Enterprises, governments and other organizations all sit on vast troves of data that cannot be processed due to security and privacy concerns. To address this limitation, researchers and vendors have developed various confidential computing techniques to safely process sensitive data.
Confidential computing is particularly important for organizations in heavily regulated industries or sectors where opportunities for running workloads on the public cloud are severely limited, such as government, telecommunications, healthcare and banking. Confidential computing protects data at rest, which enables organizations to deploy sensitive workloads off premises and provides further protection to sensitive workloads on premises.
“Edge computing, IoT, blockchain, smartphones, cloud platforms and SaaS applications are all technologies that introduce concern over how sensitive data is processed, whether it be financial, health or personal,” said Scott Binner, Senior Consultant at SPR, an IT consultancy. That’s because each technology can touch personally identifiable information and trigger concerns around GDPR, HIPPA and other privacy laws, which is fueling the need for confidential computing.
There are several confidential computing approaches — each with different tradeoffs in terms of computing performance, communication overhead and security. Cloud providers, silicon manufacturers and software vendors have worked with the Linux Foundation to create the Confidential Computing Consortium to bring confidential computing to the general market.
“If projects and products can show regulators and legislators that the levels of security are sufficient to meet their requirements, then deployment to public clouds becomes plausible for a great many more applications and use cases,” said Mike Bursell, chief security architect at Red Hat.
Types of confidential computing
There are four broad categories of confidential computing technology:
- Trusted execution environments (TEE)
- Secure multiparty computation
- Fully homomorphic encryption
- Differential privacy
TEEs run sensitive workloads on isolated areas of specially crafted silicon and offer a balance between performance and security. Compared with standard VMs, TEEs promise better protection for sensitive workloads that run on the same server as another application. TEEs form the basis for the Linux Foundation work on Enarx, a project that aims to simplify the use of the technology on premises and across public clouds.
Secure multiparty computation is a cryptographic field for running computations across multiple servers that store separate data sets so the data is never shared across machines. An example of this is Google Private Join and Compute, which is an open source secure multiparty computation library. The downside to this approach is that more data introduces more communication overhead and latency.
Fully homomorphic encryption runs computations on data that is fully encrypted. It promises the greatest security but introduces more computational and development overhead compared to other techniques. Microsoft SEAL is an open source homomorphic encryption library that can be run on Azure, while Google has been working on a client-side encryption capability for partial homomorphic encryption for BigQuery.
Differential privacy helps address a set of issues that are separate from the computation itself. Although secure computing can compute the answer to a problem securely, the answer itself may contain private information. Differential privacy helps ensure, in a provably secure way, that an answer does not leak private information. However, it can only be used in limited cases, and requires great expertise, said Yehuda Lindell, professor at Bar-Ilan University in Israel, and CEO and co-founder of Unbound, a software-defined cryptography provider.
Developers need to find the sweet spot when choosing between these approaches, said Nigel Smart, professor at KU Leuven and co-founder of Unbound. TEEs provide good performance, but their security model is slightly limited due to side-channel leakage. Fully homomorphic encryption is relatively slow unless used in very specific applications, such as some neural network evaluations or simple statistical queries like averages and standard deviations.
Secure multiparty computation is relatively fast and broadly applicable, but it has issues related to bandwidth consumption. “There is no magic bullet and sometimes these technologies may need to be combined,” Smart said.
Building a trusted stack on the cloud
Building a TEE for cloud applications requires securing every level from the raw silicon to the applications, along with the data that runs on them. The major silicon providers offer their own custom TEE tools such as Intel’s Software Guard Extensions, AMD’s Secure Memory Encryption and Arm’s TrustZone.
Cloud providers are developing an abstraction tier that works on top of TEE tooling built on each chip, including AWS Nitro Enclaves, Google Asylo and Microsoft Azure Confidential Computing. In addition, the Linux Foundation launched the Open Enclave SDK project for building and signing hardware protected trusted applications that currently supports both Intel SGX and Arm TrustZone. Red Hat is also involved in confidential computing via the Enarx project, which seeks to provide hardware independence for securing applications across different public and private cloud architectures.
Confidential computing requires certifying the entire chain of data and application logic through a process called attestation. This provides an audit trail for developers, managers and other third parties concerned with data compliance of applications.
Projects like Asylo and Enarx are on the right track in terms of focusing on a community-focused cross-platform TEE architecture that makes it much easier to adopt confidential compute technologies, said Rob McDonald, executive vice-president of Platform at Virtru, an encryption service. He believes Asylo is taking the lead in terms of comprehensive capabilities, documentation and community momentum. Enarx has strong community backing and shows a lot of promise, but has farther to go. Microsoft was an early mover, but it’s unclear whether it will contribute openly, which is essential for confidential computing to get broad adoption and to meet the promise of widespread societal impact, McDonald said.
One major difference between confidential computing offerings is whether applications need to be written especially for the target chip or cloud platform and whether the platform can help with the deployment, said Mike Bursell, chief security architect at Red Hat. An application written for a specific trusted enclave library from Intel will not work on AMD chips, or it may need to be refactored for newer chips. Similarly, applications written for AWS Nitro will need to be rewritten to run on Google Asylo. A deployment model approach would handle issues such as attestation and workload encryption and simplify application development.