This week we’re addressing confidential computing. In continue to our recent webinar Confidential Computing for Cloud Privacy we sat down with Mr. Stefano Tempesta, From Microsoft Azure Confidential Computing team to learn more on cloud services, privacy and cyber security.
Hi Stefano, to start can you briefly explain confidential computing?
Confidential Computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment. While cloud-native workloads data is typically protected when in transit through networking encryption such as TLS or VPN, and at rest by encrypted storage, there is a relatively recent industry trend to also allow for protecting it when it’s being processed and used in memory.
The confidential computing threat model aims at removing or reducing the ability for a cloud provider operator to access code and data while being executed. In other words, confidential computing tries to remove the infrastructure owner stack (firmware, host kernel, hypervisor, virtual machine) from the Trusted Computing Base (TCB).
Before it can be processed by an application, data must be unencrypted in memory. This leaves the data vulnerable just before, during and just after processing to memory dumps, root user compromises and other malicious exploits. Confidential computing solves this problem by leveraging a hardware-based trusted execution environment, or TEE, which is a secure enclave within a CPU. The TEE is secured using embedded encryption keys, and embedded attestation mechanisms that ensure the keys are accessible to authorized application code only. If malware or other unauthorized code attempts to access the keys - or if the authorized code is hacked or altered in any way - the TEE denies access to the keys and cancels the computation.
In this way, sensitive data can remain protected in memory until the application tells the TEE to decrypt it for processing. While decrypted and throughout the entire computation process, the data is invisible to the operating system (or hypervisor in a virtual machine), to other compute stack resources, and to the cloud provider and its employees.
Are there multiple approaches to confidential computing? If yes, can you briefly describe them.
Technologies like Intel Software Guard Extensions (SGX), or AMD Secure Encrypted Virtualization (SEV) are recent CPU improvements supporting confidential computing implementations. All of them are designed as virtualization extensions and provide feature sets including memory encryption and integrity, CPU-state confidentiality and integrity, and attestation, in order to provide hardware frameworks for building the confidential computing threat model.
There are also other approaches based on software encryption like homomorphic encryption (HE), which is a form of encryption that permits users to perform computations on its encrypted data without first decrypting it. However, the commercial applications of HE are still limited as there are limitations in the technology that prevent a broader adoption at scale.
Hardware-based protection is the preferred approach, currently.
When would you use Confidential computing? Can you provide one or two use cases?
Prevention of fraud and waste, anti-corruption, anti-terrorism, records and evidence management, intelligence analysis, global weapons systems and logistics management, vulnerable population protection (including child exploitation, human trafficking, etc.), anti-money laundering, digital currencies, blockchain, transaction processing, customer analytics, proprietary analytics/algorithm, disease diagnostics, drug development, and contact tracing. The list can go on and on. Anywhere there is a need to protect confidential data from access by unauthorized parties, internal staff or the infrastructure provider.
Companies like Signal, for example, adopt confidential computing to provide a scalable and secure environment for end-to-end communication encryption in its messenger app. The Signal’s private contact discovery service efficiently and scalably determines whether the contacts in their address book are Signal users without revealing the contacts in their address book even to the Signal service, making contact data inaccessible to any unauthorized party, including staff at Signal or the cloud provider.
Are there currently limitations to confidential computing? (type of apps, performance...) Are there differences when developing to run on confidential computing platforms vs typical cloud applications?
Confidential workloads running inside Intel SGX-based enclaves require attestation and trusted communication with the enclave itself. This is obtained by using specialized software developer kits (SDK) such as Intel SGX SDK or Open Enclave SDK. Despite being open source frameworks, these SDKs require coding in C or C++ language only, which may pose a barrier to beginners. Other open source frameworks exist to accommodate the needs of the larger developer community using programming language at higher level. Python, Java, C#, Rust, Go Lang are all supported by the open source framework ecosystem is currently ragged and lacks standardization.
This is going to improve over time, with the refinement of these frameworks, as well as with the introduction of technologies like AMD SEV or Intel TDX, which protect an entire VM rather than an isolated region of memory within. In this case, more typical “lift & shift” models can be implemented, making the difference between regular and confidential cloud basically inexistent.
The need for confidential computing in the cloud seems obvious. What about edge computing?
Great question, definitely spot on. IoT devices are often exposed to tampering and forgery because they are physically accessible by bad actors. Confidential IoT Edge devices add trust and integrity at the edge by protecting the access to telemetry data captured by and stored inside the device itself before streaming it to the cloud.
Do you see blockchain coming into use with confidential computing?
Blockchain nodes are run and maintained by operators or validators who wish to ensure integrity and reach consensus on the state of the network. The nodes themselves are replicas and are used to track blockchain transactions. Each node has a full copy of the transaction history, ensuring integrity and availability in a distributed network. Blockchain technologies built on top of confidential computing can use hardware-based privacy to enable data confidentiality and secure computations.
MobileCoin, a San Francisco-based company that provides fast, highly secure, easy-to-use cryptocurrency payments through mobile messaging apps, sought to go beyond the common data protection practices of encrypting data at rest and in transit and find a way to anonymize customer data with confidential computing.
Stefano Tempesta works at Microsoft in the Azure Confidential Computing product group to make the Cloud a more secure place for your data and apps. Additionally, as an advisor to the Department of Industry, Australia, on the National Blockchain Roadmap, his current focus is on helping people gain and own their digital identity. Stefano is also a technology advisor at Carbon Asset Solutions, a climate action and sustainability network with a mission to slow carbon dioxide emissions and remove excess atmospheric CO2 by using regenerative agriculture technologies.