What Is Confidential Computing?
A handful of major technology companies are going all in on a new security model they're calling confidential computing in an effort to better protect data in all its forms.
The three pillars of data security involve protecting data at rest, in transit, and in use. Protecting data at rest means using methods such as encryption or tokenization so that even if data is copied from a server or database, a thief can't access the information. Protecting data in transit means making sure unauthorized parties can't see information as it moves between servers and applications. There are well-established ways to provide both kinds of protection.
Protecting data while in use, though, is especially tough because applications need to have data in the clear-not encrypted or otherwise protected-in order to compute. But that means malware can dump the contents of memory to steal information. It doesn't really matter if the data was encrypted on a server's hard drive if it's stolen while exposed in memory.
Proponents of confidential computing hope to change that. We're trying to evangelize there are actually practical solutions" to protect data while it's in use, said Dave Thaler, a software architect from Microsoft and chair of the Confidential Computing Consortium's Technical Advisory Council.
The consortium, launched last August under the Linux Foundation, aims to define standards for confidential computing and support the development and adoption of open-source tools. Members include technology heavyweights such as Alibaba, AMD, Arm, Facebook, Fortanix, Google, Huawei, IBM (through its subsidiary Red Hat), Intel, Microsoft, Oracle, Swisscom, Tencent, and Vmware. Several already have confidential computing products and services for sale.
Confidential computing uses hardware-based techniques to isolate data, specific functions, or an entire application from the operating system, hypervisor or virtual machine manager, and other privileged processes. Data is stored in the trusted execution environment (TEE), where it's impossible to view the data or operations performed on it from outside, even with a debugger. The TEE ensures that only authorized code can access the data. If the code is altered or tampered with, the TEE denies the operation.
Many organizations have declined to migrate some of their most sensitive applications to the cloud because of concerns about potential data exposure. Confidential computing makes it possible for different organizations to combine data sets for analysis without accessing each other's data, said Seth Knox, vice president of marketing at Fortanix and the outreach chair for the Confidential Computing Consortium. For example, a retailer and credit card company could cross-check customer and transaction data for potential fraud without giving the other party access to the original data.
Confidential computing may have other benefits unrelated to security. An image-processing application, for example, could store files in the TEE instead of sending a video stream to the cloud, saving bandwidth and reducing latency. The application may even divide up such tasks on the processor level, with the main CPU handling most of the processing, but relying on a TEE on the network interface card for sensitive computations.
Such techniques can also protect algorithms. A machine-learning algorithm, or an analytics application such as a stock trading platform, can live inside the TEE. You don't want me to know what stocks you're trading, and I don't want you to know the algorithm," said Martin Reynolds, a technology analyst at Gartner. In this case, you wouldn't get my code, and I wouldn't get your data."
Confidential computing requires extensive collaboration between hardware and software vendors so that applications and data can work with TEEs. Most confidential computing performed today runs on Intel servers (like the Xeon line) with Intel Software Guard Extension (SGX), which isolates specific application code and data to run in private regions of memory. However, recent security research has shown that Intel SGX can be vulnerable to side-channel and timing attacks.
Fortunately, TEEs aren't available only in Intel hardware. OP-TEE is a TEE for nonsecure Linux Kernels running on Arm Cortex-A cores. Microsoft's Virtual Secure Mode is a software-based TEE implemented by Hyper-V (the hypervisor for Windows systems) in Windows 10 and Windows Server 2016.
The Confidential Computing Consortium currently supports a handful of open-source projects, including the Intel SGX SDK for Linux, Microsoft's Open Enclave SDK, and Red Hat's Enarx. Projects don't have to be accepted by the consortium to be considered confidential computing: For example, Google's Asylo is similar to Enarx, and Microsoft Azure's confidential computing services support both Intel SGX and Microsoft's Virtual Secure Mode.
Hardware-based TEEs can supplement other security techniques, Thaler said, including homomorphic encryption and secure element chips such as the Trusted Platform Module. You can combine these technologies because they are not necessarily competing," he said. Are you looking at the cloud or looking at the edge? You can pick which techniques to use."
This article appears in the June 2020 print issue as The Rise of Confidential Computing."