BliMe: Verifiably Secure Outsourced Computation with Hardware-Enforced Taint Tracking

Outsourced computing is widely used today. However, approaches for protecting client data in outsourced computing fall short: use of cryptographic techniques like fully-homomorphic encryption incurs substantial costs, whereas the use of hardware-assisted trusted execution environments has been shown to be vulnerable to server malware, run-time attacks, and side-channel attacks. We present Blinded Memory (BliMe), an architecture to realize efficient and secure outsourced computation. BliMe consists of a novel and minimal set of ISA extensions implementing a taint-tracking policy to ensure the confidentiality of client data even in the presence of server vulnerabilities. To secure outsourced computation, the BliMe extensions can be used together with an attestable, fixed-function hardware security module (HSM) and an encryption engine that provides atomic decrypt-and-taint and encrypt-and-untaint operations. Clients rely on remote attestation and key agreement with the HSM to ensure that their data can be transferred securely to and from the encryption engine and will always be protected by BliMe's taint-tracking policy while at the server. We provide a machine-checked security proof, and two different hardware implementations (BliMe-Simple and BliMe-Realistic) of BliMe extensions. We show that BliMe implementations incur only minor increases in performance (< 5%), and resource consumption (< 3% for power, LUTs and registers).