In recent times, cloud computing has become an important paradigm. In cloud computing, computing resources may be rented as a commodity good. In a typical cloud computing model, a cloud provider provides virtual servers running on physical servers. Herein, a virtual server may provide a similar functionality as a physical server to a remote user. A plurality of virtual servers may run on a single physical server, so that less physical servers may be needed. Service providers may provide one or more virtual machine images which may be run on the cloud servers as one or more virtual machine instances.
Protection of data is important for cloud computing. Encryption potentially plays an important role to safeguard protection of data. For example, an encrypted file system may be run on top of a virtual machine's file system. Moreover, Amazon S3, provided by Amazon Web Services, Seattle, Wash., USA, provides Server Side Encryption (SSE) to enable a virtual machine to store data in an encrypted form.
Disk-image encryption is a technique aimed at protecting data at rest—that is, when the system is powered off and the attacker somehow got access to its disks or other external storage, in what is commonly known as an ‘offline attack’. A similar attack can be performed on virtual machines (VM), with one important difference: it can be performed even without physical access to the system. If an attacker manages to compromise a virtualization host or hypervisor (locally or remotely), they can then proceed to attack its VM guests. A system called Kernel-based Virtual Machine (Linux KVM) enables the system administrator to protect guests that are not running by encrypting their disk-images, and requiring an encryption passphrase or key to start them.
Porticor Virtual Private Data system (Porticor LTD, Ramat Hasharon, Israel) employs a homomorphic split-key encryption technology, in which each data object, such as a disk or file, is encrypted with a unique key which is split in two: a master key and a specific key. The master key is common to all data objects, and remains the possession of the application owner; while the second specific key is different for each data object and is stored by a virtual key management service. As the application accesses the data store, both parts of the key are used to dynamically encrypt and decrypt the data.
US 2010/0211782 A1 discloses a digital escrow pattern provided for network data services including searchable encryption techniques for data stored in a cloud, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, a key generator, a cryptographic technology provider and a cloud services provider are each provided as separate entities, enabling a publisher of data to publish data confidentially to a cloud services provider, and then expose the encrypted data selectively to subscribers requesting that data based on subscriber identity information encoded in key information generated in response to the subscriber requests, e.g., a role of the subscriber.
US 2011/0296201 A1 discloses a method and apparatus configured to provide for the trusted execution of virtual machines (VMs) on a virtualization server, e.g., for executing VMs on a virtualization server. A physical multi-core CPU may be configured with a hardware trust anchor. The trust anchor itself may be configured to manage session keys used to encrypt/decrypt instructions and data when a VM (or hypervisor) is executed on one of the CPU cores. When a context switch occurs due to an exception, the trust anchor swaps the session key used to encrypt/decrypt the contents of memory and cache allocated to a VM (or hypervisor).