[00:00:36] Camille Morhardt: Welcome to today’s podcast on Cyber Security Inside What That Means: Confidential Computing. Today, I have with me Ron Perez. He’s an Intel Fellow and Chief Security Architect for Intel. That’s crazy. What does that mean?
[00:00:53] Ron Perez: No. That’s good. There are 100 and something, 150 or so fellows and senior fellows at Intel in various technology domains. I happen to be one in security, and the chief title I think is a term that Intel likes to use to designate some special responsibilities that you may have. And so for me as a security architect and a security fellow, I have the added responsibility of making sure that the best technologies get into our products and the worst technologies don’t make it into our products. So that’s my role.
[00:01:26] Camille Morhardt: And are you looking at this from everything from the perspective of designing products all the way through post ship and when they’re sitting in a customer environment or is it some limited scope?
[00:01:40 ] Ron Perez: It is very broad but it’s a little more limited insofar as security is very broad. It applies to so many things. And in fact, just saying security is not enough because everybody will have a different image in their head of what that means. But it ranges from the assurance of our product to make sure that there are no vulnerabilities in any of our product, to the new kind of features that we add that enable new workloads or new capabilities that our customers can take advantage of. My focus is more on the latter, on the new technology that will allow our customers to do things that maybe they wouldn’t have wanted to do before or couldn’t do before because technology was limiting what they could do.
Cloud computing is a perfect example where it has huge implications in terms of the efficiencies that you can gain from moving your workloads to a shared computing environment. But as a security technologist, you realize that yeah, sharing is not necessarily a good thing. That’s where bad things happen, so we need new technologies to provide assurances, security assurances, confidence basically that you still have the same safety in terms of the security of your workloads in that environment that you can’t control
[00:02:49] Camille Morhardt: I would think for a security architect, a perfect case scenario for you would be everything is locked down inside one room with steel walls, no internet access, no Wi-Fi connection and nobody coming in or out, and now we have this world that’s mobile devices, internet of things devices, shared servers. How has that transformation affected people in your role?
[00:03:17] Ron Perez: That’s interesting. So perfect security, I would agree with you, would be encase your computer in a block of cement and throw it overboard on a ship in the middle of the ocean, but that wouldn’t be very useful and not much fun for us. So I do enjoy and my colleagues enjoy the challenges that we have, but to your point, yes, people are doing more and more dangerous things and they want to do even more dangerous things, so keeping up with the challenges at the scale that we’re talking about across the industry today, that’s a huge challenge. So sometimes from our standpoint, we’d wish things would slow down just a bit, but it also means that we have job security. There’s always something interesting going on, always something fun to work on. And as a security technologist, you get to poke your nose in every aspect of it.
[00:04:04] Camille Morhardt: What are some of the biggest threats you see on the horizon that maybe people are not thinking so much about? For example, if you ask anybody, what are some of the biggest threats, everybody is going to say ransomware right now. Everybody I’ve talked to says ransomware. So I hope that that’s not your answer. That might be one of the biggest threats, but what’s coming? what kind of thing are we not looking at that we’re all focused on one thing and maybe something down the line we should be thinking about?
[00:04:30 ] Ron Perez: I think because you used the word threat, that probably does lead people to things like ransomware because it puts visions in your head of things you should be afraid of, but I’m more concerned about the things that most people probably aren’t afraid of yet because they don’t really understand the magnitude of them. And again, I’ll take cloud computing as an example here. We’re really trying to do computing on a global scale. We have a number of cloud service providers and telco providers, etc., all these networks and all these systems are going to be linked together. We’re going to be running software and having our data in systems that may be on the other side of the globe at some particular time of day or be duplicated in multiple parts of the globe.
Whether we think it’s in our enterprise or in a cloud or both at the same time, that massive scale is the part that I’m worried about because now any little vulnerability can be magnified because most likely, we’re using these same technologies everywhere else. So the break once, run everywhere problem is going to be huge. That means we have to pay much more attention and focus a lot more on, again, getting back to assurance; that’s why it’s so important to focus on assurance if we can even get to the level of being able to prove some capabilities. I think we’ve gotten away from that as an industry for a while, but hopefully getting back into formal methods that will allow us to prove that the architecture is at least correct, if not the implementation itself.
[00:05:58] Camille Morhardt: What about paper copies? Should we just be going back to paper copies and keeping networks in silos or has that ship sailed and we have to look at it from a different perspective?
[00:06:10] Ron Perez: Voting, for example, is probably an area where we should look at still having paper. Other than that, the speed of everything we’re doing today really won’t allow us to go back to those days. Even those systems that we had back then. So what is a server and can you put it in a silo, as you said? I don’t even think those types of words apply anymore. Everything is so disaggregated and componentized, I think. That’s where we hear a lot about zero trust. And I think you’ve probably had some discussions on this as well, taking zero trust down to the silicon level even and the pieces of software–not zero trust more from an enterprise standpoint but down to the finest grain capability.
[00:06:52] Camille Morhardt: Half the equation is do you trust the person and do you have your access rights set up properly? But the other half is can you trust the software, the operating system, the application, the workload? Can you trust the silicon that it’s running on? You said zero trust. We actually did do a podcast on Zero Tb rust with Cathy Spence, but I want to talk to you about confidential computing, and I’m wondering if you can tell us what confidential computing is and also, is it different than zero trust?
[00:07:23 ] Ron Perez: Yeah, I think the two are complementary, but I’ll start with the definition, which I think is a little boring, and really why it matters is a piece that’s more interesting. So there is actually an organization called the Confidential Computing Consortium. It’s part of the Linux Foundation, and you can find it by confidentialcomputing.io, I believe, and they have some wonderful white papers out there that have all these definitions. But as they define it, it’s simply the protection of data in use by performing computation in a hardware-based trusted execution environment, which now leads us to what is a trusted execution environment, which we’ll get into.
[00:08:01] Camille Morhardt: And also, you said in use, which I think it comes back to this-
[00:08:04 ] Ron Perez: In use, use. Yes.
[00:08:01] Camille Morhardt: … data could be at rest, in transit or in use. So both of those things.
[00:08:12] Ron Perez: And that’s where you will hear confidential competing discussed a lot. The past 40, 50, 60 years now, we’ve been figuring out how to secure data when it’s being stored, at rest, and when it’s in transit over network. That’s been the whole purpose of computing security and the research and all the developments we’ve had; but we’ve missed this whole in use part, just assuming that, yeah, there’s not much you can do about writing security for data while it’s “in use.” And confidential computing actually shows us how we can take capabilities like these trusted execution environments and provide some level, some better level of protection of data “in use,” at least until we get to fully homomorphic encryption. So it’s a path or a step along the way up a longer path.
[00:08:58] Camille Morhardt: Well, why is it hard to protect data while it’s in use as opposed to going across a network or sitting on a server being stored?
[00:09:05] Ron Perez: Because it’s usually in memory, for example, it’s being manipulated dynamically by a processor, by an accelerator, by some other compute engine. It may be copied in different places as part of the way software optimizes, the compilation of the software optimizes, the software itself. There are so many things that’s happening to that data while it’s being worked on to get the answers you want. Now, homomorphic encryption allows us to always have the data encrypted and by the properties of that crypto, it allows you to actually do really interesting manipulations of the data while it’s encrypted, but the performance is terrible. There’s a lot of research going on to address that, and we’ll eventually get there, but we’re talking about when homomorphic encryption first reemerged as a real possibility on the scene in 2009, they were thousands of orders of magnitude to worst performance. We’ve gotten that down now to just a few orders of magnitude, but even that obviously is not practical for most workloads. So we still have this need for what can we do short of that until we get to that nirvana?
[00:10:12] Camille Morhardt: Okay. So now talk about the trusted execution environment that’s part of the confidential computing.
[00:10:19] Ron Perez: At a high level, it’s just a secure computing environment, but trusted means that it provides certain properties. So first of all, it’s got to provide confidentiality. In the triad of confidentiality, integrity and availability, it’s focused on confidentiality. It’s also focused on data and code integrity. It has to be able to protect the data or at least to make it determinable if the data has been modified in any way that it shouldn’t have bee–data in code. So it’s got to do those three things, provide data confidentiality, data integrity and code integrity at a minimum.
Now there are different mechanisms that can do this. TrustZone in the RM processors has had this capability for a long time. There have been other embedded processes that do this. And of course, maybe more recently, well, at least in the last two decades, Intel Software Guard Extensions has come on the scene to provide this capability to really general purpose user-level software. That’s been the real breakthrough.
[00:11:21 ] Camille Morhardt: Tell me how that works. Intel Software Guard Extensions is also, I think, known as SGX. So if you end up abbreviating that, we’ll all know what you’re talking about.
[00:11:30] Ron Perez: Okay. Sure.
[00:11:31] Camille Morhardt: How does that actually work?
[00:11:33 ] Ron Perez: Yeah. So SGX provides two main categories of protections. It has a logical integrity protection capability. Because it uses well-defined instructions and of course it actually has its implementation in the core of the processor itself, it can separate what code is executing and which data within this trusted environment and which code and data is outside of that, and it provides very strong separation.
In addition to that, because most code and data resides in memory at some point, it provides memory protection capabilities on top of that. Specifically, it provides memory encryption and data integrity as well as anti-replay capabilities. At least that was the initial design for SGX.
Now we’re seeing other trusted execution environments come on and seeing that provide this capability at a more coarse grain level, I should say, taking the VM, the virtual machine abstraction as a place to start because SGX was really ambitious and it really tried to provide this fine grain capability, but that also means you have to know what you’re doing as a developer and how to use it. So now we’re seeing technology such as AMD’s SEV technology, Secure Encrypted Virtualization. Pretty soon, Intel will have a similar VM-based approach called TDX or Trust Domain Extensions. So we’re going to see multiple trusted execution environments I suspect on the horizon because these are just for CPUs that I’ve talked about so far, mainly X86 CPUs, but Arm has announced their own VM-based solution, again, all for CPUs. But as we’re seeing more and more, workloads are becoming very heterogeneous. They have to work on GPUs, on other types of accelerators. So we’re going to see similar technologies be developed there.
[00:13:21] Camille Morhardt: This is predominantly a server technology at this point. Why does it matter most I guess on server and why do we really need it?
[00:13:30] Ron Perez: And that’s really the key question that I wanted to get to as well. What it is, is one thing. Why it matters is the most important thing. And why I’m excited about it is because it really is a paradigm shift. If you’ve looked at the last 60 years of computer security, it’s all been based on a hierarchy. You have the code and the data that you care about that you want to protect, usually application level or user level code data. You may have some middleware in between and system software, operating system, hypervisors and the hardware. In order to provide security for the thing you care about, you have to trust everything underneath it. There’s this a huge stack that you trust the computing base.
Confidential computing now allows us to say, okay, you can take the thing that you care about that you want to protect and the hardware which implements these trusted execution environments, and that’s all you have to trust. You don’t have to trust any of the operating system, the hypervisor, the other applications, the other middleware on the platform, the other firmware in the platform. All you have to do is trust those two things. And the hardware, it’s not like you’re trusting Intel that Intel is operating this hardware all the time. It’s pretty much like a state machine. Whether it comes from Intel or AMD or some other company, the hardware is a state machine. It should always operate the same way every time. And your code and data, of course, are going to be different every time, so you’re relying on the hardware state machine to provide those protections for your code and data, no matter what the operating system or any other software on the platform does.
This is really powerful when you think about what I talked about earlier, this global scale cloud computing world that we’re headed towards where your code is going to be running in environments that you don’t control or that may be on the other side of the globe. How do you get some assurance that the right code is running your code and that it’s getting the protections that you think it is getting? So you need that verifiable capability. You need those trusted execution environments and the hardware to be able to attest to the fact that you are running in these environments and you are getting these protections.
[00:15:25] Camille Morhardt: So would an oversimplified analogy be I have a safe room in my house and so whenever I’m going to be doing some operation on my personal private health information or something, I go into this room, toss the data in there, lock the door and the whole evaluation takes place and then I take out the results. I guess I’m struggling with you’re talking about the data and then an application or a workload doing some processing on that data, and all of that being done in this trusted execution environment away from everything else, like even the operating system. How does that work?
[00:16:06] Ron Perez: Yeah. I mentioned before the triad that we always talk about–confidentiality, integrity and availability. So the trusted execution environment in confidential computing in general focuses on the confidentiality and the integrity piece. Now it provides this smaller trusted computing base. As I said, only the code and data you care about in the hardware. It provides that smaller trusted computing base at the expense of availability. You have to trust still the operating system, the system software to make forward progress. So while they can’t see your data, for example, or manipulate the data without your permissions anyway, they can, of course, always stop you from running. That’s a given. So that’s the sacrifice you made. You get this smaller trusted computing base, higher assurances, but you give up the availability aspect in that triad that we talked about.
And your analogy of having this safe room in your house, yeah, I think that’s a good analogy for one aspect of confidential computing, the SGX style where you can get really fine grain protections. You may have a huge workload that is multiple applications, distributed components, etc., but there’s only certain parts of your code that do anything sensitive, that operate on sensitive data or use cryptographic keys that you want to protect, etc. Those things you would put in that little safe room that you have or an SGX enclave, but many other people just want to take the entire application because it’s legacy code. I can’t refactor it. I can’t change the way it is. They just want to plop that into a secure VM, for example. And that’s why we’re seeing a lot of interest in these VM-based confidential computing technologies.
[00:17:44] Camille Morhardt: So in a cloud environment, let’s say a public cloud or a shared cloud environment where one company’s data may be on similar infrastructure or the same … sorry, the same infrastructure with a VMM actually allowing for scalability. How does this change things? What was it doing before that now it’s doing more securely, and who could see what before that now can’t see? And I’m not talking about they have their own ethical code. I’m talking about what could they see.
[00:18:18] Ron Perez: It’s possible. Yes, exactly. So that’s the worry. We see the cloud has really grown in usage, in popularity because of those efficiencies and the cost benefits of that. But there is still a lot of enterprises out there that are hesitant to move certain workloads to the cloud because the possibility that even if I trust my cloud provider, Google, Amazon or whoever else, they’re ethical people. They have really good software. There still may be vulnerabilities. They still have admins who could be bribed. There’s an insider threat. Whatever it is, there’s still the possibility and technically the capability for them to see your data. So that’s still holding back a lot of enterprises from-
[00:19:03] Camille Morhardt: While it’s being processed, just to be clear
[00:19:05] Ron Perez: While it’s being processed, yes.
[00:19:06] Camille Morhardt: Okay.
[00:19:06] Ron Perez: Yes, that’s right. But confidential computing now allows those same cloud service providers to say, all right, we provide computing as a utility. We provide the MIPs, the connectivity, the bandwidth, the power, the cooling, all these nice things that are about efficiency that lower the cost for you, the end user, but we don’t really need to see your data. And confidential computing allows them to say, we can’t see your data. We can’t see your code and data. What you run in this environment is up to you. You just pay us for the resources you’re using, which is perfect. Both parties are happy. The end user, the enterprise with their mission-critical sensitive workload, they get the protections they want and they can verify it remotely. And the cloud provider is selling their MIPs, their bandwidth, the resources that they have.
[00:19:56] Camille Morhardt: Okay. So let’s talk about TDX for a second. You mentioned that before. This runs on top of a VM. How is that different and why is that kind of technology popular or important?
[00:20:07] Ron Perez: TDX stands for Trust Domain Extensions. And essentially, all it does is take that VM abstraction, that virtual machine abstraction, and embraces that and says that’s the trusted execution environment. We’re going to create a bunch of confidential VMs essentially that we call trust domains, hence Trust Domain Extensions. So these trust domains or confidential VMs are the computing environment that TDX supports. So you can have as many VMs as you have. You can have as many trust domains as you can have, and this is all supported by our hardware. And as I said before, AMD has something that’s somewhat equivalent, and RM has already announced something similar as well, that they’re all VM-based protections.
[00:20:49] Camille Morhardt: So these little trusted domains exist within the VM or down on the silicon?
[00:20:55] Ron Perez: They are VM unto themselves, but the boundary of a VM, which has been passed in operating system, a bunch of memory and whatever applications are running in there, that boundary is now the trusted execution environment, the thing that is protected. So what we say is for our trust domain, we’re essentially taking a VM and we protect the contents of the whole thing, the operating system that’s in there, the applications, everything that’s in that VM right now becomes protected or a trust domain.
