BliMe: Verifiably Secure Outsourced Computation with Hardware-Enforced Taint Tracking

We present Blinded Memory (BliMe), a way to realize efficient and secure outsourced computation. BliMe consists of a novel and minimal set of ISA extensions that uses taint tracking to ensure the confidentiality of sensitive (client) data even in the presence of server malware, run-time attacks, and side-channel attacks. To secure outsourced computation, the BliMe extensions can be used together with an attestable, fixed-function hardware security module (HSM) and an encryption engine that provides atomic decrypt-and-taint and encrypt-and-untaint operations. The HSM engages in an attestation and key agreement protocol with the client. It provides the resulting client-specific keys to the encryption engine. Clients rely on remote attestation to ensure that their data will always be protected by BliMe's taint tracking policy after decryption. We provide a machine-checked security proof and FPGA implementations (BliMe-Ibex) of BliMe's taint tracking policy. We show that BliMe-Ibex does not reduce performance relative to the unmodified core, and incurs only minor increases in resource consumption in terms of power (${\approx}2.1\%$), LUTs (${\approx}1.0\%$), and registers (${\approx}2.3\%$).