Confidential Computing, Simplified!

Rajesh Dangi / July, 2021

The world is becoming more and more reliant on digital infrastructure as it helps businesses and ecosystems transform their services and operations through the steady adoption of digital strategies towards cloud-native applications, automation, and emerging technologies such as AI/ML, IoT and Edge Computing, etc. making digital transformation (DX) as the core of their organizational imperatives.

Respecting the need to accelerate digital transformation agenda and to minimize costs, increase efficiencies and any device, anytime, anywhere computing store and process critical data, everyone seems to be migrating workloads to the cloud naturally and have concerns about the security of their sensitive data in the back of their minds. The key principles of data security via classification, isolation, encryption at every stage of data processing and storage without compromising the CIA triad of confidentiality, integrity, and availability is a tight rope walk for many organizations. Data security spans all three stages i.e. while being transmitted, processed, and stored.

Although there are multiple means of encapsulation, isolation, and encryption of data while being transmitted or stored with help from multiple established solutions, yet there was no control while the data was being processed in the memory and threats like memory dump attacks took advantage and captured the data right before, during it was processed.The risk was further mitigated with many initiatives, all the way back in 2003, development of a Trusted Platform Module (TPM) a semiconductor intellectual property core or integrated circuit that conforms to the specification to enable trusted computing features in computers but wide-scale opposition from the free software community on the grounds that the technology they are developing might have/has a negative impact on the users' privacy and can create customer lock-in, especially if it is used to create Digital rights management kind of applications.

Alternatively, there are existing methodologies such as data de-identification or even homomorphic encryptions being used in protecting the data under the umbrella of data protection but still remain a topic of research and did not see large-scale adoption due to complexities in adoption and manageability. A typical homomorphic encryption algorithm can protect arbitrary data, but by itself cannot ensure that the correct operations have been done and that the code has not been tampered with, whereas Confidential Computing comes out as a better alternative to protect both the data and the code by design and paved a new way of securing data working right along with the silicon layer.

Confidential computing is a mechanism that focuses on protecting the data in use. i.e. while data being processes in the memory limiting the access to the data in use by authorized code thus offering the highest level of technical assurance for data security, privacy, and regulatory compliance in a multitenant, geo-dispersed, or distributed processing environments. Building on this thought, the principle of confidential computing rests on a key assurance that the data owner has complete control over the data and ensures that only authorized application accesses this data. When combined with storage and network encryption with exclusive control of encryption keys it provides real-time end-to-end data security.

The Method & The Means

By leveraging hardware-based TEE, ( Read, Trusted Execution Environment) forming a secure enclave, i.e. the region of the CPU core/threads within a processor socket and using embedded encryption keys with embedded attestation mechanisms to ensure those keys are accessible only to the authorized application code and incase of any malware or other unauthorized code attempts to access the keys or if the authorized code is hacked or altered in any way - the TEE denies access to the keys and cancels the computation.

This mechanism is widely promoted by the CCC, The Confidential Computing Consortium, formed under the auspices of The Linux Foundation in 2019 with the participation of multiple stakeholders, i.e. Processor OEMs,Cloud providers, and other software engineering, etc. to define and develop the standards, tools and open-source ecosystem to promote Confidential Computing. Worth a mention two of the Consortium's first open-source projects, Open Enclave SDK and Red Hat Enarx or Googles Asylo framework SDK help developers build applications that run without modification across TEE platforms and enable developers to package it WebAssembly as a compile target, for example, Enarx will help run it within Trusted Execution Environments (TEEs) without rewriting for particular platforms or SDKs. It handles attestation and delivery into a run-time “Keep” based on WebAssembly, independent of CPU architecture, enabling the same application code to be deployed across multiple targets, abstracting issues such as cross-compilation and differing attestation mechanisms between hardware vendors. TEEs are set to provide a level of assurance of the following three aspects of data security.

While we discuss confidential computing there are common threads drawn between TEE’s and HSM, The HSM(Read, Hardware Security Modules) generally provides higher levels of protection than TEEs, since they are purpose-built to offer protection for data in motion and data at rest under encryption, and deployed as separate hardware modules, accessed via the PCI bus, network, etc. TEEs come as an integral part of the CPU chipset on a motherboard and can be programmed for granularity for a specific task whereas HSM enables only modular use and typically takes a higher level of difficulty and skills to work to program for a specific task. Both HSMs and TEE instances can be used as general-function processing units and can be programmed for particular uses (e.g. PKCS#11 modules) etc. The cost of HSMs is high (typically thousands of dollars), whereas TEEs are integral to the processor operating at silicon layer with lesser cost overheads than the HSMs.

  • Data confidentiality: Unauthorized entities cannot view data while it is in use within the TEE.
  • Data integrity: Unauthorized entities cannot add, remove, or alter data while it is in use within the TEE
  • Code integrity: Unauthorized entities cannot add, remove, or alter code executing in the TEE.

Together, these attributes provide not only an assurance that the data is kept confidential, but also that the computations performed are actually the correct computations, enriching trust in the results of the processing/computation thereof. Similarly on the hardware front TEE demands coupled hardware readiness, to cite an example Intel developed the Software Guard Extension (SGX) a security instruction set baked into many of Intel's x86-based CPUs (Intel Xeon CPU platform since 2016) offering hardware-based memory encryption that isolates specific application code and data in memory and while processing, data is decrypted in a secure enclave which is only accessible to permitted participants holding the keys.

The TEEP Architecture

The software-only security has been a challenge, it is only as strong as the layers below it since security in any layer of the compute stack could potentially be circumvented by a breach at an underlying layer. A strong approach of security embedded in the lowest layers of hardware, with a minimum of dependencies thereby reducing exposure to potential compromise was required. With the goal of decreasing the reliance on proprietary software for confidential computing environments, the Confidential Computing Consortium has excluded from its scope TEEs that have only software roots of trust and focused on hardware-based security guarantees for confidential computing environments, this is a fundamental paradigm shift from software-based security to hardware-based security.

Thus Confidential computing to become successful required extensive collaboration between hardware and software vendors so that applications and data can work with TEEs, Applications executing in a device/instances are exposed to many different attacks intended to compromise the execution of the application or reveal the data upon which those applications and with the complexity of features and applications on devices, and the unintended interactions among those features and applications. The danger of attacks on a system increases as the sensitivity of the applications or data on the device increases

The Trusted Execution Environment (TEE) concept is designed to execute applications in a protected environment that enforces that any code within that environment cannot be tampered with and that any data used by such code cannot be read or tampered with by any code outside that environment for TEEs that simply verify and load signed TA's (Read, Trusted Applications) from an untrusted filesystem, classic application distribution protocols can be used without modification. The problem such as these required a new protocol, i.e., the TEEP protocol, for TEEs that can install and enumerate TAs in a TEE-secured location and where another domain-specific protocol standard (e.g., {{GSMA}}, {{OTRP}}) that meets the needs is not already in use. The very purpose of The Trusted Execution Environment Provisioning (TEEP) Architecture, motivates the design and standardization of a protocol for managing the lifecycle of trusted applications running inside such a TEE and provide definition and design of Trusted Application (TA), while a normal application running in the regular operating system is referred to as an Untrusted Application (UA).

Key Benefits

As we touched upon earlier the migration of workloads from on-premise to cloud and emergence of cloud-native applications, traditionally we have had

enough offerings and examples of securing data in transit and data at rest, yet Confidential computing offers to bridge the gap of data in use encryption, for sensitive workloads and eliminates the single largest barrier to moving sensitive or highly regulated data sets and application workloads from an inflexible, expensive on-premises IT infrastructure to more flexible and modern cloud platforms as the most important benefit. Of course, there is enough evidence to state that even Premise Hybrid cloud can be made secure via leveraging the TEEs, overall there are three key benefits or use cases of Confidential Computing;

  • Protect intellectual property. Confidential computing furthers its scope beyond typical data protection use cases to protect proprietary business logic, analytics functions, machine learning algorithms, or entire applications enabling DRMs; ( Read Digital Rights Management). Ensure the data complies with regulations such as GDPR, protect data, such as financial data, encryption keys, or any other data that needs to be protected.
  • Hybrid Cloud with social media and mobile computing solutions/platforms. Leveraging proprietary algorithms or intellectual property IP based offerings from various providers to collaborate and co-create solutions, in the current mobile computing regime this need has become more imminent and the logical isolation and encryption have become essentials to protect PII data such as biometric and facial data from one user to another while validating the always logged on authentication processes of user sessions, etc. Enable developers to build applications that can be transferred through cloud platforms.
  • Protect data processed in the cloud or at the edge – Public Cloud computing and edge computing combination is often a distributed computing framework that brings enterprise applications closer to data sources such as IoT devices, CDNs, or edge web services, while the core cloud holds the central manageability data stores, etc. At both locations, the data and application can be protected with confidential computing with TEEs aligned hardware and frameworks making it more reliable and secure. Ensure the data in use is safe when transferring workloads to different environments and provides strict isolation between multiple data owners and fiduciaries.
  • Cryptographic keys, secrets, credentials, and tokens are the “keys to the digital assets” for protecting sensitive data. Historically, the storage and processing of these critical information assets required an on-premises hardware security module (HSM) for security requirements for cryptographic modules. The proprietary nature of traditional HSM hardware increases their cost, limits their scalability, and presents cost and compatibility challenges for deployment in the cloud and edge computing environments. Confidential Computing can be used to store and process cryptographic and secret information using standardized on-premise compute infrastructure or in the public/hybrid cloud/edge locations for key management to store and process cryptographic keys, secrets, and tokens inside a secure, hardware-based TEE.

In summary, the Confidential Computing landscape is rapidly evolving to protect sensitive data and code against a class of threats occurring during data execution which were previously difficult, today many solution providers/OEMs have developed different solutions via confidential computing by making trade-offs, for example around TCB size, ranging from partitioning the application’s code into trusted and untrusted components to enabling the migration of existing applications with few or no changes, etc facilitating the adoption of TEEs. As confidential computing continues to evolve, along with Confidential Computing Consortium making it easier to remain optimistic about the innovation that lays before this field simplifying the data protection and security for masses, for Sure!


July 2021. Compilation from various publicly available internet sources, author’s views are personal.