VYPR
researchPublished Jul 1, 2026· 1 source

Supercomputer RAMSES Achieves Confidential Computing with In-Memory Encryption

Researchers at the University of Cologne have developed the RAMSES supercomputer, capable of encrypting data even while it is actively being processed in memory, closing a critical security gap.

Sensitive data typically receives protection when stored on disk or transmitted across networks. However, a significant vulnerability has historically existed during the processing phase: when data is loaded into a computer's active memory, it becomes readable. This gap, where information remains exposed during computation, has been a persistent challenge for comprehensive data security. Addressing this, a research team at the University of Cologne has engineered a novel supercomputer system named RAMSES, designed to maintain data encryption throughout the entire processing lifecycle, including while it resides in memory.

The inherent difficulty in securing data during active processing stems from the computational demands of encryption and decryption. Supercomputers are optimized for speed, and adding security layers to every memory operation was previously considered a performance bottleneck. However, recent advancements in processor technology, specifically AMD's hardware-based memory encryption features, have fundamentally changed this equation. These processors automatically encrypt data as it moves between the CPU and memory, operating at the hardware level without requiring modifications to the running software. This means data remains scrambled even when accessed by the system's memory controller, offering a robust security enhancement.

This hardware-level encryption provides a substantial security benefit: it prevents even system administrators or the virtual machine management software from accessing the plaintext data in memory. This creates a 'black box' scenario where the contents of a user's computation are opaque to anyone without the explicit decryption keys, significantly enhancing confidentiality. The RAMSES system integrates several existing technologies to achieve this continuous protection. It leverages AMD's memory encryption for in-memory security, IBM storage software for file encryption, and Thales security appliances for cryptographic key management. Multi-factor authentication via Cisco Duo further secures user access.

For the end-user, the RAMSES system is designed for simplicity. Researchers need only add a single instruction to their job requests. The system then automatically provisions a private, encrypted environment, retrieves the necessary cryptographic keys, executes the computation, and securely wipes the environment clean upon completion. This process ensures that temporary computational environments vanish after use, leaving behind only encrypted results. From a user's perspective, initiating a secure job is nearly indistinguishable from running a standard one.

The performance impact of this enhanced security was evaluated using two genomics workloads, typical tasks for the supercomputer. For a disk-intensive job, enabling the highest security settings resulted in a performance slowdown of approximately 4.4 percent. A more memory-intensive job experienced a more significant slowdown of 18 percent, illustrating that workloads heavily reliant on memory access incur a greater performance cost due to the continuous encryption and decryption operations.

An analysis of the performance overhead revealed that roughly half of the slowdown was attributable to running computations within a private virtual environment, even before encryption was applied. The memory encryption itself accounted for the majority of the remaining performance impact, while the file encryption component added a negligible overhead. This breakdown highlights the trade-offs involved in securing memory-intensive operations.

While RAMSES demonstrates a functional implementation of confidential computing, a nuanced point regarding the AMD memory protection technology warrants attention. The system's technical documentation references both an earlier and a newer, more robust version of AMD's memory encryption. The newer version incorporates defenses against specific attack vectors that the older version lacks, and the promise of protection against compromised administrators relies on these advanced defenses. Although the chips within RAMSES are capable of running the stronger version, the paper's use of both version names leaves the exact configuration as a point of inquiry.

The primary motivation behind the RAMSES project is compliance with stringent European privacy regulations, particularly concerning sensitive data like human genomic information and medical imaging. Offloading such data to commercial cloud services, even highly secure ones, introduces complexities related to data sovereignty, legal compliance, and auditing. By maintaining the supercomputer in-house, the University of Cologne can ensure data remains within its physical and administrative control, simplifying audits and physical security management. The service is provided to researchers at no cost, and the system's source code is available to other academic institutions, offering a valuable blueprint for implementing similar confidential computing solutions.

Synthesized by Vypr AI