Internet or web-based services are increasingly based on multi-tenant cloud-based infrastructure services, also referred to as Infrastructure as a Service (IaaS) or resource-on-demand services. Resource-on-demand or IaaS services are typically provided by data centers that host large numbers of physical servers and associated resources. The physical servers are managed by virtualization software, which dynamically creates virtual servers for requesting customers. Using virtualization, a single hardware server can host multiple virtual servers. Individual virtual servers are referred to as server instances, and are created based on memory images that are specified or provided ahead of time by customers.
Server instances can be provisioned remotely and dynamically, resulting in easily scalable systems. Some cloud service providers provide automatic scaling, in which server instances are automatically created and destroyed in response to actual load or utilization.
Data privacy is a common concern when customers consider multi-tenant IaaS. To address this concern, some IaaS providers allow server instances to create and use encrypted storage volumes. Encrypted volumes can be created and accessed using various types of cryptographic keys. Customer applications can typically be relied upon to manage and safeguard such keys.
Increasingly, however, there is a demand for encrypted boot volumes. Specifically, customers want to create server instances that boot from encrypted storage volumes. This introduces challenges with respect to key management.
Typically, as resources are scaled by or on behalf of a customer, server instances are created based on a common code or memory image. Boot volume encryption/decryption keys can conceivably be embedded within such an image, and can be obfuscated to make them difficult to extract. Obfuscation, however, is typically not viewed as an adequate measure of protection. Therefore, a more secure means of managing security tokens for encrypted boot volumes is often desired.