Securing Memory at EPYC Scale
Cloudflare discusses their strategy of ensuring security by encrypting data both in transit and at rest. They explore the issue of data vulnerability when it's in use, specifically within RAM. The company investigates various technologies to protect against physical system attacks, such as enclaves. However, they find that Secure Memory Encryption (SME) offered by AMD EPYC processors provides a more comprehensive solution for encrypting all memory at scale. They test the performance impact of enabling SME and find it to be less than expected, thus reducing the worry of data exfiltration from a stolen server.
Company
Cloudflare
Date published
Feb. 28, 2020
Author(s)
Derek Chamorro, Brian Bassett
Word count
1233
Hacker News points
None found.
Language
English