Understanding a Confidential Computing Solution
If you are following the latest IT trends, you would have come across the mention of “confidential computing”. With the release of product offerings in this space from Intel, AMD, IBM, Microsoft, Google and many others, this promising technology is making way to real users.
In this blog, we’ll look at the constituents of a confidential computing solution that should help you use this technology for your business.
Before delving into the solution aspects, let’s start with the fundamental question of what confidential computing can give you for your business.
What do you get with Confidential Computing?
Confidential computing protects your workload from unauthorised entities — the host or hypervisor, system administrators, service providers, other VMs, and processes on the host.
This key functionality gives you additional confidence to run your sensitive workloads in the public cloud and reap the benefits of the public cloud.
A Trusted Execution Environment (TEE) is at the heart of a confidential computing solution. TEEs are secure and isolated environments provided by confidential computing (CC) enabled hardware that prevents unauthorised access or modification of applications and data while in use. You’ll also hear the terms “enclaves” or “secure enclaves”. “TEEs” and “enclaves” are used interchangeably.
So to reap the benefits of confidential computing, your application needs to run inside a TEE (secure enclave) for it to be protected.
We need to address two key questions here :
- How to run an application inside a TEE?
- How to be sure the application is running securely in a TEE?
Let’s take a closer look at these two questions.
How to run an application inside a TEE?
Running an application inside a TEE is enabled by the confidential computing (CC) software stack. You’ll also hear the term enclave software stack meaning the same thing. The CC software stack is responsible for creating and running TEEs and performing attestation (we’ll discuss this later in the blog in the context of the second question).
Currently, two variations of the CC software stack exist based on the different TEE types supported by the confidential computing hardware.
Process-based TEEs : In the process-based TEE model, you must modify the application into two components: trusted (secure) and untrusted. The trusted component runs in the TEE and is protected.
Solutions exist today, allowing you to use process-based TEE with limited or no modifications to existing applications. One such solution is Occulum; you can read more about it here.
Intel SGX (Software Guard eXtensions) is an example of a process-based TEE.
VM-based TEEs: There is no need for application modification in this model; consequently, you can get started quickly using your existing applications.
AMD SEV (SEV-ES/SEV-SNP), Intel TDX, IBM Secure Execution, and PEF are examples of VM-based TEEs.
A few years back, the only option was to use process-based TEEs, as the support for VM-based TEEs was not available commercially. However, today you have both the process-based and VM-based TEEs available commercially.
How to be sure the application is running securely in a TEE?
Attestation is the process that answers this essential question in confidential computing.
Attestation is how one software environment proves that a specific program is running on particular hardware.
The attestation can be performed by the TEE environment when it loads, and you can get a detailed report. Further, your application running in the TEE can perform attestation, establish a secure channel and retrieve the secrets by using the tooling available for specific TEEs.
Now let’s understand how a confidential computing solution addresses the two key questions we read above.
Conceptual View of a Confidential Computing Solution
The following diagram shows the logical components constituting a confidential computing solution.
On the infrastructure side, you have the confidential computing hardware, operating system and hypervisor with the necessary support for confidential computing. Then, you have the confidential computing software stack (shown as the enclave software stack) to help create and manage the TEEs and provide support for verification of the TEE environment via attestation. There is also an attestation service to help with attestation, a key broker service to handle different attestation and key management services, and a key management service to store secrets. There could be various add-on services like confidential container image build services, hosting services, etc.
For an overview of different ready-to-use confidential computing offerings, look at this article.
Conclusion
As we saw, any confidential computing solution consists of the following key aspects:
- Type of TEEs supported (hardware)
- Means to run an application inside TEE (CC software stack)
- Means to prove that the application is running securely inside a TEE (attestation)
- Misc add-ons to serve different use cases (key management services, image build services, image storage services, etc..)
Based on your requirements, you can choose the vendor(s) providing the required hardware, software and services.
You also might be wondering if there is a possibility of “write once, deploy anywhere” with confidential computing. A promising technology to watch out for in this space is Enarx.
Enarx is a framework for running applications in TEE instances — which we refer to as “Keeps”–without the need to trust lots of dependencies, without the need to rewrite the application, and without the need to implement attestation separately.
Please do not hesitate to reach out to me via comments or messages.
