Frequently Asked Questions
You have something very specific on your mind? See if you can find a suitable answer in the FAQs or ask a new question.
What is a Confidential Cloud?
A confidential cloud is a private and secure environment that can be formed over a public or a private cloud infrastructure. It uses secure enclave technology, where the data is encrypted within a secure enclave during its entire lifecycle.
The code and data are completely protected and inaccessible to any other party while running inside the secure enclave.
Is the Confidential Cloud effective?
With Confidential Cloud the environment reaches its highest level of data security protection available today.
What is a secure enclave?
A secure enclave is based on hardware-level encrypted memory isolation. It isolates application code and data within a secure framework. Memory is completely isolated from any other party on the environment, including the operating system. Access to the data is strictly controlled by private keys hard-coded at the CPU level.
Secure enclaves are the centrepiece of confidential computing technology.
Who is using secure enclaves technology?
The Confidential Cloud technology is now deployed by all major cloud providers, such as AWS and Azure. Furthermore, hardware vendors, cloud providers and software developers around the world have joined forces to accelerate the adoption of confidential computing through open collaboration.
To learn more about the efforts made within the industry, go to Confidential Computing Consortium.
Intel SGX/AMD SEV
What is Intel SGX?
Intel® Software Guard Extensions (SGX) is a set of CPU machine language instructions that secure data and code execution in memory.
The application code and data inside the SGX enclave is isolated from all other applications running on the same system, the host operating system, as well as the hypervisor itself.
What is AMD SEV?
AMD Secure Encryption Virtualization (SEV) is a secure enclave technology that enables encrypting the memory of an entire virtual machine at runtime.
It is suitable for securing legacy, large and enterprise-level applications.
Who guarantess, that no attacker infiltrates my enclave already during initialization?
SGX treats the system software as untrusted and potentially malicious. For this reason the measurement of enclaves is used. It allows the application creating the enclave to ensure the setup was done correct. This includes the commands used as well as the data and code setup in the enclave. This prevents the system software or privileged attackers from manipulating the enclaves code and data during the setup, for example by loading other pages then requested by the application or manipulating the pages before they are loaded into the enclave.
Why is my sensible data safe from unauthorized access and modification?
SGX decides inside the CPU, who is trusted to work inside an enclave. This way a powerful, hardware-based security gate is implemented, and no vulnerable software is used for this decision-making process.
The CPU manages inside its Memory Management Unit (MMU), whether an access to a specific area of its PRM is allowed or not. Inside each enclave one or more Thread Control Structures (TCS) contain fixed entry points for enclave entering, making it impossible to enter through illegal gateways. A safe programming style inside the enclave will make it impossible for attackers to enter the enclave or to investigate possible in- and outputs of the enclave by simple testing.
Further the EPCM contains the authorized virtual address and the enclave owner, which is necessary for entering a specific enclave. If an access from a non-trusted virtual address occurs, it will be redirected to non-existent memory or a signal fault will be throwed. This EPCM is located inside the CPU, and only the CPU is capable to access it in realtime
Last but not least — every page inside the enclave has different permission like read-only. This builds an extra barrier for attackers, to harm enclaves.
How is my sensible data kept confidential and integrity protected?
Each enclave contains the SECS, where its specific hash for integrity checks is stored. This hash is stored in the enclave, which is stored inside the EPC, which gets real time decrypted through the MEE inside the CPU in enclave mode. The SGX unit contains an fixed secret key, generated at the manufacturing process of the chip, which should be even unknown to Intel (you have to trust Intel at that point) for decrypting inside the MEE. The decryption is only possible with this secret key, which is inaccessible from outside the SGX unit.
Where are possible gateways to break the SGX protection on the software/hardware side?
Data inside the enclave is stored safe, unless an unprivileged party gets inside it. Since enclaves get created at the beginning of an app start from the untrusted part of the app, a gateway for attackers could lay here.
Further the SGX on a specific system is only safe, if the secret hardware-based key inside the Memory Encryption Engine is unknown to everybody else as the SGX module itself.
The Processor Reserved Memory gets initiated at the very beginning of starting the system from the BIOS. SGX is only stated safe, if the PRM is inaccessible for other parts of the system besides the CPU. Hardware attacks trough physical ways would be needed for this example.
A malicious enclave can attack software through cache attacks to steal secret information of enclaves. A proof of concept is published in the paper Malware Guard Extension: Using SGX to Conceal Cache Attacks.
Speculative Executions are a plus for the performance but allows to read decrypted enclave data when inside the CPU e.g. in the cache illegally by other software.
Further the given Intel security guidelines must be followed to prevent leakages caused by bad code.
Any other question?
Confidential Cloud Computing is a new vibrant field with a lot of technologies, tools and frameworks. Our mission is to ease the introduction into this field and help developers to get all necessary information to deploy the technology. Please use the form below to ask a question. Team members will try to answer it.