FlexSEE: a Flexible Secure Execution Environment for protecting data-in-use

Abstract

In this paper, we present a comprehensive security architecture, Flexible Secure Execution Environment (FlexSEE), for confidential computing in modern cloud environments. FlexSEE does not require the trust of system software on the compute server and guarantees that the user data is visible only in non-privileged mode to a designated program trusted by the data owner on a designated hardware, thus protecting the data from an untrusted hardware, hypervisor, OS, or other users' applications, on the compute server. We describe the Hardware Trust Zone (HTZ), the enclave confining the clear-text data, the cryptography hardware used in the HTZ, the protocols used to move data between HTZ and the memory hierarchy beyond the HTZ, and the memory extensions for the L1-cache in the HTZ. Our simulation result show that the overhead of encrypting and decrypting data in an FlexSEE-enabled processor is modest, only 6% on average across a collection of commercial workloads, when the data encryption engine is placed between the L1 and L2 cache.