Confidential Computing and Trusted Execution Environments Intel Technology

Show video

(soft upbeat music) - [Narrator] Welcome to What That Means with Camille, where we take the confusion out of tech jargon and encourage more meaningful conversation about cybersecurity. Here is your host, Camille Morhardt. - Hi, welcome to cybersecurity inside What That Means confidential computing.

I have with me today, Ron Perez. It's worth noting, I've also recorded another conversation on confidential computing with Amy Santoni, another fellow at Intel. The reason is, I often like to get multiple perspectives when I'm trying to learn about a topic in depth.

So I talked to two of the smartest people we've got, both fellows about the same thing. Ron Perez, he's an Intel Fellow and Chief Security Architect for Intel. Like that's crazy, what does that mean? (both laugh) - There are a hundred and something, right, 150 or so fellows and senior fellows at Intel in various technology domains. I happen to be one in security. And the chief title, I think, is a term that Intel likes to use, right, to designate some special responsibilities that you may have, right.

And so for me, as a security architect and a security fellow, right, I have the added responsibility of making sure that the best technologies get into our products and the worst technologies don't make it into our products, right, so that's my role. - And are you looking at this from, everything from the perspective of design, like designing products all the way through kind of post ship and when they're sitting in a customer environment or is it some sort of limited scope? - It is very broad, right, but it's a little more limited in so far as security is very broad, right, it applies to so many things. And in fact, just saying security is not enough 'cause everybody will have a different image in their head of what that means. But it ranges from the assurance of our products, right, to make sure that there are no vulnerabilities in any of our products, to the new kind of features that we add that enable new workloads or new capabilities that our customers can take advantage of.

My focus is more on the latter, on the new technologies, right, that will allow our customers to do things that maybe they wouldn't have wanted to do before or couldn't do before because technology was limiting what they could do. Cloud computing, right, is a perfect example where it has huge implications in terms of the efficiencies that you can gain from moving your workloads to a shared computing environment. But as a security technologist, you realize that, yeah, sharing is not necessarily a good thing, right.

That's where bad things happen, so we need new technologies to provide assurances, right, security assurances, confidence, basically, that you still have the same sort of safety in terms of your workloads in that environment that you can't control. - I would think for a security architect, perfect case scenario for you would be, it's everything is locked down inside one room with steel walls, no internet access, no wifi connection, and nobody coming in or out. And now we have this world that's like mobile devices, internet of things devices, shared servers, like how has that transformation affected people in your kind of role? - So, "perfect security" I would agree with you, right, would be, you know, in case your computer in a block of cement and, you know, throw it overboard, that wouldn't be very useful and not much fun for us. So I do enjoy, and my colleagues enjoy, the challenges that we have, but to your point, right, yes, people are doing more and more dangerous things, right, and they want to do even more dangerous things. So kind of keeping up with the challenges at the scale that we're talking about across the industry today, that's a huge challenge.

So sometimes, you know, from our standpoint, we'd wish things would slow down just a bit, but it also means that we have job security. There's always something interesting going on, always something fun to work on. And as a security technologist, you get to poke your nose, every aspect of it. - What are some of the biggest threats you see on the horizon that maybe people are not thinking so much about? Like for example, if you ask anybody, what are some of the biggest threats, everybody is gonna say ransomware right now. Everybody I've talked to says ransomware. So I hope that that's not your answer, that might be one of the biggest threats, but like what's coming, what kind of thing are we not looking at, that you know, we're all focused on one thing and maybe something down the line we should be thinking about? - Yeah, I think because, you know, you used the word threat that probably does lead people to things like ransomware, 'cause it puts visions in your head of, you know, things you should be afraid of.

But I'm more concerned about the things that most people probably aren't afraid of yet, right, 'cause they don't really understand the magnitude of them. And again, right, I'll kind of take cloud computing as an example here. We're really trying to do computing on a global scale, do we have a number of cloud service providers and telco providers, et cetera, all these networks and all these systems are gonna be linked together. We're gonna be running software and having our data in systems, you know, that may be on the other side of the globe at some particular time of day, or be duplicated in multiple parts of the globe, whether we think it's in our enterprise or in a cloud or both at the same time. That massive scale is the part that I'm worried about because now, any little vulnerability can be magnified because most likely, we're using these same technologies everywhere else, so the break once, run everywhere problem is gonna be huge.

And that means we have to pay much more attention and focus a lot more on, again, getting back to assurance, right, that's why it's so important to focus on assurance. If we can even get to the level of being able to prove some capabilities. I think we've kind of gotten away from that as an industry for a while, but hopefully getting back into formal methods that will allow us to prove that the architecture is at least correct, right, if not the implementation itself. - What about, like paper copies? Should we just be going back to paper copies and keeping networks in silos or has that ship sailed and we have to look at it from a different perspective? - That ship has kind of sailed, there's probably, voting for example, is probably an area where we should look at, you know, still having paper.

Other than that, the speed of everything we're doing today really won't allow us to go back to those days. Even those systems that we had back then, so what is a server? And can you put it in a silo as you said, then I don't even think those types of words apply anymore, everything is so disaggregated and componentized. That's where we hear a lot about zero trust, and I think you've probably had some discussions on this as well, right. Taking zero trust down to the silicon level even. So, and the pieces of software, not zero trust, more from enterprise stamp, but down to the finest grain capability.

- I wanna talk to you about confidential computing, and I'm wondering if you can tell us what confidential computing is and also is it different than zero trust? - Yeah, but to are complimentary, but I'll start with the definition, which I think is a little boring and really why it matters is the, is a piece that's more interesting. So there is actually an organization called the Confidence Computing Consortium, it's part of the Linux Foundation, right, and you can find it by confidencecomputing.io, I believe. And they have some wonderful white papers out there that have all these definitions, and as they define confidential computing in Intel in a lot of our partners, are certainly part of that organization. But as they define it, it's simply the protection of data in use by performing computation in a hardware based trusted execution environment, which now leads us to, you know, what is a trusted execution environment, which we'll get into in a second. - And also you said "in use", which I think gets me back to the sort of data could be at rest in transit or in use, so, alright, well I wanna hit on both of those things. - That's where you will hear confidence computing, discussed a lot, right, that we've done the past 40, 50, 60 years now, we've been figuring out how to secure data when it's being stored right at rest, and when it's in transit over network, that's kind of been the whole purpose of computing security, and research and all the developments we've had, but we've kind of missed this whole in use part, just assuming that, you know, yeah, there's not much you can do about providing security for data while it's "in use" and confidential computing actually shows us how we can take capabilities like these trusted execution environments and provide some better level of protection of data "in use".

at least until we get to like fully homo market encryption. - Well, why is it hard to protect data while it's in use as opposed to going across a network or sitting on a server being stored? - Because it's usually in memory, for example, it's being manipulated dynamically by a processor, by an accelerator, by, you know, some other compute engine. It may be copied in different places, you know, as part of the, the way software optimizes, the compilation of the software optimizes the software itself. There's so many things that's happening to that data while it's being worked on to get the answers you want.

Now homomorphic encryption allows us to always have the data encrypted and by the properties of that crypto, allows you to actually do really interesting manipulations of the data while it's encrypted. But the performance is terrible, right, there's a lot of research going on to address that right, and we'll eventually get there, but we're talking about, you know, when homomorphic encryption first kind of re-emerged as a real possibility on the scene in 2009, there were, you know, thousands of orders of magnitude, worst performance right, we've gotten that down now to just a few orders of magnitude. But even that obviously right, is not practical for most workloads. So we still have this need for, you know, what can we do short of that, right, until we get to that Nirvana.

- And I'll put in just a quick plug, we did an episode on homomorphic encryption, with Rosario Camerota. - Yeah. - So we do have a kind of a in depth conversation about what it is. Can you just quickly let us know why is something like homomorphic encryption, so performance intensive, because I think that's gonna then explain why the TEE and how you're looking at confidential computing. - Well, homomorphic encryption is basically takes the data that you have, your databases, your patient information, whatever it is, the text, and has to translate that into, and the code that operates that into logic circuits, or what's called logic circuits.

This leads to a large expansion of the code in the data itself, and it uses traditional crypto capabilities, right. But because you're expanding that code and data and you're encrypting it, right, it introduces the operations introduced so much noise and you have to, you have to basically weed the noise out, probably went more technically in depth than that, but it's very compute intensive computation that has to happen. Now whereas now starting to make a lot of progress at throwing hardware acceleration, that's where Roe is focused on himself, so we're hoping to have some good results of that within a few years, but even then we'll see whether it's generally applicable to any workload or not, right, I think it's, we still have a ways to go on that. - So now talk about the trusted execution environment, that's part of the confidential computing. - If you look at the Confidential Computing Consortium on how they define it, and there are other definitions and they all kind of fit, right, at a high level, it's just a, a secure computing environment, but trusted means that it provides certain properties.

So first of all, it's gotta provide confidentiality right, in the triad of confidentiality, integrity, and availability, right. It's focused on confidentiality, it's also focused on data and code integrity, right. It has to be able to protect the data or at least, to make it determinable. If the data has been modified in any way that it shouldn't have been, data and code.

So it's gotta do those three things, provide data confidentiality, data, integrity, and code integrity at a minimum. Now there are different mechanisms that can do this, trust zone and the arm processors had this capability for a long time, there have been other embedded processes that do this, and of course, maybe more recently, you know, well, at least in the last two decade, Intel Software Guard Extensions has come on the scene to provide this capability to really general purpose user level software, and that's been the real breakthrough. - Tell me how that works, and Intel Software Guard Extensions is also, I think, known as SGX. So if you end up abbreviating that, we'll all know what you're talking about. How does that actually work? - So SGX provides two main categories of protections because it uses well defined instructions and of course, it's actually has its implementation in the core of the process for itself. It can separate what code is executing and which data within this trusted environment and which code and data is outside of that and it provides very strong separation.

In addition to that, because most code and data resides in memory, at some point it provides memory protection capabilities, on top of that specifically, it provides memory encryption and data integrity, right, as well as anti-replay capabilities. At least that was the, the initial design for SGX right, now, we're seeing other trusted execution environments come and seeing that provide this capability at a more course grain level I should say, taking the VM, the virtual machine abstraction as a place to start, right, 'cause SGX was really ambition and it really tried to provide this fine grain capability. But that also means you have to know what you're doing, as a developer, right, how to use it, right. So now we're seeing technology such as AMD's, SUV technology, secure encrypt virtualization pretty soon, right, Intel will have a similar VM based approach called TDX or Trust Domain Extensions.

So we're gonna see multiple trusted execution environments, I suspect on the horizon because these are just for CPUs that I've talked about so far, mainly X 86 CPUs, but ARM has announced their own kind of VM based solution. Again, all for CPUs, but as we're seeing more and more workloads are becoming very heterogeneous, right, they have to work on GPS on other types of accelerator. So we're gonna see similar technologies be developed there. - This is predominantly a server technology. Why does it matter most, I guess on server and why do we really need it? - What it is is one thing, why it matters is the most important thing, why I'm excited about it is, 'cause it really is a paradigm shift. If you've looked at the last 60 years of computer security, it's all been based on a hierarchy, right, you have the code and the data that you care about that you wanna protect, usually application level or user level code data, you may have some middleware in between and system software, operating systems hypervisors and the hardware.

If you know, in order to provide security for the thing you care about, you have to trust everything underneath. This is that huge stack that you trusted computing base. Confidence computing now allows us to say, okay, you can take the thing that you care about that you wanna protect and the hardware which implements, you know, these trusted execution environments and that's all you have to trust. You don't have to trust any of the operating system, the hypervisor, the other applications, the other middleware on the platform, the other firmware in the platform, right.

All you have to do is trust those two things and the hardware, it's not like you're trusting Intel, right, that Intel's operating this hardware all the time. It's pretty much like a state machine, whether it comes from Intel or AMD or some other company, the hardware is a state machine. It should always operate the same way every time, and your code and data of course are gonna be different every time. So you you're relying on the hardware state machine to provide those protections for your code and data, no matter what the operating system or any other software on the platform does. This is really powerful, when you think about what I talked about earlier, this global scale cloud computing, right, scenario, the world that we're headed towards, where your code is gonna be running in environments that you don't control, or that may be on the other side of the globe, right.

How do you get some assurance that the right code is running your code and that it's getting the protections that you think it is getting. So you need that verifiable capability, you need those trusted execution environments and the hardware to be able to attest to the fact that you are running in these environments and you are getting these protections. - So would an oversimplified analogy be like, I have a safe room in my house, and so whenever I'm gonna be doing some operation on, like my personal private health information or something, I go into this room, you know, toss the data in there, lock the door and the whole evaluation takes place. And then I take out the results. - Yeah. - You're talking about the data and then an application or a workload doing some sort of processing on that data and all of that being done in this trusted execution environment away from everything else, like even the operating system, how does that work? - Yeah, so, and I mentioned before, the triad that we always talk about confidentiality, integrity and availability.

So the trusted execution environments in confidential computing in general, focuses on the confidentiality and the integrity piece right now, it provides this smaller trusted computing base, right, as I said, right, only the code and data you care about in the hardware, it provides that smaller trusted computing base at the expense of availability, you have to trust the operating system, the system software to make forward progress. So while they can't, you know, see your data for example, or manipulate the data right, without your permissions anyway, they can, of course always stop you from running, right, that's kind of a given. So that's kind of the sacrifice we made get this smaller trusted computing base, higher assurances, but give up the availability aspect, right, and that triad that we talked about and your analogy of, you know, ha having this safe room in your house. Yeah, I think that's a good analogy for one aspect of (indistinct) creating kind of the SGX style, right. Where you can get really fine grain protections as you may have a huge, you know, workload, right, that is multiple applications, you know, distributed components, et cetera, but there's only certain parts of your code that do anything sensitive that operate on sensitive data or, you know, use cryptographic keys that you wanna protect, et cetera, those things you would put in that little safe room that you have, right or an SGX enclave, but many other people just wanna take the entire application because it's a it's legacy code, I can't refactor it. I can't, you know, change the way it is, they just wanna plop that into a secure VM, for example, and that's why we're seeing a lot of interest in these VM based confidential computing technologies.

- In a cloud environment, let's say a public cloud or a shared cloud environment where one company's data may be sorry, the same infrastructure with a VMM actually allowing for scalability. How does this change thing? What was it doing before that now it's doing more securely and like who could see what before that now can't see. And I'm not talking about, they have their own ethical code, I'm talking about what could they see, yeah.

- That's kind of the worry we see the cloud has really grown in usage right, in popularity because of those efficiencies and the cost benefits of that. But there is still a lot of enterprises out there that are hesitant to move certain workloads to the cloud because this, the possibility, that, you know, even if I trust my cloud provider, you know, Google, Amazon, whoever else, right, they're ethical people, they have, you know, really good software, there still may be vulnerabilities. They still have admins who, you know, could be bribed, right, there's an insider threat, right. Whatever it is, right, there's still the possibility and technically the capability for them to see your data. So that's still holding back a lot of enterprises from moving and those mission. - While it's being processed, just to be clear.

- Confidence, computing now allows those same cloud service providers to say, all right, you know, we provide computing kind of as a utility, we provide the MIPS, the connectivity, the bandwidth, the power, the cooling, all these nice things that are about efficiency, that lower the cost for you, the end user, right, but we don't really need to see your data, right. And confidence computing allows them to say, we can't see your data, right, we can't see your code in data. What you run in this environment, it's up to you, you just kind of pay us for the resources you're using, which is perfect, both parties are happy, the end user enterprise with their mission, critical, sensitive workload, they get the protections they want, and they can verify it remotely. And the cloud provider is selling their MIPS, their bandwidth, you know, the resources that they have. - Okay, So let's talk about TDX for a second, you mentioned that before that this runs on top of a VM why, how is that different and why is that kind of technology popular or important? - So a TDX or Trust Domain Extensions, right, essentially uses that VM abstraction that everybody knows and loves and is familiar with, right, in a cloud computing environment, it's kind of the unit of deployment in a cloud, right, a VM, right. - Actually, I'm gonna pause you, just in case everybody doesn't know what it is, what is a virtual machine and why do they run in a cloud, and then we'll come back to-- - Sure, so a VM or virtual machine is a logical construct, right, that's created by thin layer of software called a hypervisor, right, that allows software kind of user level software applications, running in this environment to believe that it has its own system all to itself.

So it's kind of a virtual machine, now, the idea is that you can support multiple many, many of these virtual machines, right, sharing the same underlying hardware. So you get this huge efficiency booth, whereas in the past, if you had one operating system with a set of applications, if those applications were using hardware, for example, the processor would stop running while it's waiting for the underlying, you know, disc to stop or the network to serve some more packets right. So you wouldn't really be utilizing the CPU as much as you would otherwise want to, virtual machines now allow multiple machines essentially to be running at the same time, right, so you get more utilization of the CPU, which is a resource that you care about, getting utilization out of it. - And this was pretty transformational in like cloud service providers, right. Where they could, instead of having like a dedicated server.

- Yes. - To each like enterprise that they were serving, it could be multiple enterprises or people could share a server and still be. - Yeah, until the early 2000s, virtualization technology had kind of been the exclusive domain of the mainframes, right, so IBM kind of invent, arguably invented virtualization back in the 1960s, 70s, it was pretty much, you know, widely used in that mainframe context, but for commodity hardware to X86 system, SunSpark and all those, you know, nice processors that we some of us grew up with, right.

It was pretty much, you know, just an operating system and applications. It wasn't really till companies like VMware came along right, and really proved the efficiency of virtualization on commodity hardware. And that kind of preceded the boom of cloud computing, right, cause it really allowed right, the cloud providers or, you know, large data center providers to provide this capability at really great efficiency for everybody right, just have, you know, thousands and thousands and virtual machines. - Okay, so now let's go back to the technology, we were talking about TDX, what does it stand for? Because I'm even having trouble with the acronyms now. - Acronyms, but I think as an industry, we are too, right, TDX stands for Trust Domain Extensions.

And essentially all it does is take that VM abstraction, that virtual machine abstraction and embraces that and says, that's the trusted execution environment. We're gonna create a bunch of confidential VMs essentially that we call trust domains, hence trust domain extensions. Right, so these trust domains are confidential VMs are what computing environment that TDX supports, right, so you can have multiple, you know, as many VMs as you have, you can have as many trust domains as you, as you can have. Right, and this is all supported by our hardware, and as I said before, ANB has something , that's somewhat equivalent and ARM has already announced something similar as well, right, they're all VM based protections.

- So these trusted domains exist within the VM or down on the silicon. - They are a VM onto themselves, but you know, the boundary of a VM, which has been, you know, in the past an operating system, bunch of memory and whatever applications are running in there, that boundary is now the trusted execution environment. The thing that is protected. So what we say is, you know, for our trust domain, we're essentially taking a VM that is, and we protect the contents of the whole thing, right, the operating system that's in there the applications, everything that's in that VM right now becomes protected, right, or a trust domain. - And how is this different than a Software Guard Extension, running on the TEE within the silicon.

- That's actually similar and maybe less complex, right, at least from a conceptual standpoint, whereas Software Guard Extensions allowed you to write an application and then to decide which pieces of that application you want to kind of separate it out to protect just that part, right. The sensitive parts right, now TDX allows you to take an entire virtual machine, right, as I was talking before, how some people, may really want the most security and they'll want a technology like SGX that allows them to protect only what really needs protecting, other people, right, there's a lot of legacy software out there that they want some protections for. And they can't rewrite all this software and they all run in VMs today, right. So what they want is to just take that software and to plop it into a secure VM or a confidential VM.

And that's why technologies like TDX are so attractive, in addition to that, they, you know, we talked about before the heterogeneous nature of how we're doing computing, now they wanna be able to use GPUs and FPGAs and you know, other types of accelerators and, you know, VMs use those today. They have heterogeneous workloads that run VM context and they'll call out to an FPGA or a GPU, right, for some type of AI acceleration to, so, you know, this is why that VM based trust, execution environment or TDX right, is gaining a lot of traction, a lot of interest. - Okay, so it's some of the processors specially designed for AI, like graphics, processor units, or FPGA's, field programmable help me there. - Field programmable gatorades, yes. - Right okay. (giggles) - Yeah, so just think of them as, you know, other computing capabilities or devices that may be attached to the computer, right.

You wanna be able to use those, right, it's kind of hard to do that, using a technology like SGX, which is really focused on just the CPU application software, but a virtual machine, because it's a machine should allow you to talk to other devices too. - So see, in theory, you could have both. - Yeah. - You could be using both at the same time, one for things that you're running on your CPU, and one, for things that you're only able to access within the VM. - So we kind of started on the more aggressive side, with SGX, right.

Trying to have the, the best security right, for the people who really care about the most, right, but we realized too that that's not everybody right, now, but everybody else still wants to benefit somehow. And so now we've gone all the way to the other extreme of this VM based approach, so we think that we will have the right technologies for the right workloads, right. And it's really, you know, more choice for our customers yeah. - At that point you sort of have to match make like what's important to you and what you're doing and what your use cases are, and it's a continuum, I guess, right? - Yeah, so for example, right, if you're writing some software from scratch, that's never existed before, and you really care about security, you may wanna use a technology like SGX because that allows you to really focus on, just the pieces that you care about, right. But if you have a bunch of legacy software, you've been in business for, you know, 40 years, right, you have tons of legacy software and you don't even know where the source code is for some of it it's just binary. You wanna run it in a VM, in a cloud environment and you just wanna know that, you know, it's the right software, right, that's running and yeah.

so something like TDX is good enough for them. - Thank you so much, Ron Perez, Intel Fellow, and Chief Security Architect for your conversation today on confidential computing. (soft upbeat music) - [Narrator] Never miss an episode of What That Means with Camille, by following us here on YouTube, you can also find episodes wherever you get your podcasts.

- [Narrator] The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation. (soft upbeat music)

2022-05-24

Show video