Security & Privacy
Cloud computing and machine learning are the foundation technologies that are powering increasingly smarter and intelligent services in our daily lives. Along with these technologies, another key factor enabling these services is the vast amount of data. While this data utility is growing exponentially, it also raises concerns regarding the privacy of the sensitive data being processed. Users' privacy standards are getting higher, and there is a trend towards stricter privacy protection regulations worldwide, such as the EU's Data Protection Regulation (GPDR) or The California Privacy Rights Act (CPRA).
In response to these privacy concerns, major chip vendors such as Intel and AMD rushed toward developing a new technology called confidential computing, and most data centers are actively adopting them to enable privacy-preserving computation. Additionally, ARM released its ARMv9 design featuring the Confidential Compute Architecture (CCA) [1] in 2021, aiming to bring this technology to IoT and user devices as well.
Confidential computing is a new security approach for protecting sensitive data while it is being processed by an application. There are three states in which data can be: at rest, in transit or in use. Today, encryption is commonly applied to data that is at rest in storage and in transit across the network, but not while in use in memory. Confidential computing protects data in-use by encrypting it in memory and performing computing in a hardware-based Trusted Execution Environment (TEE) which blocks access to the source of the computing. This ensures that even if the device is hacked, a strong adversary, such as compromised OS and firmware, cannot access the data, unlike existing computing hardware, where such low-level software may access, tamper with or leak the data outside. By using confidential computing, users can ensure that their data is being used safely and securely, and that their privacy is being respected and protected.
Figure 1. Architecture of Confidential Computing
Figure 1 depicts the currently employed architecture of confidential computing. SGX [2] provides a secure environment for protected code execution through the use of enclaves. An application can run its own code in its enclave, with its own encrypted memory that cannot be manipulated or leaked by the operating system. Access to the enclave is restricted, providing an additional layer of security for the code running inside. Both AMD SEV-SNP [3] and Intel TDX [4] protect the OS and application from the hypervisor by providing a secure execution environment at the virtual machine (VM) level to enable them to operate.
At present, confidential computing (CC) is mainly utilized to protect user data when large amounts of data are processed on a server. However, it is also crucial to protect user data and privacy on the device itself, as it is the first place where user information is collected. In addition, more and more users are using privacy apps such as private messengers, secure emails, password managers, and web browsers with privacy settings to protect their information.
For user data to truly belong to the user, we believe that it is essential to process user data on their device where their private data is stored. On-device confidential computing provides users with better service and eliminates privacy concerns by allowing applications to collect and utilize private data such as biohealth and location information without transferring it to the server.
The utilization of ARM CCA, the next-generation hardware TEE technology following TrustZone, is anticipated to contribute to confidential computing on user devices. The ARM CCA architecture, which is another VM-based confidential computing architecture, is built on three pillars: strong isolation between security states, memory encryption, and attestation, as shown in Figure 2. Through these features, isolation is established between security states with the addition of Realm and Root security states, memory content is encrypted with an ephemeral key generated for each PAS at boot time, and attestations are supported to attest the environment's trustworthiness. The newly introduced concept of Realm provides hardware-backed secure execution environments, where both code and data are shielded.
Figure 2. Three key pillars in ARM CCA
1) Granule Protection Check (GPC) enforces isolation between the four physical address spaces (PAS) and is performed by the MMU downstream any address translation. GPC makes use of Granule Protection Table (GPT) in the Root world that describes the physical address space assignment of every page (granule). 2) Memory Protection Engine (MPE) provides external memory encryption and integrity services. 3) There are two parts to an Arm CCA Realm attestation, platform attestation and Realm attestation. Platform attestation proves the status of the underlying firmware and silicone through a hardware-based entity. Realm attestation is a check on the initial state of the Realm.
Figure 3. Use-case: On-device digital identity
With the implementation of CC-enabled user devices, a world of new services and apps is available, including:
• Digital identities issued by governments, currently at risk of personal information theft due to inadequate management and cyberattacks, can be securely realized from user devices, providing more convenience for both private and public services.
• Privacy-preserving machine learning can be performed on devices while keeping user privacy intact and shielding machine learning models and algorithms from exposure.
3rd party app developers are no longer required to obtain authorization from a vendor to run secure apps or make use of vendor-provided services in a secure world. Instead, they can identify which aspects of the app must be safeguarded and then run the code in a CCA environment without any restrictions.
From a computational perspective, a trusted end-to-end data path will be established, ensuring the security of the entire process. This encompasses data collection on user devices and data processing on servers as well as the processing of privacy-sensitive data directly on user devices. Furthermore, on-device confidential computing will be a key enabler for machine-to-machine computing without the need for server intervention.
We are exploring new application areas with confidential computing on mobile and IoT devices. Additionally, we are researching next-generation secure platform technologies to enable these new applications. To this end, we are taking steps to ensure that all confidential information remains secure on user devices: designing our system with current known concerns in mind from the outset; implementing it using the Rust language, which is specifically made for memory safety; and formally verifying the correctness of our design and implementation in the future.
Our work ISLET is open-source, inviting community members to join us in our mission to bring confidential computing to users' devices with no worries about privacy. To further this effort, we are collaborating with the CySec laboratory (Cyber Systems Security Lab) [5] at KAIST on our ISLET open-source project to explore various design spaces for the new applications.
To help application developers take advantage of Confidential Computing, we are supporting the development of standardized frameworks. As part of this effort, we are participating in the open source Certifier Framework for Confidential Computing project [6] with VMware and others. The Certifier is designed to be a “universal” platform-independent framework for developing and managing Confidential Computing applications with minimal incremental effort. We aim to define crucial APIs for user devices and contribute them to the project in the future as well.
If you're interested in our work, please check out our GitHub page at
https://github.com/Samsung/islet.
[1] Arm CCA will put confidential compute in the hands of every developer, https://www.arm.com/company/news/2021/06/arm-cca-will-put-confidential-compute-in-the-hands-of-every-developer
[2] V. Costan and S. Devadas, Intel SGX Explained, https://eprint.iacr.org/2016/086.pdf, 2016
[3] AMD Secure Encrypted Virtualization (SEV), https://www.amd.com/en/developer/sev.html
[4] Intel® Trust Domain Extensions (Intel® TDX), https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html
[5] CySec laboratory, https://cysec.kr/
[6] Certifier Framework for Confidential Computing project, https://github.com/vmware-research/certifier-framework-for-confidential-computing