Research Faculty Summit 2018

Systems | Fueling future disruptions

Classified as Confidential The Rise of Confidential Computing

Mark Russinovich CTO, Microsoft Azure, Microsoft @markrussinovich

Classified as Microsoft Confidential Cloud Data Threats

Customer cloud data concerns:

Malicious Hackers Third-party privileged exploiting bugs access without admins or in the customer insiders infrastructure consent

Classified as Microsoft Confidential Data Protection

Classified as Microsoft Confidential Trusted Execution Environments (TEEs)

Protected container: Memory •Isolated portion of processor & memory •Code & data cannot be viewed or modified Snoop from outside CPU

Supports attestation: proving of identity both locally and remotely Arithmetic Control Unit Logic Unit (CU) Supports sealing: persisting secrets (ALU)

Examples: Registers Cache SGX Virtualization Based Security (VBS) aka Virtual Secure Mode

Classified as Microsoft Confidential TEE application architecture

VM/Server TEE Application Enclave 1

Code

Host Application 1 Data

Application Enclave 2

Host Application 2 Application Enclave 3

Classified as Microsoft Confidential Azure Confidential Computing

Classified as Microsoft Confidential Azure and confidential computing

Working with silicon partners to enable Confidential Computing

Building software to deploy, manage, and develop secure TEE applications on Azure Designing and developing services to support attestation in the cloud Enabling confidential PaaS and SaaS services

Classified as Microsoft Confidential Preventing direct information leaks

Problem: code in enclaves may unintentionally write secrets out

Solution: use a compiler that instruments memory accesses & verify that instrumented binary does not leak secrets

Guarantee: attacker can only observe encrypted communication

Classified as Microsoft Confidential Preventing indirect information leaks

Problem: memory/disk access patterns may leak information

Solution: use compiler and hardened libraries that prevent leaks with data oblivious primitives

Binary decision tree Memory

Accesses from 2 predictions A ....

B Heart disease: No

Classified as Microsoft Confidential Demo: Oblivious computing

Classified as Microsoft Confidential Example confidential computing scenarios

Classified as Microsoft Confidential Always encrypted storage Financial data with Enabling scalable Secure multi-party processing SQL Server and confidential machine learning networks with Coco Framework

Classified as Microsoft Confidential SQL Always Encrypted Current GA version in SQL Server 2016/17 and Azure SQL DB

Protects sensitive data in use from SQL Enhanced high-privileged yet unauthorized Client SQL users both on-premises and : \ Driver in the cloud plaintext ciphertext

Client-side encryption of Client driver transparently sensitive data using keys encrypts query parameters Support for equality that are never given to the and decrypts encrypted comparison, including join, database system results group by and distinct operators via deterministic encryption

Classified as Microsoft Confidential Confidential SQL Always Encrypted

SQL Enhanced Protects sensitive data in use while Client plaintext preserving rich queries and C: \ Driver plaintext ciphertext  providing in-place encryption  SQL Enclave

SQL Server Engine delegates pattern matching (LIKE), range SQL Enclave can perform operations on encrypted to the queries (<, >, etc.), sorting, initial data encryption and key SQL Enclave, where the data can type conversions, support for rotation, without moving the be safely decrypted and non-bin2 collation, and more data out of the database processed

Classified as Microsoft Confidential Coco Framework: Confidential Consortium Blockchain Framework

Open-source framework that enables high-throughput (~100x), fine-grained confidentiality, and consortium M1 governance for blockchain COCO Creates a trusted network of physical Admin COCO M nodes on which to run a distributed 2 Mi Network , providing secure, reliable components for the protocol to use

M M Through the use of TEEs able to simplify 4 3 consensus and transaction processing

Classified as Microsoft Confidential Coco Framework architecture

COCO admin Validating Node (VN) Enclave in TEE

COCO State

COCO Interface DApp (Host) COCO Blockchain Adapter Core Core

Replicated Persistent VNi Store …

VN2

Classified as Microsoft Confidential Demo: Coco versus Ethereum

Classified as Microsoft Confidential Confidential multi-party machine learning

Partnered health facilities contribute private patient health data sets to train a ML model Each facility only sees their respective data sets (aka no one, not even cloud provider, can see all data or trained model, if necessary) All facilities benefit from using trained model

K1 Patient data Machine learning K2 algorithm Patient data K1 K3 K3

Patient data K1 K2 K3

K2 Host

Classified as Microsoft Confidential Demo: Confidential multi-party ML

Classified as Microsoft Confidential Summary

Confidential computing Microsoft is driving the Azure is empowering in the cloud is in its direction & adoption of new secure business early stages newer trusted execution scenarios in the cloud environments in the cloud

Classified as Microsoft Confidential References

Blockchain with Coco Fx: http://aka.ms/cocopaper

Multi-party machine learning: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/07/paper.pdf

SQL Server with Haven: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/osdi2014-haven.pdf

Map/reduce with VC3: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/vc3-oakland2015.pdf

Preventing enclave information leaks: https://people.eecs.berkeley.edu/~rsinha/research/pubs/pldi2016.pdf

Using side-channel page faults to extract JPG images: https://www.microsoft.com/en-us/research/wp-content/uploads/2017/06/atc17-final230.pdf Thank you!

Classified as Microsoft Confidential