Confidential Computing: Elevating Cloud Security and Privacy

Working toward a more secure and innovative future

Mark Russinovich

In the ever-evolving landscape of digital security, a new technology—confidential computing^9,11—is set to redefine our expectations of data safety and privacy. The advent of cloud computing has already resulted in a security infrastructure that surpasses most traditional on-premises systems. Confidential computing (CC) is poised to elevate these guarantees even further. It is a paradigm shift that marks the next stage in the evolution of cloud security, representing a leap forward that pushes the boundaries of what is achievable.

CC fundamentally improves our security posture by drastically reducing the attack surface of systems. While traditional systems encrypt data at rest and in transit, CC extends this protection to data in use. It provides a novel, clearly defined security boundary, isolating sensitive data within trusted execution environments during computation. This means services can be designed that segment data based on least-privilege access principles, i.e., services where data is accessible only to the code that needs access to perform its function, while all other code in the system sees only encrypted data. Crucially, the isolation is rooted in novel hardware primitives, effectively rendering even the cloud-hosting infrastructure and its administrators incapable of accessing the data. This approach creates more resilient systems capable of withstanding increasingly sophisticated cyber threats, thereby reinforcing data protection and sovereignty in an unprecedented manner.

But CC is not just about fortifying defenses; it’s also about unlocking potential. It opens up a universe of possibilities, fostering innovation and empowering businesses and developers to build new kinds of services previously inhibited by security constraints. From privacy-enhanced personal AI services,⁴ to encrypted databases,⁸to highly confidential decentralized business processes,² to confidential data cleanrooms where multiple parties execute analytics and machine-learning workflows on combined data without revealing their data to the other parties,⁶ to trustworthy and transparent hardware and software supply chains,¹ CC has the potential to revolutionize various domains.

CC is more than a technological innovation; it’s a testament to our ability to collaborate and co-create solutions for the benefit of all. CC is the outcome of a confluence of expertise from leading research groups^5,7,10 and major players throughout industry sectors.³ This includes a spectrum of hardware and software vendors, from processor and accelerator companies, such as Intel, AMD, ARM, and Nvidia, to cloud service providers, including Microsoft, Google, and Oracle, plus an array of vibrant startups, each bringing fresh perspectives and radical thinking to the table. This cross-industry group is cooperating to ensure that CC becomes the new norm for computing, notably by developing standards and practices that can ensure the interoperability of confidential-computing devices, protocols, and services. In 10 years, “confidential computing” will just be “computing.”

This article serves as an introduction to a series of articles focusing on different aspects of CC. Written by leading industry experts and academic researchers, these articles aim to shed light on the technical underpinnings of CC, its practical applications, and its transformative potential. We invite you to join us on this journey through the world of CC. Together, we will explore, understand, and harness this technology to create a more secure and innovative future.

References

1. Birkholz, H., Delignat-Lavaud, A., Fournet, C., Deshpande, Y., Lasker, S. 2022. An architecture for trustworthy and transparent digital supply chains. IETF SCITT Working Group; https://datatracker.ietf.org/doc/draft-ietf-scitt-architecture/.

2. CCF: a framework for building confidential verifiable replicated services. 2019. GitHub; https://github.com/microsoft/CCF.

3. Confidential Computing Consortium; https://confidentialcomputing.io.

4. Delignat-Lavaud, A., Russinovich, M., Vaswani, K. 2023. Unlocking the potential of privacy-preserving AI with Azure confidential computing on NVIDIA H100. Microsoft Azure Confidential Computing Blog; https://techcommunity.microsoft.com/t5/azure-confidential-computing/unlocking-the-potential-of-privacy-preserving-ai-with-azure/ba-p/3776838.

5. Lee, D., Kohlbrenner, D., Shinde, S., Asanovic, K., Song, D. 2020. Keystone: an open framework for architecting trusted execution environments. In Proceedings of the 15th European Conference on Computer Systems. Article no. 38, 1–16; https://dl.acm.org/doi/abs/10.1145/3342195.3387532.

6. Ohrimenko, O., Schuster, F., Fournet, C., Mehta, A., Nowozin, S., Vaswani, K., Costa, M. 2016. Oblivious multi-party machine learning on trusted processors. Proceedings of the 25th Usenix Security Symposium; https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_ohrimenko.pdf.

7. Opaque. 2018. RISE Lab, UC Berkeley; https://rise.cs.berkeley.edu/projects/opaque/.

8. Priebe, C., Vaswani, K., Costa, M. 2018. EnclaveDB: a secure database using SGX. IEEE Symposium on Security and Privacy, 264–278; https://ieeexplore.ieee.org/document/8418608.

9. Russinovich, M., Costa, M., Fournet, C., Chisnall, D., Delignat-Lavaud, A., Clebsch, S., Vaswani, K., Bhatia, V. 2021. Toward confidential cloud computing. Communications of the ACM 64(6), 54–61; https://dl.acm.org/doi/10.1145/3453930.

10. Sanctum Secure Processor. 2017. MIT CSAIL; https://www.csail.mit.edu/research/sanctum-secure-processor.

11. Schuster, F., Costa, M., Fournet, C., Gkantsidis, C., Peinado, M., Mainar-Ruiz, G., Russinovich, M. 2015. VC3: trustworthy data analytics in the cloud. IEEE Symposium on Security and Privacy, 38–54; https://ieeexplore.ieee.org/document/7163017.

Mark Russinovich is CTO of Microsoft Azure, where he leads technical strategy and architecture for Microsoft’s cloud-computing platform.

Originally published in Queue vol. 21, no. 4—
Comment on this article in the ACM Digital Library

More related articles:

Gobikrishna Dhanuskodi, Sudeshna Guha, Vidhya Krishnan, Aruna Manjunatha, Michael O'Connor, Rob Nertney, Phil Rogers - Creating the First Confidential GPUs
Today's datacenter GPU has a long and storied 3D graphics heritage. In the 1990s, graphics chips for PCs and consoles had fixed pipelines for geometry, rasterization, and pixels using integer and fixed-point arithmetic. In 1999, NVIDIA invented the modern GPU, which put a set of programmable cores at the heart of the chip, enabling rich 3D scene generation with great efficiency.

Antoine Delignat-Lavaud, Cédric Fournet, Kapil Vaswani, Sylvan Clebsch, Maik Riechert, Manuel Costa, Mark Russinovich - Why Should I Trust Your Code?
For Confidential Computing to become ubiquitous in the cloud, in the same way that HTTPS became the default for networking, a different, more flexible approach is needed. Although there is no guarantee that every malicious code behavior will be caught upfront, precise auditability can be guaranteed: Anyone who suspects that trust has been broken by a confidential service should be able to audit any part of its attested code base, including all updates, dependencies, policies, and tools. To achieve this, we propose an architecture to track code provenance and to hold code providers accountable. At its core, a new Code Transparency Service (CTS) maintains a public, append-only ledger that records all code deployed for confidential services.

David Kaplan - Hardware VM Isolation in the Cloud
Confidential computing is a security model that fits well with the public cloud. It enables customers to rent VMs while enjoying hardware-based isolation that ensures that a cloud provider cannot purposefully or accidentally see or corrupt their data. SEV-SNP was the first commercially available x86 technology to offer VM isolation for the cloud and is deployed in Microsoft Azure, AWS, and Google Cloud. As confidential computing technologies such as SEV-SNP develop, confidential computing is likely to simply become the default trust model for the cloud.

Samuel W. Stark, A. Theodore Markettos, Simon W. Moore - How Flexible is CXL's Memory Protection?
CXL, a new interconnect standard for cache-coherent memory sharing, is becoming a reality - but its security leaves something to be desired. Decentralized capabilities are flexible and resilient against malicious actors, and should be considered while CXL is under active development.