The increasing number of threats targeting cloud computing and the exploitation of specifically privileged software vulnerabilities have pushed the security managers of cloud service providers to deploy hardware-based solutions. These solutions can offer better hardware-assisted security features for a broad range of computing platforms including both CISC and RISC architecture families in datacenters. Their goal is to reduce the attack surface by rooting the trust into the hardware instead of some high-privileged pieces of system software such as the operating system or the hypervisor which have been demonstrated that they include severe security vulnerabilities, thus limiting the adoption of the cloud computing model for some security-skeptical users. In this paper, we give cloud users and customers, application developers and security managers a comprehensive overview of four major industrial-scale commercial hardware-based solutions brought by major vendors in the cloud market. We present, analyze and compare Intel TXT, ARM TrustZone, AMD SEV, and Intel SGX technologies with respect to more than twenty criteria fitting within three categories: security, functional and deployment. We discuss each of these technologies and show the cases where they particularly excel. Our comparison can help IT managers to take the right decision about which better industrial technology to adopt for their particular security requirements and future cloud migrations.

针对云计算的威胁越来越多，对特定特权软件漏洞的利用也迫使云服务提供商的安全经理部署基于硬件的解决方案。这些解决方案可以为包括数据中心中的CISC和RISC体系结构系列在内的各种计算平台提供更好的硬件辅助安全功能。他们的目标是通过将信任关系植根于硬件而不是某些高特权级的系统软件（例如，操作系统或虚拟机管理程序）来证明减少攻击面，这些系统软件已证明包含严重的安全漏洞，从而限制了对安全性的采用。一些对安全性持怀疑态度的用户的云计算模型。在本文中，我们为云用户和客户，应用程序开发人员和安全经理对云市场主要供应商带来的四种主要的工业规模商业硬件解决方案进行了全面概述。我们针对二十多个符合以下三类标准的安全性，功能和部署提出，分析和比较Intel TXT，ARM TrustZone，AMD SEV和Intel SGX技术。我们讨论了每种技术，并展示了它们特别擅长的情况。我们的比较可以帮助IT经理正确地决定采用哪种更好的工业技术来满足其特定的安全要求和未来的云迁移。AMD SEV和Intel SGX技术针对二十多个标准进行了分类，分别适用于三个类别：安全性，功能和部署。我们讨论了每种技术，并展示了它们特别擅长的情况。我们的比较可以帮助IT经理正确地决定采用哪种更好的工业技术来满足其特定的安全要求和未来的云迁移。AMD SEV和Intel SGX技术针对二十多个标准进行了分类，分别适用于三个类别：安全性，功能和部署。我们讨论了每种技术，并展示了它们特别擅长的情况。我们的比较可以帮助IT经理正确地决定采用哪种更好的工业技术来满足其特定的安全要求和未来的云迁移。