Confidential Execution of Cloud Services

Tommaso Cucinotta, Davide Cherubini, Eric Jul


In this paper, we present Confidential Domain of Execution (CDE), a mechanism for achieving confidential execution of software in an otherwise untrusted environment, e.g., at a Cloud Service Provider. This is achieved by using an isolated execution environment in which any communication with the outside untrusted world is forcibly encrypted by trusted hardware. The mechanism can be useful to overcome the challenging issues in guaranteeing confidential execution in virtualized infrastructures, including cloud computing and virtualized network functions, among other scenarios. Moreover, the proposed mechanism does not suffer from the performance drawbacks typical of other solutions proposed for secure computing, as highlighted by the presented novel validation results.


  1. (2001). Federal Information Processing Standards Publication 197 - Specification for the Advanced Encryption Standard (AES). U.S. Governement.
  2. (2011). TPM Main - Part 1 - Design Principles - Specification Version 1.2 - Revision 116. Trusted Computing Group, Incorporated.
  3. Abramson, D. et al. (2006). Intel R Virtualization Technology for Directed I/O. Intel Technology Journal, 10(3):179-192.
  4. Advanced Micro Devices, Inc. (2008). AMD-VTM Nested Paging. AMD Techincal White Paper.
  5. Anderson, T., Peterson, L., Shenker, S., and Turner, J. (2005). Overcoming the Internet Impasse through Virtualization. Computer, 38(4):34-41.
  6. Bhaumik, S., Chandrabose, S. P., Jataprolu, M. K., Kumar, G., Muralidhar, A., Polakos, P., Srinivasan, V., and Woo, T. (2012). CloudIQ: a framework for processing base stations in a data center. In Proceedings of the 18th annual international conference on Mobile computing and networking, Mobicom 7812, pages 125-136.
  7. Brenner, M., Wiebelitz, J., von Voigt, G., and Smith, M. (2011). Secret program execution in the cloud applying homomorphic encryption. In Digital Ecosystems and Technologies Conference (DEST), 2011 Proceedings of the 5th IEEE International Conference on, pages 114-119.
  8. Chapin, J. (2002). Overview of vanu software radio.
  9. Chhabra, S., Solihin, Y., Lal, R., and Hoekstra, M. (2010). An Analysis of Secure Processor Architectures. In Gavrilova, M. and Tan, C., editors, Trans. on Computational Science VII, volume 5890 of LNCS, pages 101-121. Springer.
  10. Correia, M. (2012). Software execution protection in the cloud. In Proceedings of the 1st European Workshop on Dependable Cloud Computing, EWDCC 7812, New York, NY, USA. ACM.
  11. Cucinotta, T., Cherubini, D., and Jul, E. (2014). Confidential Domains of Execution. to appear in Bell Labs Technical Journal, 19(1).
  12. Duflot, L., Etiemble, D., and Grumelard, O. (2006). Using CPU System Management Mode to Circumvent Operating System Security Functions. In CanSecWest.
  13. Fukushima, M., Hasegawa, T., Hasegawa, T., and Nakao, A. (2011). Minimum Disclosure Routing for network virtualization. In Proc. of 14th Global Internet Symposium (GI) 2011 at IEEE INFOCOM 2011.
  14. Hao, J. and Cai, W. (2011). Trusted Block as a Service: Towards Sensitive Applications on the Cloud. In Trust, Security and Privacy in Computing and Communications (TrustCom), Proc. of 10th Int. Conf. on, pages 73-82.
  15. Keller, E., Szefer, J., Rexford, J., and Lee, R. B. (2010). Nohype: Virtualized cloud infrastructure without the virtualization. SIGARCH Comput. Archit. News, 38(3):350-361.
  16. Lie, D., Thekkath, C. A., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J. C., and Horowitz, M. (2000). Architectural Support for Copy and Tamper Resistant Software. In ASPLOS, pages 168-177. ACM Press.
  17. Liedtke, J. (1995). On micro-kernel construction. SIGOPS Oper. Syst. Rev., 29(5):237-250.
  18. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., and Turner, J. (2008). OpenFlow: enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev., 38(2):69-74.
  19. NFV Industry Specif. Group (2012). Network Functions Virtualisation. Introductory White Paper.
  20. O. M. E. Committee (2012). Software-defined Networking: The New Norm for Networks. Open Networking Foundation.
  21. Popa, R. A., Redfield, C. M. S., Zeldovich, N., and Balakrishnan, H. (2011). CryptDB: protecting confidentiality with encrypted query processing. In Proc. of the 23rd ACM Symp. on Operating Systems Principles, SOSP 7811, pages 85-100.
  22. Rashid, R. F. (1986). From RIG to Accent to Mach: the evolution of a network operating system. In Proc. of 1986 ACM Fall joint computer conference, ACM 7886, pages 1128-1137.
  23. Sachs, J. and Baucke, S. (2008). Virtual radio: a framework for configurable radio networks. In Proceedings of the 4th Annual International Conference on Wireless Internet, WICON 7808, pages 61:1-61:7.
  24. Singaravelu, L., Pu, C., Härtig, H., and Helmuth, C. (2006). Reducing TCB complexity for security-sensitive applications: three case studies. SIGOPS Oper. Syst. Rev., 40(4):161-174.
  25. Steinberg, U. and Kauer, B. (2010). NOVA: a microhypervisor-based secure virtualization architecture. In Proc. of the 5th European Conf. on Computer systems, EuroSys 7810. ACM.
  26. Suh, G. E., Clarke, D., Gassend, B., Dijk, M. v., and Devadas, S. (2003a). Efficient Memory Integrity Verification and Encryption for Secure Processors. In Proc. of the 36th annual IEEE/ACM Int. Symp. on Microarchitecture, MICRO 36, Washington, DC, USA. IEEE Computer Society.
  27. Suh, G. E., Clarke, D., Gassend, B., van Dijk, M., and Devadas, S. (2003b). AEGIS: architecture for tamperevident and tamper-resistant processing. In ICS 7803: Proc. of the 17th annual Int. Conf. on Supercomputing, New York, NY, USA. ACM.
  28. Szefer, J., Keller, E., Lee, R. B., and Rexford, J. (2011a). Eliminating the Hypervisor Attack Surface for a More Secure Cloud. In Proc. of CCS 2011, Chicago, Illinois, USA.
  29. Szefer, J., Zhang, W., Chen, Y.-Y., Champagne, D., Chan, K., Li, W. X. Y., Cheung, R. C. C., and Lee, R. B. (2011b). Rapid single-chip secure processor prototyping on the OpenSPARC FPGA platform. In Int. Symp. on Rapid System Prototyping, pages 38-44.
  30. Uhlig, R., Neiger, G., Rodgers, D., Santoni, A. L., Martins, F. C. M., Anderson, A. V., Bennett, S. M., Kagi, A., Leung, F. H., and Smith, L. (2005). Intel Virtualization Technology. Computer, 38(5):48-56.
  31. Yang, J., Zhang, Y., and Gao, L. (2003). Fast Secure Processor for Inhibiting Software Piracy and Tampering. In Proc. of the 36th annual IEEE/ACM Int. Symp.on Microarchitecture, MICRO 36, pages 351-, Washington, DC, USA. IEEE Computer Society.

Paper Citation

in Harvard Style

Cucinotta T., Cherubini D. and Jul E. (2014). Confidential Execution of Cloud Services . In Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-019-2, pages 616-621. DOI: 10.5220/0004962406160621

in Bibtex Style

author={Tommaso Cucinotta and Davide Cherubini and Eric Jul},
title={Confidential Execution of Cloud Services},
booktitle={Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},

in EndNote Style

JO - Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Confidential Execution of Cloud Services
SN - 978-989-758-019-2
AU - Cucinotta T.
AU - Cherubini D.
AU - Jul E.
PY - 2014
SP - 616
EP - 621
DO - 10.5220/0004962406160621