Research Faculty Summit 2018 Systems | Fueling future disruptions Classified as Microsoft Confidential The Rise of Confidential Computing Mark Russinovich CTO, Microsoft Azure, Microsoft @markrussinovich Classified as Microsoft Confidential Cloud Data Threats Customer cloud data concerns: Malicious Hackers Third-party privileged exploiting bugs access without admins or in the customer insiders infrastructure consent Classified as Microsoft Confidential Data Protection Classified as Microsoft Confidential Trusted Execution Environments (TEEs) Protected container: Memory •Isolated portion of processor & memory •Code & data cannot be viewed or modified Snoop from outside CPU Supports attestation: proving of identity both locally and remotely Arithmetic Control Unit Logic Unit (CU) Supports sealing: persisting secrets (ALU) Examples: Registers Cache Intel SGX Virtualization Based Security (VBS) aka Virtual Secure Mode Classified as Microsoft Confidential TEE application architecture VM/Server TEE Application Enclave 1 Code Host Application 1 Data Application Enclave 2 Host Application 2 Application Enclave 3 Classified as Microsoft Confidential Azure Confidential Computing Classified as Microsoft Confidential Azure and confidential computing Working with silicon partners to enable Confidential Computing Building software to deploy, manage, and develop secure TEE applications on Azure Designing and developing services to support attestation in the cloud Enabling confidential PaaS and SaaS services Classified as Microsoft Confidential Preventing direct information leaks Problem: code in enclaves may unintentionally write secrets out Solution: use a compiler that instruments memory accesses & verify that instrumented binary does not leak secrets Guarantee: attacker can only observe encrypted communication Classified as Microsoft Confidential Preventing indirect information leaks Problem: memory/disk access patterns may leak information Solution: use compiler and hardened libraries that prevent leaks with data oblivious primitives Binary decision tree Memory Accesses from 2 predictions A .... B Heart disease: No Classified as Microsoft Confidential Demo: Oblivious computing Classified as Microsoft Confidential Example confidential computing scenarios Classified as Microsoft Confidential Always encrypted storage Financial data with Enabling scalable Secure multi-party processing SQL Server and confidential machine learning blockchain networks with Coco Framework Classified as Microsoft Confidential SQL Always Encrypted Current GA version in SQL Server 2016/17 and Azure SQL DB Protects sensitive data in use from SQL Enhanced high-privileged yet unauthorized Client SQL users both on-premises and C: \ Driver in the cloud plaintext ciphertext Client-side encryption of Client driver transparently sensitive data using keys encrypts query parameters Support for equality that are never given to the and decrypts encrypted comparison, including join, database system results group by and distinct operators via deterministic encryption Classified as Microsoft Confidential Confidential SQL Always Encrypted SQL Enhanced Protects sensitive data in use while Client plaintext preserving rich queries and C: \ Driver plaintext ciphertext providing in-place encryption SQL Enclave SQL Server Engine delegates pattern matching (LIKE), range SQL Enclave can perform operations on encrypted to the queries (<, >, etc.), sorting, initial data encryption and key SQL Enclave, where the data can type conversions, support for rotation, without moving the be safely decrypted and non-bin2 collation, and more data out of the database processed Classified as Microsoft Confidential Coco Framework: Confidential Consortium Blockchain Framework Open-source framework that enables high-throughput (~100x), fine-grained confidentiality, and consortium M1 governance for blockchain COCO Creates a trusted network of physical Admin COCO M nodes on which to run a distributed 2 Mi Network ledger, providing secure, reliable components for the protocol to use M M Through the use of TEEs able to simplify 4 3 consensus and transaction processing Classified as Microsoft Confidential Coco Framework architecture COCO admin Validating Node (VN) Enclave in TEE COCO State COCO Interface DApp (Host) COCO Blockchain Adapter Core Core Replicated Persistent VNi Store … VN2 Classified as Microsoft Confidential Demo: Coco Ethereum versus Ethereum Classified as Microsoft Confidential Confidential multi-party machine learning Partnered health facilities contribute private patient health data sets to train a ML model Each facility only sees their respective data sets (aka no one, not even cloud provider, can see all data or trained model, if necessary) All facilities benefit from using trained model K1 Patient data Machine learning K2 algorithm Patient data K1 K3 K3 Patient data K1 K2 K3 K2 Host Operating System Classified as Microsoft Confidential Demo: Confidential multi-party ML Classified as Microsoft Confidential Summary Confidential computing Microsoft is driving the Azure is empowering in the cloud is in its direction & adoption of new secure business early stages newer trusted execution scenarios in the cloud environments in the cloud Classified as Microsoft Confidential References Blockchain with Coco Fx: http://aka.ms/cocopaper Multi-party machine learning: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/07/paper.pdf SQL Server with Haven: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/osdi2014-haven.pdf Map/reduce with VC3: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/vc3-oakland2015.pdf Preventing enclave information leaks: https://people.eecs.berkeley.edu/~rsinha/research/pubs/pldi2016.pdf Using side-channel page faults to extract JPG images: https://www.microsoft.com/en-us/research/wp-content/uploads/2017/06/atc17-final230.pdf Thank you! Classified as Microsoft Confidential .