AWS customers can utilize multiple techniques to protect data at rest and data in motion. For example, the data stored in Amazon S3 can be encrypted using custom keys managed by users. The data ingested into the AWS cloud is always secured through standard encryption mechanisms based on SSL and TLS. AWS also secures the data flowing between various services such as Amazon EC2 and Amazon RDS.
While there has been a lot of emphasis on securing data at rest and in motion, there was no option to protect sensitive data stored in memory during the processing. Advanced malware and unauthorized software can exploit vulnerabilities to steal in-memory data from a running process.
AWS Nitro Enclaves addresses the gap by protecting data that is under processing. It complements securing data in motion and at rest by isolating sensitive data used by applications running within an EC2 instance.
What is AWS Nitro?
AWS Nitro is a combination of software and hardware enhancements to the Amazon EC2 platform. Based on the innovations from Annapurna Labs, Amazon has moved the hypervisor, network virtualization and storage virtualization to a dedicated hardware device that frees up the CPU to run additional virtual machines. For a detailed overview of AWS Nitro, refer to my Forbes article on Amazon’s Annapurna Labs acquisition. MORE FOR YOUWhat Is A Data Processing Unit (DPU) And Why Is NVIDIA Betting On It?Want To Infuse AI Into Your Apps With Minimal Effort? Try Microsoft LobeHow TinyML Makes Artificial Intelligence Ubiquitous
With a major part of the hypervisor moving to the hardware, AWS Nitro enabled Amazon EC2 to go beyond virtual machines. One of the enhancements is the ability to run bare metal instances, which became the foundation of VMware Cloud on AWS.
Apart from compute, storage and network acceleration, AWS Nitro has a dedicated security chip capable of isolating the data used by each guest VM running on a host.
AWS Nitro Enclaves take advantage of the Nitro technology to bring confidential computing to Amazon EC2 infrastructure. MORE FROM FORBESHow An Acquisition Made By Amazon In 2016 Became Company’s Secret SauceBy Janakiram MSV
A Closer Look at AWS Nitro Enclaves
At a high level, AWS Nitro Enclaves are lightweight, secure VMs running with an Amazon EC2 instance. A Nitro Enclave can be accessed by an application running in the same EC2 instance. AWS Nitro Enclaves don’t have an IP address, persistent storage, or user access. They cannot be attached to a VPC and they don’t expose any API or endpoint to the outside world. A secure virtual socket (VSOCK) is the only channel to interact with an AWS Nitro Enclave.
Since the same Nitro Hypervisor manages the parent EC2 instance and the Nitro Enclave VM, there is a cryptographic attestation process to prove an enclave’s identity and verify that only authorized code is running in an enclave. The Nitro Hypervisor associates a signed attestation document for the enclave to establish its identity to another party or service. Attestation documents contain details of the enclave, such as the enclave’s public key, hashes of the enclave image and applications, and more. Nitro Enclaves includes AWS Key Management Service (KMS) integration, where KMS can read and verify these attestation documents sent from the enclave before re-encrypting data to an enclave-specific private key.
AWS Nitro Enclaves borrows concepts from Docker to manage the lifecycle of an Enclave. Like Docker, an image has to be built with custom code that runs within an Enclave security context.
An application taking advantage of AWS Enclave has to split the processing between the parent EC2 instance and the secure Enclave VM. Amazon has published C SDK to enable applications to integrate with AWS Nitro Enclaves.
Since certificate management is a critical function in configuring secure applications, AWS has created a reference application that connects AWS Certificate Manager (ACM) with Nitro Enclaves. This reference enclave application allows customers to use public and private SSL/TLS certificates from ACM with mainstream web applications and servers such as NGINX running on Amazon EC2 instances with Nitro Enclaves. ACM for Nitro Enclaves is fully integrated and compatible with NGINX 1.18.
Currently, AWS Nitro Enclaves are supported on EC2 instances based on Intel x86 and AMD64 architecture. Bare metal instances, burstable instance types from the t3 family, Graviton2-based instances, and instances with just one CPU are not supported.
With AWS Nitro, Amazon has taken a different approach compared to other hyperscalers. It is heavily relying on the design and IP that went into Project Nitro. Microsoft and Google built their confidential computing offering based on the security enhancements of Intel and AMD processors.
Microsoft’s Azure confidential computing is based on Intel Software Guard Extensions (SGX)-enabled CPUs. Google Compute Engine and Kubernetes Engine use hardware memory encryption powered by the AMD Secure Encrypted Virtualization feature based on AMD EPYC processors.
Amazon’s investment in the Nitro project starts to pay off. After launching bare metal instances and EC2 instances based on the Graviton2 processor, AWS Nitro Enclaves is the latest enhancement powered by the Nitro project.Follow me on Twitter or LinkedIn. Check out my website