Inferensys

Glossary

Runtime Encryption

Runtime encryption is the transparent, hardware-level encryption of a process's or virtual machine's entire memory space, ensuring data remains encrypted even when loaded into RAM for active computation.
Data scientist building training data pipeline on laptop, data preprocessing visible, technical workspace.
DATA-IN-USE PROTECTION

What is Runtime Encryption?

Runtime encryption is the hardware-enforced, transparent encryption of a process's or virtual machine's entire memory space, ensuring data remains encrypted even when loaded into RAM for active computation.

Runtime encryption is a hardware-level security mechanism that automatically encrypts and decrypts data as it moves between the processor cache and main memory. Unlike data-at-rest or data-in-transit encryption, this technique closes the final vulnerability gap by protecting data-in-use, preventing the operating system, hypervisor, or a physical attacker with a memory probe from reading plaintext secrets during active processing.

This capability is the foundational primitive of Confidential Computing, implemented by technologies like Intel TDX and AMD SEV-SNP. A hardware-embedded encryption engine, keyed with a key inaccessible to all software, performs transparent memory page encryption. This ensures that even a compromised host cannot inspect the workload's state, enabling secure processing of sensitive data in untrusted cloud environments.

DATA-IN-USE PROTECTION

Key Features of Runtime Encryption

Runtime encryption ensures that data remains encrypted even while actively being processed in system memory, closing the final security gap between data-at-rest and data-in-transit protection.

01

Transparent Memory Encryption

The CPU's integrated memory controller automatically encrypts and decrypts data as it moves between the processor cache and main memory (RAM). This process is transparent to applications, requiring no code modifications. Technologies like AMD SME and Intel TME use AES-XTS hardware engines operating at memory bandwidth speed, ensuring that a physical attacker with a DRAM interposer or a cold-boot attack sees only ciphertext. The encryption key is generated by a hardware random number generator at each boot cycle and never leaves the processor package.

< 1 ns
Added Latency
02

Per-VM or Per-Process Isolation

Advanced implementations extend transparent encryption with cryptographic isolation between virtual machines or individual processes:

  • AMD SEV: Assigns a unique encryption key to each virtual machine, preventing the hypervisor or a neighboring VM from accessing encrypted memory pages.
  • Intel MKTME: Allows software to assign distinct keys to different memory pages, enabling per-process or per-container encryption domains.
  • ARM Realm Extension: Creates hardware-backed address spaces where data is encrypted with a unique key inaccessible to the hypervisor. This ensures that even a compromised operating system cannot read the memory of a protected workload.
03

Integrity Protection Against Tampering

Encryption alone does not prevent an attacker with physical access from replaying stale ciphertext or corrupting memory to induce faults. Runtime encryption is therefore paired with cryptographic integrity verification:

  • AMD SEV-SNP: Adds a reverse map table that cryptographically verifies that data read from a guest page is the exact data last written by that guest, preventing replay and data corruption attacks.
  • Intel TDX: Implements a secure extended page table with integrity metadata, ensuring that any unauthorized modification to encrypted memory triggers a machine check exception.
  • MAC-based verification: Hardware computes a Message Authentication Code on each cache line write and verifies it on read, detecting bit-flip attacks.
04

Hardware Root of Trust for Key Management

The encryption keys used for runtime protection are never exposed to software. They are derived from a physically unclonable function (PUF) or a fused hardware secret burned into the silicon during manufacturing. The key hierarchy flows as follows:

  • A Hardware Root of Trust generates a device-unique seed.
  • At boot, the CPU firmware derives ephemeral memory encryption keys from this seed combined with a random nonce.
  • Keys are stored in on-die registers accessible only to the memory encryption engine.
  • A system reset or power cycle destroys the keys, rendering any captured DRAM contents permanently indecipherable.
05

Full Memory Bus Protection

Runtime encryption protects data across the entire memory bus—the physical pathway between the CPU socket and DRAM modules. This is critical because:

  • Inter-socket links on multi-socket servers (e.g., AMD Infinity Fabric, Intel UPI) carry cache-coherent traffic that can be passively sniffed.
  • CXL-attached memory and accelerators extend the memory bus beyond the motherboard, creating new attack surfaces.
  • DDR5 interposers and logic analyzers can capture raw memory traffic in real-time. Hardware encryption engines sit between the last-level cache and the memory controller, ensuring that all data leaving the processor socket is ciphertext, regardless of the destination.
06

Integration with Confidential Computing Attestation

Runtime encryption is the foundational layer that enables Confidential Computing. It works in concert with attestation to build a complete trust chain:

  • During remote attestation, the TEE provides a cryptographic report that includes a hash of the memory encryption key state, proving that runtime encryption is active.
  • A verifier can confirm that the workload is running with SEV-SNP or TDX protections enabled before provisioning secrets.
  • The attestation report binds the workload's identity to the encryption key, ensuring that decrypted data is only accessible within the attested environment. This closes the loop: encryption protects the data, and attestation proves the encryption is in place.
RUNTIME ENCRYPTION

Frequently Asked Questions

Clear, technically precise answers to the most common questions about transparent memory encryption, its hardware underpinnings, and its role in protecting data during active computation.

Runtime encryption is the transparent, hardware-level encryption of a process's or virtual machine's entire memory space, ensuring that data remains encrypted even when loaded into RAM for active computation. It works by integrating an AES-XTS encryption engine directly into the processor's memory controller. When the CPU writes data to DRAM, the engine encrypts it; when it reads data back, it decrypts it. The encryption keys are generated by a hardware random number generator during boot and are stored in on-die registers inaccessible to firmware, the operating system, or any external device. This creates a cryptographically isolated execution environment where the hypervisor, host OS, and even physical attackers with a DRAM interposer cannot read plaintext memory.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.