Outsourced computing is widely used today. However, current approaches for protecting client data in outsourced computing fall short: use of cryptographic techniques like fully-homomorphic encryption incurs substantial costs, whereas use of hardware-assisted trusted execution environments has been shown to be vulnerable to run-time and side-channel attacks. We present BliMe, an architecture to realize efficient and secure outsourced computation. BliMe consists of a novel and minimal set of instruction set architecture (ISA) extensions implementing a taint-tracking policy to ensure the confidentiality of client data even in the presence of server vulnerabilities. To secure outsourced computation, the BliMe extensions can be used together with an attestable, fixed-function hardware security module (HSM) and an encryption engine that provides atomic decrypt-and-taint and encrypt-and-untaint operations. Clients rely on remote attestation and key agreement with the HSM to ensure that their data can be transferred securely to and from the encryption engine and will always be protected by BliMe's taint-tracking policy while at the server. We provide an RTL implementation BliMe-BOOM based on the BOOM RISC-V core. BliMe-BOOM requires no reduction in clock frequency relative to unmodified BOOM, and has minimal power ($\lt1.5\%$) and FPGA resource ($\leq9.0\%$) overheads. Various implementations of BliMe incur only moderate performance overhead ($8-25\%$). We also provide a machine-checked security proof of a simplified model ISA with BliMe extensions.

翻译：当前外包计算广泛应用，但保护客户端数据的方法存在不足：全同态加密等密码技术成本高昂，而硬件辅助可信执行环境已被证实易受运行时和侧信道攻击。我们提出BliMe架构，旨在实现高效安全的外包计算。BliMe通过一组新颖且简化的指令集架构扩展实现污点追踪策略，即使在服务器存在漏洞的情况下也能保障客户端数据的机密性。该扩展可与可认证的固定功能硬件安全模块及加密引擎协同工作，后者提供原子化的解密并标记污点、加密并清除污点操作。客户端通过远程认证与密钥协商机制与HSM交互，确保数据安全传输至加密引擎，并在服务器端全程受BliMe污点追踪策略保护。我们基于BOOM RISC-V处理器核实现了BliMe-BOOM硬件描述级原型。与未修改的BOOM相比，BliMe-BOOM无需降低主频，功耗增加小于1.5%，FPGA资源开销不超过9.0%。不同实现方案仅产生8%-25%的中等性能开销。此外，我们通过机械验证方法提供了包含BliMe扩展的简化ISA模型的安全证明。