Research Faculty Summit 2018
Systems | Fueling future disruptions
Classified as Microsoft Confidential The Rise of Confidential Computing
Mark Russinovich CTO, Microsoft Azure, Microsoft @markrussinovich
Classified as Microsoft Confidential Cloud Data Threats
Customer cloud data concerns:
Malicious Hackers Third-party privileged exploiting bugs access without admins or in the customer insiders infrastructure consent
Classified as Microsoft Confidential Data Protection
Classified as Microsoft Confidential Trusted Execution Environments (TEEs)
Protected container: Memory •Isolated portion of processor & memory •Code & data cannot be viewed or modified Snoop from outside CPU
Supports attestation: proving of identity both locally and remotely Arithmetic Control Unit Logic Unit (CU) Supports sealing: persisting secrets (ALU)
Examples: Registers Cache Intel SGX Virtualization Based Security (VBS) aka Virtual Secure Mode
Classified as Microsoft Confidential TEE application architecture
VM/Server TEE Application Enclave 1
Code
Host Application 1 Data
Application Enclave 2
Host Application 2 Application Enclave 3
Classified as Microsoft Confidential Azure Confidential Computing
Classified as Microsoft Confidential Azure and confidential computing
Working with silicon partners to enable Confidential Computing
Building software to deploy, manage, and develop secure TEE applications on Azure Designing and developing services to support attestation in the cloud Enabling confidential PaaS and SaaS services
Classified as Microsoft Confidential Preventing direct information leaks
Problem: code in enclaves may unintentionally write secrets out
Solution: use a compiler that instruments memory accesses & verify that instrumented binary does not leak secrets
Guarantee: attacker can only observe encrypted communication
Classified as Microsoft Confidential Preventing indirect information leaks
Problem: memory/disk access patterns may leak information
Solution: use compiler and hardened libraries that prevent leaks with data oblivious primitives
Binary decision tree Memory
Accesses from 2 predictions A ....
B Heart disease: No
Classified as Microsoft Confidential Demo: Oblivious computing
Classified as Microsoft Confidential Example confidential computing scenarios
Classified as Microsoft Confidential Always encrypted storage Financial data with Enabling scalable Secure multi-party processing SQL Server and confidential machine learning blockchain networks with Coco Framework
Classified as Microsoft Confidential SQL Always Encrypted Current GA version in SQL Server 2016/17 and Azure SQL DB
Protects sensitive data in use from SQL Enhanced high-privileged yet unauthorized Client SQL users both on-premises and C: \ Driver in the cloud plaintext ciphertext
Client-side encryption of Client driver transparently sensitive data using keys encrypts query parameters Support for equality that are never given to the and decrypts encrypted comparison, including join, database system results group by and distinct operators via deterministic encryption
Classified as Microsoft Confidential Confidential SQL Always Encrypted
SQL Enhanced Protects sensitive data in use while Client plaintext preserving rich queries and C: \ Driver plaintext ciphertext providing in-place encryption SQL Enclave
SQL Server Engine delegates pattern matching (LIKE), range SQL Enclave can perform operations on encrypted to the queries (<, >, etc.), sorting, initial data encryption and key SQL Enclave, where the data can type conversions, support for rotation, without moving the be safely decrypted and non-bin2 collation, and more data out of the database processed
Classified as Microsoft Confidential Coco Framework: Confidential Consortium Blockchain Framework
Open-source framework that enables high-throughput (~100x), fine-grained confidentiality, and consortium M1 governance for blockchain COCO Creates a trusted network of physical Admin COCO M nodes on which to run a distributed 2 Mi Network ledger, providing secure, reliable components for the protocol to use
M M Through the use of TEEs able to simplify 4 3 consensus and transaction processing
Classified as Microsoft Confidential Coco Framework architecture
COCO admin Validating Node (VN) Enclave in TEE
COCO State
COCO Interface DApp (Host) COCO Blockchain Adapter Core Core
Replicated Persistent VNi Store …
VN2
Classified as Microsoft Confidential Demo: Coco Ethereum versus Ethereum
Classified as Microsoft Confidential Confidential multi-party machine learning
Partnered health facilities contribute private patient health data sets to train a ML model Each facility only sees their respective data sets (aka no one, not even cloud provider, can see all data or trained model, if necessary) All facilities benefit from using trained model
K1 Patient data Machine learning K2 algorithm Patient data K1 K3 K3
Patient data K1 K2 K3
K2 Host Operating System
Classified as Microsoft Confidential Demo: Confidential multi-party ML
Classified as Microsoft Confidential Summary
Confidential computing Microsoft is driving the Azure is empowering in the cloud is in its direction & adoption of new secure business early stages newer trusted execution scenarios in the cloud environments in the cloud
Classified as Microsoft Confidential References
Blockchain with Coco Fx: http://aka.ms/cocopaper
Multi-party machine learning: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/07/paper.pdf
SQL Server with Haven: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/osdi2014-haven.pdf
Map/reduce with VC3: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/vc3-oakland2015.pdf
Preventing enclave information leaks: https://people.eecs.berkeley.edu/~rsinha/research/pubs/pldi2016.pdf
Using side-channel page faults to extract JPG images: https://www.microsoft.com/en-us/research/wp-content/uploads/2017/06/atc17-final230.pdf Thank you!
Classified as Microsoft Confidential