Sharing highly sensitive information to the cloud - such as personal, financial, or medical data - can be risky. Because data must be decrypted before it can be processed. In those brief periods before, during, and after processing, when data is momentarily unencrypted, hackers can do damage by performing memory dumps, compromising the root user, or carrying out other malicious acts.
A relatively new feature of cloud services, called “confidential computing,” minimizes this risk. Application code and in-user data are isolated in a hardware-based area called a Trusted Execution Environment (TEE). A TEE renders the code and data invisible and unknowable to the outside world. Data inside the TEE is inaccessible by computer-stack resources, including operating systems and the hypervisors of virtual machines, nor can it be viewed by the cloud provider or their employees.
The result is safer cloud operation, easier compliance with strict privacy regulations, and a way to move a wider range of activities to hybrid, public, and multi-cloud environments.
Confidential computing can be used outside the cloud, too, since many edge and IoT devices must protect in-use data. Embedded systems already have their own versions of hardware protection, in the form of Hardware Security Modules (HSMs) and Trusted Platform Modules (TPMs). But working with these modules typically requires expertise that only specialists possess and functionality is quite limited.
This situation is changing, though, because several collaborative industry efforts have made confidential computing accessible to the average developer. There are now a number of building blocks that support the use of TEEs and the development of confidential applications.
At Arm, we aim to simplify the use of confidential computing. And we are involved in a number of efforts to abstract the complexities away from solution builds. Our goal is to help developers spend less time dealing with baseline security features, so they can spend more time focused on new ideas that add value.
One example of this is our work with the IoT team at Microsoft Azure, and the developers at Scalys, a frontrunner in the development of edge security. Together, we have created a modular approach to confidential computing.
The approach, illustrated below, uses Arm TrustZone, paired with Arm Project Cassini initiatives, to provide a base of security in the Azure IoT Edge development machine. This includes the Open Enclave Software Development Kit (SDK), and the Azure-certified TrustBox Edge from Scalys. For a deeper-dive, Microsoft and Scalys also presented on this topic at Arm DevSummit 2021.
The overall architecture delivers end-to-end protection, spanning the build pipeline, the cloud infrastructure, and the end devices equipped with confidential enclaves. Using a common symmetrical encryption key between the build pipeline and the target device, developers can produce an encrypted application that only the target device can decrypt and execute.
Developers use familiar tools, including the Enclave SDK and the Visual Studio IDE. And the application can be debugged and tested locally before it is encrypted and embedded in a confidential package, ready for secure storage and transport.
The project page for the Enclave Device Blueprint includes a real-world realization along with information about the enclave device, key components, solution, and demo.
We have also written a white paper that summarizes the trends in confidential computing, gives a more in-depth introduction to the Arm/Microsoft/Scalys collaboration, and links to industry projects that support confidential computing in edge and IoT devices.
[CTAToken URL = "https://aka.ms/edb-whitepaper" target="_blank" text="Download the Whitepaper on Confidential Computing" class ="green"]