On Premise Confidential Computing — Implementation choices
How can you protect your data whilst it is in use ? Solutions for protecting your data whilst it is in transit or at rest have been available for many years but what about protecting it when it is in memory ?
Confidential computing is a concept in which encrypted data can be processed in memory. It protects sensitive data by performing computation in a hardware-based trusted execution environment (TEE), allowing a higher level of privacy assurance with data protected whilst it is in use. There is a good introduction to Zero Trust and Confidential Computing by Mahesh Anasuri on LinkedIn.
Cloud providers have introduced the capability onto their platforms — AWS Nitro Enclaves, IBM HyperProtect, Azure Confidential Computing, Google Confidential VMs and GKE Nodes, and Alibaba Inclavare — however, this article focuses on the creation of confidential computing capabilities on premise, using the features of the underlying hardware combined with platform hosting software where necessary.
Every chip manufacturer has their own take on implementing a trusted execution environment. The three technologies in the market today come from Intel, AMD and IBM, and each has a different approach — so how can you decide on which implementation to use ?
I have produced the following decision tree as a guide for making the decision about which technology to use for creating a trusted execution environment using on premise infrastructure.
The following provides a summary of each of the chip manufacturers offerings:
Intel Software Guard Extension (SGX) enables the protection of code and data from attack by malicious software and privileged escalations whilst data is in use. However, the technology comes with a set of challenges associated with a need to redesign applications to use the small enclave size of 128MB — which is reduced further should VMware vSphere be used to expose the enclave.
AMD Secure Encrypted Virtualisation-Encrypted State (SEV-ES) uses one key per virtual machine to isolate guests and the hypervisor from one another. The keys are managed by the AMD Secure Processor. It encrypts all CPU register contents when a VM ceases running. However, it has limited parameters or guardrails for overcommitting workloads, meaning that every guest must fit in physical memory. All but the latest processors have known vulnerabilities that should be assessed as to their impact on the integrity and confidentiality of your data.
IBM Secure Execution for Linux and HyperProtect Virtual Servers enables clients to isolate large deployments of workloads with granularity and at scale. The capability delivers protection from internal and external threats and protection from the system or VM administrator with elevated access credentials. IBM also has a FIPS 140–2 Hardware Security Module (HSM) within its system that provides the highest level of certification for tamperproof security of encryption keys. The main challenge is that the technology is based on the s390x chip architecture and has underlying dependencies on an Ubuntu stack. However, the majority of recent programming languages and hosting platforms, middleware and COTS software now runs out-of-the-box on s390x chip architecture. By the end of the year .Net applications will be able to be hosted on the chip architecture.
I must declare that I work for IBM, however, right now I believe the capabilities of the IBM LinuxONE and Z series provides the most complete solution for On Premise Confidential Computing. And if you can combine your On Premise implementation with services from the IBM Public Cloud then the following diagram details the further capabilities that can be utilised.