Toward confidential cloud computing: Extending hardware-enforced cryptographic protection to data while in use

Mark Russinovich, Manuel Costa, Cédric Fournet, David Chisnall, Antoine Delignat-Lavaud, Sylvan Clebsch, Kapil Vaswani, Vikas Bhatia
[doi] [Google Scholar] [DBLP] [Citeseer] [url]
Read: 05 July 2021

Queue 19(1)
Association for Computing Machinery
New York, NY, USA
Pages 49-76
February 2021
Note(s): hypervisor

Talks about the use of reduced TCB, encryption at rest and in storage, etc. to increase confidentiality in datacenters and (?) transparency. Relates to the Confidential Computing Consortium (10+ companies from H/W, cloud and OS vendors).

Mechanisms: TEEs, hardware root of trust, TPMs, attestation, Arm TrustZone or Intel SGX or AMD SEV, Secure nested paging (SNP), Intel’s TDX, accelerators and GPUs, blind hypervisors,

Applications include: confidential AI (e.g., for medical diagnostics), confidential databases and analytics (protecting confidential databases), confidential multiparty collaboration (pooling multiple data sources without federated learning, etc.), confidential ledgers (providing tamper resistance, auditability, verifiability and confidentiality) [something about Byzantine fault tolerance],

Foundational services that these platforms must provide include: key management and attestation (enabling policies about what machines run the service), and code transparency.