Confidential Computing Needs to Go Mainstream

-

 


Confidential computing is a term you may have heard in the past, but it is also one that a lot of the industry is sleeping on. Many cloud providers are looking towards a world in the not-too-distant future where confidential computing is ubiquitous. While it is challenging to secure a computing environment to ensure the data brought into that environment is safe from even a cloud provider, it is even more challenging to expand that past the CPU motherboard and to AI and other accelerators. As such, it was time to get into confidential computing.

As a quick note: Confidential computing is an industry-wide effort, and needs to be. At the same time, we cannot go into every unique implementation of it, so instead, we are going to use AMD SEV-SNP for our examples since AMD is already powering many of the confidential computing cloud offerings and they are rapidly growing server CPU market share. We need to say AMD is sponsoring this.

Confidential Computing: Protecting Data in Use

When it comes to data security, most of us have been trained to think in two dimensions. We protect “data at rest” by encrypting it where it is stored. This can be on self-encrypting SSDs, in encrypted storage arrays, or encrypted by the application.

We protect “data in transit” by encrypting it between two endpoints. These days, virtually every website uses HTTPS. Inside large data centers, even network flows between machines are often encrypted as default behavior.

Those two models are in many ways the easiest to accomplish, but they leave one big vulnerability, data while it is being processed and used by an application. If you take your data from storage and then want to use it, then it is usually decrypted and copies are stored in RAM and caches of a server. This in the industry is called “data in use” and traditionally, when being used data is completely vulnerable.

Data at rest would be like putting it in a safe while you are not using it. Data in transit would be like taking the money (data) and putting it into an armored truck so that it is not intercepted in transit. Data in use is like taking all of that money, putting it on a table at a coffee shop, and leaving it sitting there while you pay for your coffee.

As an industry, folks realized that they needed a solution, especially for industries with strict confidentiality and sensitive data. Better put, after data at rest and data in transit became standardized, the next step was the hard one. That step is figuring out how to secure data that needs to be decrypted for processing while it is being decrypted.

Enter the TEE

Fundamental to confidential computing is the TEE or Trusted Execution Environment. The idea behind the Trusted Execution Environment is to create a virtual machine environment where the customer of that environment knows that it is secure and has not been tampered with, before bringing data to be processed there. Maybe in our example above, this would be like storing your money (data) in a bank so that it could be used in the banking system without directly exposing it to passers-by who want to pilfer funds.

AMD has its Secure Encrypted Virtualization (SEV) and the newer SEV-Secure Nested Paging (SEV-SNP) features. Intel originally thought Software Guard Extensions (SGX) was going to be the answer. That created enclaves for applications to use with sensitive data. The challenge was that it required software changes. Folks did not want to pivot the software they were running on to get confidential computing, so Intel now has its newer Trust Domain Extensions (TDX), which align more with industry principles. Arm has its Confidential Compute Architecture (CCA), which creates “Realms” as its secure enclaves.

This hardware-based TEE creates a secure enclave to protect both the code and the data inside it. When we say protect, that is not just from other virtual machines that may be running on the same system. Even the hypervisor and cloud provider are locked out. Getting to a TEE is not automatic.

Website: ac.sciencefather.com

Nomination link:
https://academicawards.sciencefather.com/award-nomination/?ecategory=Awards&rcategory=Awardee

Contact us: academic@sciencefather.com

Get connected Here:

You Tube: http://www.youtube.com/@academicawards
Facebook: https://www.facebook.com/profile.php?id=100093671170511
Instagram: https://www.youtube.com/channel/UCM-OlZD0B3uvxFE2dEITMhg
Linkedin: https://www.linkedin.com/in/harita-r-1b9861224/
YouTube: https://www.youtube.com/channel/UCM-OlZD0B3uvxFE2dEITMhg

#sciencefather
#academicawards
#confidentialcomputing
#dataprivacy
#securecomputing
#trustedexecution
#privacybydesign
#cybersecuritytrends
#securecloud
#edgecomputingsecurity
#zerotrustsecurity
#secureenclaves

Comments

Post a Comment

Popular posts from this blog

US Technology Leaders Tap NVIDIA AI Software to Transform World’s Industries

-
Image
U.S. technology leaders tap NVIDIA AI software to transform industries worldwide. AT&T, Lowe’s, University of Florida Among First Organizations Using NVIDIA NeMo Accenture, Deloitte, Quantiphi, SoftServe Tap NVIDIA NeMo, NIM Microservices and NIM Agent Blueprints to Create Custom Generative AI Agents for Clients Cloudera, DataStax, Google Cloud, NetApp, SAP, ServiceNow, Teradata Advance Data and AI Platforms With NIM NVIDIA AI Summit — NVIDIA today announced it is teaming with U.S. technology leaders to help organizations create custom AI applications and transform the world’s industries using the latest NVIDIA NIM™ Agent Blueprints and NVIDIA NeMo™ and NVIDIA NIM microservices. Across industries, organizations like AT&T, Lowe’s and the University of Florida are using the microservices to create their own data-driven AI flywheels to power custom generative AI applications. U.S. technology consulting leaders Accenture, Deloitte, Quantiphi and SoftServe are adopting NVIDIA NIM Ag...
Read more

Gorringe seamount expedition reveals threats facing ocean biodiversity

-
Image
The Gorringe seamount, located 200 kilometres off the Portuguese coast in the Atlantic Ocean, is the tallest underwater mountain in western Europe. Formed where the African and Eurasian tectonic plates converge, it sits at the confluence of multiple ocean currents, making it a magnet for marine life and a hotspot for biodiversity. With habitats ranging from shallow algal forests to cold-water corals, the Gorringe seamount is a unique and vital ecosystem, say scientists at the Oceano Azul Foundation, who recently undertook a scientific expedition to the region. Oceano Azul Foundation is an international marine conservation organisation based in Portugal, whose mission is to “create a unified movement of change towards ocean conservation”, through funding, education, ocean science and research. To find out more, New Scientist joined the last leg of its recent expedition to the Gorringe seamount. A collaboration with the Portuguese Navy and the (Institute for Conservation of Forests and ...
Read more

Astronomers prepare for once-in-a-lifetime event: A 'new star' in the night sky

-
Image
Stargazers and astronomers around the world continue to gaze toward the Corona Borealis constellation 3,000 light-years from Earth, where a long-dead star is expected to reignite in an explosion so powerful it will briefly rival the brilliance of Polaris, the North Star. The stellar corpse last turned on almost 80 years ago and will not reignite for another 80 years, making this a nearly once-in-a-lifetime experience . Already, the stellar remnant, a white dwarf called T Coronae Borealis that's feasting on material from a nearby red giant star, has revealed a tell-tale dip in brightness that "is right on top" of the one that preceded its previous outburst in 1946. Astronomers don't yet know for sure what's causing the dip, but they say it's just a matter of time before the nova satiates its hunger and explodes into a spectacular nova. "We know it's going to go off — it's very obvious," Edward Sion, a professor of astronomy and astrophysics at...
Read more