Understanding Confidential Computing with Trusted Execution Environments and Trusted Computing Base Models

Direct from Development Server and Infrastructure Engineering

Understanding Confidential Computing with Trusted Execution Environments and Trusted Computing Base models

Introduction

Tech Note by Data is the new oil. As the value of data increases, it becomes increasingly important to protect data in-use to perform Shyam Iyer computations. Data in use is often stored in the clear in memory Mohan Rokkam (DRAM) and accessed via unencrypted memory buses. Whether data in use is a machine learning data set or relates to keeping a Summary secret in memory, data in-use can be vulnerable to threats vectors that can snoop on the contents of memory or the access bus. Data- As the value of data in-use protection is necessary to secure computations that are increases, it becomes increasingly operating on large data sets in memory. Additionally, essential to protect data in- code executing on the data must be trusted, tamper-free with use from unauthorized facilities to separate trusted and non-trusted code execution access. Confidential environments with respect to data in-use. Computing provides various levels of protection options to mitigate different kinds of threat vectors. Trusted Execution Environments and Trusted Computing Base models

With per country regulation requirements on data confidentiality increasing, data generators and users need secure TEEs (Trusted Executions Environments) to satisfy data privacy and protection regulations. Hosting and Infrastructure providers must enable trusted execution environment to guarantee data confidentiality of client data. This requires that entities outside the trust boundary should not be able to access the data in-use

To mitigate against increasing threat vectors combined with usage models that range from multi-tenant environments to edge deployments, trust boundaries need to shrink. Data owners and clients should prefer to keep a small TCB (Trusted Computing Base) to minimize attack coordinates and data misuse by untrusted elements. They should look closely at what TCB levels they can trust for their usage model. A TCB level informs the code footprint that can be trusted

While a reduced TCB can be achieved using software techniques, silicon-aided features can greatly aid the creation, separation and protection of TEEs with reduced TCBs. Silicon features are needed to minimize TCB to a Trusted Host Execution Environment, Trusted Virtual Machine Execution environment, and a Trusted Application Execution Environment for new and emerging deployments

Copyright © 2021 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies and other trademarks are trademarks of Dell Inc. or its subsidiaries Copyright © 2021 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies and other trademarks are trademarks of Dell Inc. or its subsidiaries

Picking an appropriate TCB footprint level

To consider an appropriate TCB footprint level, one should determine if the entity hosting the code and data execution environment can be trusted and has the facility to separate trusted and non- trusted components. For e.g., a data center level TCB can imply a data center administrator is a trusted operator for the data in use. This means the entire data center execution environment is trusted and applications users can employ a data center wide application/workload deployment policy. A Platform/Host level TCB requirement can imply a system administrator is a trusted operator for the data and the code running on the platform and can deploy a trusted Host execution environment for the workloads. A VM level TCB footprint requirement implies a trusted guest machine user for data in use running in a trusted Guest Execution Environment. An App level TCB footprint requirement can imply only the App owner is trusted with data in use access. See Figure 1 for a representation of various TCB footprint levels. If you observe carefully, as TCB footprint shrinks, the application owner has fewer layers of trusted software.

Figure 1 A view of various TCB footprint levels

These levels come with varying degree of usability to application deployments. They have unique advantages and tradeoffs when it comes performance, application mobility, trust granularity and integration with management stacks

In general, to enable these TEEs, silicon enables memory encryption such that trusted, differentiated and secure memory access is possible for data in use. Data/app owners must be able to independently attest to the integrity of the platform and the TCB levels supported by the underlying infrastructure.

Dell believes in the power of choice when it comes to offering a trusted execution environment with a level of TCB needed to run your applications. Dell’s breadth of technologies including the enhanced cyber resilient architecture that is part of the latest generations of PowerEdge servers enables usages at the edge, core and the cloud.

Conclusion

To maximize protection of data in-use, consideration should be given to the TCB footprint that is appropriate for the use case. Dell EMC PowerEdge servers are loaded with top notch security features to provide maximum protection for your data. In addition, Dell Technologies is pleased to partner with key vendors to support features like SME, SEV-ES, and SGX, etc. with various levels of confidential computing usage models that cater to various Trusted Execution Environments.

PowerEdge DfD Repository Contact Us Follow Us For more technical learning For feedback and requests For PowerEdge news