An architecture for concurrent execution of secure environments in clouds

We propose an architecture that enables the creation and management of multiple, concurrent secure execution environments on multi-core systems. Our architecture is suitable for use in cloud settings where each user may require an independent secure environment within which he can run his sensitive applications. Our solution effectively scales architectures like Intel TXT which, both on single- and multi-core platforms, support the creation of only one secure environment. Unlike existing solutions that require significant hypervisor participation, our architecture relies on light-weight processor extensions and a novel hardware-based virtualized TPM that supports multiple, concurrent dynamic root of trust requests from different VMs. This, together with the virtualization extensions in modern processors, allows the use of a disengaged hypervisor that is only responsible for VM management (i.e., creation, deletion, startup, shutdown) and is not involved in the creation or management of secure execution environments. Such disengagement not only reduces hypervisor complexity but also its interaction with guest VMs and hence, the risk of system compromise. We show that our architecture provides guest applications independent secure environments within which they can concurrently execute, and protects them against other compromised system components including malicious VMs and peripherals. We also demonstrate the feasibility of realizing our architecture by emulating and testing it using QEMU.