges for clients of these services, such as increased security risks. For example, one such risk is that when a customer uses a CSP to boot up an instance of a guest operating system in a VDC the customer data processed by that instance becomes exposed to security breaches on the part of the CSP. While many enterprises have security systems in place on their own on-premises devices, these protections do not extend into the cloud. Should the CSP become compromised, sensitive data such as user passwords, social security numbers, credit card numbers, and so forth relied upon by customer applications may become exposed.
In some cases, CSPs have implemented features which allow operating system images and data disks to be encrypted within the VDC through a key management system operated by the CSP. Thus, when stored on disk (or other non-volatile storage), the operating system image remains encrypted thus protecting the data held by the image from being copied and deciphered by unauthorized agents. When the customer requires an instance to be booted up, the CSP uses the encryption keys to decrypt memory blocks of the operating system image when read into RAM (or other volatile memory) to execute the operating system. Unfortunately, these systems require the customer to place a significant amount of trust on the CSP to hold and secure the encryption keys, otherwise the sensitive data of the customer may once again face significant risk of exposure. Thus, customer computing systems may benefit from a technique that allows data held on a VDC to be secured while requiring only a minimal amount of trust to be placed on the part of the CSP.