Azure Confidential Computing - Secure Data In-Use

Today we have existing solutions to encrypt data at rest, such as encrypting through Bitlocker when saved to storage on disk.?We also have standards for encryption of data in transit with Transport Layer Security (TLS), so data transfer over the network is secure.?This has been a big transition with website traffic moving from HTTP to HTTPS.?But about encrypting data in use?

A gap has been protecting data while in use, and this is where confidential computing provides a solution.?Now data can be processed in hardware that protects your code and data above and beyond security measures in place today.?

To give some detail, when your app is running in the cloud, there is trust in various components and ultimately the people that have access to these components, such as admins or even people with physical access.?This leaves door open for malicious insiders to snoop in on the data while its processing. Azure Confidential Computing (ACC) can help you protect against malicious insiders or hackers who can get access to your code while it is running.?

Overview: Azure confidential computing allows you to isolate your sensitive data while it's being processed in the cloud. The protection of data in use by performing computations in a hardware-based Trusted Execution Environment (TEE). A TEE is an environment that enforces execution of only authorized code. Any data in the TEE can't be read or tampered with by any code outside that environment.

Reducing the attack surface: The trusted computing base (TCB) refers to all of a system's hardware, firmware, and software components that provide a secure environment. If one component inside the TCB is compromised, the entire system's security may be jeopardized. Azure confidential computing aims to lower the TCB for your cloud workloads by offering TEEs. TEEs reduce your TCB to trusted runtime binaries, code, and libraries.

Let's move onto some architectural design and concepts, understand some definitions.

1. Host: The host is where your enclave application is running on top of and is an untrusted environment. The enclave code deployed on the host can't be accessed by the host.
2. Enclave: The enclave is where the application code and its cached data/memory runs. Secure computations should occur in the enclaves to ensure secrets and sensitive data, stay protected.

During application design, it's important to identify and determine what part of the application needs to run in the enclaves. The code that you choose to put into the trusted component is isolated from the rest of your application. Once the enclave is initialized and the code is loaded to memory, that code can't be read or changed from the untrusted components.

Attestation -?Verification and Validation: Get verification and validation that your trusted enclave environment is secure. This verification is the process of attestation. Increased confidence that software is - is running in an enclave and enclave is up to date and secure.

ACC Solutions: There are two types of solution offering in ACC - ACC on Enclave Aware Virtual Machines (VMs) and ACC on Enclave Aware Containers. There are confidential computing enabler Microsoft Partner companies - Fortanix, SCONE etc.

a) Enclave Aware VMs: These VMs act as an abstraction layer between the hardware and your application. Scalable and redundant. DCsv2-Series built on Intel SGX technology for hardware-based enclave creation. Enclaves are secured portions of the hardware’s processor and memory.

There's no way to view data or code inside the enclave, even with a debugger. If untrusted code attempts modify the content in enclave memory, the environment gets disabled and the operations are denied.

b) Enclave Aware Containers: Confidential computing nodes on AKS uses Intel Software Guard Extensions (SGX) to create isolated enclave environments in the nodes between each container application. Like Intel SGX VMs, container applications which are developed to run in enclaves have two components - An untrusted component (called the host) and a trusted component (called the enclave)

Enablers:?

• Open Enclave SDK
• Intel SGX SDK
• Confidential Consortium Framework (CCF)
• Confidential Inferencing ONNX Runtime

"AKS supports adding DCsv2 confidential computing nodes powered by Intel SGX. It has heterogenous node pool clusters -mix confidential and non-confidential node pools. Intel SGX DCAP driver pre-installed. CPU consumption based horizontal pod auto-scaling and cluster auto-scaling."

How Confidential Containers works?

Confidential containers are the fastest path to container confidentiality and will only require repackaging of the existing docker container applications and will not require application code changes. To run an existing docker container unmodified requires an SGX software so the application calls can use special CPU instruction set made available to lower the attach surface area and take no dependency on Guest OS. Once wrapped with SGX runtime software the containers automatically launch in the protected enclaves thus removing the Guest OS, Host OS, or Hypervisor from the trust boundary. This isolated execution in a node or VMs with in memory data encryption backed by the hardware reduces the overall surface attack areas and reduces the vulnerabilities with operating system or hypervisor layers.

ACC and Health Care Case Study:

Here in this healthcare solutions case-study a healthcare provider hosted an application to securely collaborate with a hospital and a third-party diagnostic provider. Azure Kubernetes Service (AKS) hosts confidential computing nodes. Azure Attestation establishes trust with the diagnostic provider. By using these Azure components, the architecture isolates the sensitive data of the hospital patients while the specific shared data is being processed in the cloud. The hospital data is then inaccessible to the diagnostic provider. Through this architecture, the provider-hosted application can also take advantage of advanced analytics. The diagnostic provider makes these analytics available as confidential computing services of machine learning (ML) applications.

Solutions workflows

• A user in the a local hospital opens a web portal. The entire web app is an Azure Blob Storage static website.
• The clerk enters data into the hospital's web portal, which connects to a Python Flask–based web API built by a popular medical platform vendor. A confidential node in the confidential container enabler (Fortanix) protects the patient data. This works within an AKS cluster that has the Software Guard Extensions (SGX) enabled that help run the container in an enclave. The Web API will provide evidence that the sensitive data and app code is encrypted and isolated in a Trusted Execution Environment (TEE). This means that no humans, no processes, and no logs have access to the cleartext data or the application code.
• The hospital's web app client requests an attestation service. Azure attestation validates this evidence, and receives a signed attestation token for other apps to verify.
• If the Web API requires additional components, it can pass along the attestation token to verify that the data and app code have so far remained in a safe enclave. The Web API can consume remote services, such as an ML model hosted by a third-party diagnostics provider.
• The diagnostics provider, confident that the data has not been exposed, sends it into its own enclave in an Open Neural Network Exchange (ONNX) runtime server. An AI model interprets the medical imagery and returns its diagnosis results back to the medical platform's confidential Web API app. Afterwards, the software can then interact with patient records and/or contact other hospital staff.

References:

Microsoft documentations

Confidential computing

Fortanix is a third-party software vendor with products and services built on top of Azure infrastructure.