Confidential Computing in the Cloud
How Confidential Computing could help bring everyone to the cloud
Security is one of the most important pillars for an organization. Worryingly, there has been an increase in the number of CVEs (Common Vulnerabilites and Exposures) every year, for e.g. in just last three months, there have been 5959 new security loopholes found. There is even a twitter feed to follow every new vulnerability as it is announced (not for the faint-hearted!).
Data security — in different states
Data is primarily in three states — at-rest, in-transit or in use. In the last years, the focus has primarily been on security of data at-rest and in-transit. Data at-rest can be encrypted at file, filesystem or disk level. Data in-transit has been more and more secure with the increased adoption of HTTPS. More and more companies are even moving towards stronger RSA encryption.
Data-in-use security however had been ignored, but has grained traction lately for multiple reasons:
- Attack vectors — As data-at-rest and in-transit have gotten more secure, the attackers have started to exploit the vulnerabilities of data-in-use, mainly using malwares / memory snooping / memory scraping. Attack vectors on the cloud include hypervisor and container breakout, firmware compromise, and insider threats.
- Costs of data breaches — As more and more regulations are introduced in various places (GDPR in Europe, CCPA in California etc.), there has been a monetary cost associated with data breaches, other than the loss of brand image and general embarrassment. For e.g. under GDPR, the data custodian is to pay 4% of gross annual revenue for a data breach.
- Reluctance in Cloud Adoption — Many companies have been reluctant in adopting the public cloud because of the lack of security while data-in-use or because the regulation prohibits it or unauthorized access to their code (intellectual property) or the fear of data compromise etc.
The problem of data-in-use security is what is primarily confronted in Confidential computing. So let’s dive in.
Confidential computing aims to protect your code and data from being compromised. Confidential computing is achieved using hardware-based Trusted Execution Environments (TEE), also known as Enclaves, however there are other ways of data protection called Homomorphic encryption and Trusted Platform Modules (TPM).
Important: It’s important to clear up what confidentiality and integration stand for here. Confidentiality stands for prevention of any unauthorized view, whereas Integrity stands for prevention or detection of any unauthorized change.
Confidential computing requires a mix of software and hardware where hardware normally serves as the root of trust for security purposes.
Enclaves / TEEs
The basic idea in confidential computing is to reduce your attack surface area, for e.g. on traditional systems, if some attacker is able to get root access to your machine where you keep your keys, not much can be done to stop this attack. However if you run an application in an Enclave (TEE), the application can run protected from even the OS kernel, with the guarantee that even a user running with root privileges cannot extract the Enclave’s secrets or compromise its integrity.
In Confidential Computing, the only other thing that you trust is your CPU. Any calls to the OS go through the enclave, thus enclave has to either bypass the call to the OS in case this call poses no security threat or provide a secure alternative to the OS call.
Enclaves ensure that only authorized code can access the data (Data confidentiality). In case the code has been tampered with, the Enclave denies the operation (Code Integrity). Enclaves however have no industry standard and the technologies can be varied. There are multiple frameworks that allow you to develop application using multiple TEE backends, hardware or software, for e.g. Google offers Asylo , whereas Microsoft has OpenEnclave.
Enclaves can be enabled through hardware isolation technologies such as Intel SGX or ARM TrustZone, or through additional software layers such as a hypervisor, for e.g. Microsoft’s Virtual Secure Mode is a software-based TEE implemented by Hyper-V.
Homomorphic Encryption provides the ability to compute on data while the data is encrypted. It can thus protect arbitrary data, but by itself cannot ensure that the correct operations have been done and that the code has not been tampered with, whereas an Enclave/TEE protects both the data and the code.
Trusted Platform Modules (TPM)
TPM protects keys, but by itself cannot vouch for the validity of the data signed or encrypted by those keys, and it is not programmable with arbitrary code, whereas an Enclave/TEE is programmable and protects that code and its data.
Use cases of Confidential Computing
- Public Cloud use — Enhanced protection guarantees provided by Confidential computing enable many workloads to move to the public cloud which previously could not due to security concerns or compliance requirements.
- Better collaboration opportunities — Better isolation and confidentiality provided by confidential computing allows companies to work together without worrying about their IP being stolen or data being compromised.
- Mobile and personal computing devices — Better guarantees for the customers that their personal data is not observable by anyone else during data processing.
- Edge and IoT — A lot of machine-learning use cases can be enabled in the presence of confidential computing, for e.g. CCTV camera surveillance, where the provider needs to load templates of persons of interest that could be harmful if leaked.
Confidential Computing Offerings
Google Cloud recently released Confidential VMs (in Beta) which keep data encrypted in memory and elsewhere outside the central processing unit (CPU). Memory encryption ensures that data is encrypted while it’s in RAM. Main memory encryption is performed using dedicated hardware within the on-die memory controllers. Each controller includes a high-performance Advanced Encryption Standard (AES) engine. The AES engine encrypts data as it is written to DRAM or shared between sockets, and decrypts it when data is read. This makes the content of the memory more resistant to memory snooping and cold boot attacks.
Confidential VMs leverage the Secure Encrypted Virtualization (SEV) feature of 2nd Gen AMD EPYC™ CPUs. AMD Secure Encrypted Virtualization uses keys to cryptographically isolate individual virtual machines and the hypervisor from one another. The keys are managed by the AMD Secure Processor. An attacker with hypervisor administrator access or a compromised VM account may try to read the memory of other virtual machines. With SEV, the attacker sees only encrypted data.
Confidential VMs are built on Shielded VMs (enabling protection against rootkits and bootkits) and allow for any workload to be deployed without any change whatsoever.
The performance hit because of encryption/decryption has been shown to be 1–6%.
Azure offers DCsv2-series VM that uses hardware-based trusted execution environments (TEEs). Even cloud administrators and datacenter operators with physical access to the servers cannot access TEE-protected data. It uses Intel SGX hardware which protects your data and keeps it encrypted while the CPU is processing it, even the operating system and hypervisor cannot access it, nor can anyone with physical access to the server.
Unlike Google Cloud’s Confidential VMs where you can use any workload, with Azure’s offering you can’t just use any workload so you might have to rewrite application or work with one of Azure partners like Anjuna.
AWS offers Nitro Enclaves which uses the same Nitro Hypervisor technology that creates the CPU and memory isolation among EC2 instances, to create the isolation between an Enclave and an EC2 instance. Nitro Enclaves are virtual machines attached to EC2 instances that come with no persistent storage, no administrator or operator access, and only secure local connectivity to your EC2 instance.
Nitro Enclaves includes cryptographic attestation for your software, so that you can be sure that only authorized code is running, as well as integration with the AWS Key Management Service, so that only your enclaves can access sensitive material. Nitro Enclaves are currently available only in preview.
All three clouds have gone different ways. Google Cloud’s Confidential VMs provides a very smooth experience if you are only looking for data integrity and confidentiality. However if you are looking for code integrity and confidentiality, you’d have to use Asylo as mentioned earlier, which although is not an official Google product.
Azure’s offering uses hardware-based trusted execution environments (TEEs) which although doesn’t allow easy integration for all workloads. AWS Nitro enclaves are very promising as they are able to leverage Nitro for isolation and security. It will be interesting to see how these technologies evolve and which cloud ultimately offers the easiest path to confidential computing as a whole.