Confidential Computing and the Role of Trust as a Service

A man's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
(Image credit: Shutterstock / Thapana_Studio)

Trust is one of the most critical security elements for any organization. And as the value of cloud and Zero Trust continues to increase – with businesses operating in and depending on it – securing these instances has never been more important when supporting remote or disparate workforces. 

Today, technology solutions need to secure data not only in memory and in transit, but also in use, helping protect valuable assets and reducing attack surfaces. As result, the remote verification of trustworthiness of a compute asset in cloud, edge and on-premises environments has become paramount.

This is being done with confidential computing. And the foundational basis of that trust within it is established via a process called attestation. The verification of this trustworthiness is a critical requirement for customers to protect their data and intellectual property as sensitive workloads are moved to the cloud. 

In this article, I’d like to explore the role of trust in confidential computing and look at how the industry is working to raise trust assurance.

Assuring trust in a digital age

We often think of trust as something that’s earned between people. But this concept is evolving in the digital world, where individuals and organizations must trust the infrastructure before they trust the information it presents. 

Data is sent across networks (encrypted), stored in public clouds on shared servers (encrypted), but until recently, that same data has been processed (unencrypted) in the clear. The emergence of confidential computing has changed that paradigm. 

Confidential computing delivers a means to protect data by processing it within a secure enclave, or hardware-based trusted execution environment (TEE). The aim is for data and code loaded into a TEE to be protected against tampering by malicious agents present on the hardware platform. 

This isolated and secure environment helps prevent unauthorized access and modification of in-memory applications and data, thereby increasing assurances that the data remains secure.

 Many believe that over the next decade confidential computing will become an everyday norm for organizations that manage sensitive, competitive, personally identifiable, and regulated data (especially as it pertains to machine learning and artificial intelligence).

But how do we ensure the trustworthiness of the enclave? How do we know that the enclave isn’t something else posing as a TEE, tricking the software into running its sensitive workload where someone can access that data?

Attestation: a digital trust mechanism

Historically, the trustworthiness of the TEE comes via a mechanism called attestation. Through attestation, the TEE can provide evidence or measurements of its origin and current state. 

Both can be verified by another party, which can then decide – programmatically or manually – whether to trust the code running in the TEE. 

Today, infrastructure providers are addressing this need by providing attestation services that use cryptographic measurements to determine whether an enclave has been tampered with. While effective, this still leaves some gaps and challenges, including:

Independent Attestation – In traditional cloud service architectures, the attestation assurance needed for confidential computing typically comes from infrastructure providers. 

However, many enterprises today are adopting “separation of duties,” both as an IT best practice and as an audit and control standard. Key goals are to reduce the risk of malicious or inadvertent breaches of system security, protect data integrity, and prevent disruption of normal business processes. 

A major requirement under such a model is that a single entity should not control all parts of a transaction or business process. Thus, moving from a model of “self-attestation” by the infrastructure provider to one of independent attestation by a neutral third-party has become an increasingly crucial factor in the decision process for the “cloudification” of sensitive workloads. 

The objective of confidential computing is to push the infrastructure provider out of the trust boundary, but if they’re the ones handling attestation, it’s not considered outside the trust boundary.

Uniform, Portable Attestation – Many cloud service providers (CSPs), independent software vendors (ISVs) and solution providers are building their own attestation solutions for workloads running in their infrastructure, on their software. 

As their customers increasingly adopt multi-cloud and hybrid clouds in addition to their on-premises enterprise networks, the need for uniform, consistent and portable attestation coverage across a variety of vendors and environments grows more relevant.

Policy Verification – Attestation assurance is crucial, but it’s only one component of establishing trustworthiness in confidential computing. Enterprise leaders say it’s imperative for auditing and compliance purposes that workload-specific policies can also be verified. 

In addition to verification, organizations don’t want the CapEx and OpEx of developing, operating, and maintaining their own attestation, and are looking for turnkey solutions.  

Vendor-agnostic security infrastructure

Given these challenges, it’s clear that the security of confidential computing could be enhanced by de-linking attestation and infrastructure. As a result, new vendor-agnostic security services are starting to emerge (like Intel’s Project Amber). Let me explain how it works. 

Instead of relying on a CSP for attestation, a third-party provides the attestation assurance to the workload owner. It’s analogous to certificate authorities that assert identity independently, regardless of where the application runs. This crucial architectural independence opens the door to a vendor-agnostic security service (or trust as a service). The aim is to deliver a cross-infrastructure and turnkey service that increases trustworthiness with a service level agreement (SLA).

This can be done by using a TEE-enabled platform. The workload running in a TEE can attest to the service and be verified, regardless of where (cloud, edge, on-prem) and how the workload is deployed (containers, VMs, etc.). 

For example, this can be done for a common use case in confidential computing – deploying an AI model in the cloud. These models are well-trained with datasets by the workload owner. 

The owners typically consider the AI models as extremely valuable intellectual property and would need them to be protected from theft and compromise at the service provider. 

Confidential computing provides the natural compute environment in which to deploy these AI models in a public cloud setting, with the benefits of private cloud security.

How confidential computing benefits everyone

 Independent, operationally neutral third-party attestation and policy verification offers several major benefits for confidential computing, including vendor-agnostic support of workloads and the ability to extend attestation from TEEs to devices, platforms, and supply chains. 

For enterprises, independent attestation makes it possible to scale and move workloads across a wider range of on-prem, cloud environments, and cloud providers, without being tied to a single vendor’s verification method. 

Such attestation mobility can be especially useful in heavily regulated geographies and markets.

Multi-party confidential computing — such as banks sharing anonymized customer data for fraud analysis – can also benefit by the increased security and trust provided by independent, verifiable attestation. 

And in on-prem, or hybrid clouds, these services can also help enable separation of business lines required by regulation.

For the industry, third-party verification liberates CSPs and other infrastructure providers from the need to build and maintain complex, expensive attestation systems. 

Not only can this solve the independent verification challenge, but it can also enable attestation to be available consistently across multiple clouds, without requiring enterprises to invest in such attestation capabilities themselves. 

For more information on confidential computing and attestation check out the Confidential Computing Consortium.

Senior Director of Confidential Computing, Intel Corp

Nikhil Deshpande is the Senior Director of Confidential Computing at Intel Corp.