Recently, the SNIA Cloud Storage Technologies Initiative (CSTI) I hosted a lively panel discussion “What is Confidential Computing and Why Should I Care?” It was the first in a 3-part series of Confidential Computing security discussions. You can learn about the series here. The webcast featured three experts who are working to define the Confidential Computing architecture, Mike Bursell of the Enarx Project, David Kaplan at AMD, and Ronald Perez from Intel.
This session served as an introduction to the concept of Confidential Computing and examined the technology and its initial uses. The audience asked several interesting questions. We’re answering some of the more basic questions here, as well as some that did not get addressed directly during the live event.
Q. What is Confidential Computing? How does it complement existing security efforts, such as the Trusted Platform Model (TPM)?
A. Confidential Computing is an architectural approach to security that uses virtualization to create a Trusted Execution Environment (TEE). This environment can run any amount of code within it, though the volume of code is usually selective in the protected environment. This allows data to be completely protected, even from other code and data running in the system.
Q. Is Confidential Computing only for a CPU architecture?
A. The current architecture is focused on delivering this capability via the CPU, but nothing limits other system components such as GPU, FPGA, or the like from implementing a similar architecture.
Q. It was mentioned that with Confidential Compute, one only needs to trust their own code along with the hardware. With the prevalence of microarchitectural attacks that break down various isolation mechanisms, can the hardware really be trusted?
A. Most of the implementations to create a TEE are using fairly well-tested hardware and security infrastructure. As such, the threat profile is fairly low. However, any implementation in the market does need to ensure that it’s following proper protocol to best protect data. An example would be ensuring that data in the TEE is only used or accessed there and is not passed to non-trusted execution areas.
Q. Are there potential pitfalls in the TEE implementations that might become security issues later, similar to speculative execution? Are there potential side-channel attacks using TEE?
A. No security solution is 100% secure and there is always a risk of vulnerabilities in any product. But perfect cannot be the enemy of good, and TEEs are a great defense-in-depth tool to provide an additional layer of isolation on top of existing security controls, making data that much more secure. Additionally, the recent trend has been to consider security much earlier in the design process and perform targeted security testing to try to identify and mitigate issues as early as possible.
Q. Is this just a new technology, or is there a bigger value proposition? What’s in it for the CISO or the CIO?
A. There are a variety of answers to this. One would be that running TEE in the cloud provides the protection for vital workloads that otherwise would not be able to run on a shared system. Another benefit is that key secrets can be secured while much of the rest of the code can be run at a lower privilege level, which helps with costs. In terms of many security initiatives, Confidential Computing might be one that is easier to explain to the management team.
Q. Anybody have a guess at what a regulation/law might look like? Certification test analogous to FCC (obviously more complex)? Other approaches?
A. This technology is in response to the need for stronger security and privacy which includes legal compliance with regulations being passed by states like California. But this has not taken the form of certifications at this time. Individual vendors will retain the necessary functions of their virtualization products and may consider security as one of the characteristics within their certification.
To hear answers to all the questions that our esteemed panel answered during the live event. Please watch this session on-demand.