Confidential Computing: A tale about trust
Once upon a time, there was a General who was entrusted with maintaining the security of state secrets. In the same state, there also lived an Engineer, who was responsible for developing new technologies using the information controlled by the General. These two individuals, who needed to work together for the benefit of their fellow citizens never trusted each other.
The information held by the General was vital to the success of the state and could never be shared, for fear that it may fall into the hands of an adversary. Any leak or misuse of this information while it was in use by the Engineer could prove disastrous. Yet, there was a need to share the secret information with the Engineer so they could understand what to build in support of the state’s objectives. It became clear that the General had to find a way for the Engineer to safely process the data, while maintain its security, which was so vital.
The Engineer, on the other hand, was deeply suspicious of the General and never trusted that the correct information would be provided for analysis. If the wrong data were sent by the General, or the information had been corrupted in some way, the Engineer could receive a false impression of what needed to be done.
The General harboured concerns about the Engineer. How could the General be sure that the Engineer was applying the correct analysis to the data that was sent? If the wrong algorithm were used by the Engineer, the consequences could be catastrophic and there needed to be some record that proper procedures had been followed.
The conundrum facing the General and the Engineer was solved, to everyone’s benefit, by the hero of this story, Professor Trust. Realising that a solution had to be found that supported mutual trust and cooperation, the Professor set out the following proposition for our anxious protagonists: “I will provide you a trusted room within which you can build and run the algorithms needed to process your confidential data. Neither the General, the Engineer, nor I, the provider of this room, will be able to look inside to see the data or the analysis taking place. Furthermore, I will provide a secure courier to deliver the data and the algorithm to this room, so that you can be sure no one has tampered with them in transit.”
Nowadays, the solution offered by Professor Trust is a reality through Confidential Computing, with the role of Professor Trust in our story being taken by the Fortanix Confidential Computing Manager™.
For some time, we have been able to secure our most sensitive data when it is at rest and in transit. However, when that data is in use it becomes vulnerable and Fortanix has shown how easy it is with this simple application for a memory scrapping attack to reveal your private data at runtime. Hence, there is a need for a secure Trusted Execution Environment (TEE), within which your application and data can remain protected while they are in use.
The use of TEEs is not, however, a trivial process and it can become very complex where different applications need to work together using the same data. In attempting to secure your confidential data, you may find it necessary to completely re-write your application for it to function within the boundary of the TEE. A further challenge to the successful security of data in use is the potential difficulty of integrating a key management solution to verify the identity of the TEE before granting permission for the keys to encrypt and decrypt the data.
Fortanix Confidential Computing Manager™ addresses these problems by enabling seamless conversion and deployment of your existing applications, without the need to re-write them, and by provisioning application certificates that can be used to authenticate to key management services, such as Fortanix Data Security Manager™. Application certificates linked to an attested TEE can be used as the basis of trust when authenticating to external services or secured applications that are also running inside another TEE. With TLS communication tunnels between TEEs, where the endpoint termination is inside the secure environment, data that is encrypted at rest can now be secured throughout the execution lifecycle.
Fortanix Confidential Computing Manager™ enables widespread adoption of Confidential Computing with no additional application development or integration costs. Deployment is supported on compatible cloud and on-premises infrastructure with full auditability of how and where data has been used and secured. The comprehensive support pages from Fortanix are a good place to find our more and to explore the unique capabilities of the Fortanix Confidential Computing Manager service.
In conclusion, we should clarify that while we fully endorse the solution proposed by Professor Trust he lived once upon a time and is not a member of the current Fortanix team!
Originally published at https://www.fortanix.com.