Microsoft publicized Thursday a new feature coming to its Azure cloud platform named “Intimate Compute.” The feature will allow applications running on Azure to muzzle data encrypted not only when it’s at rest (in storage) or in transit (in excess of a network) but when it’s being computed on in-memory. This ability to encrypt information when it’s in use means that it can be kept secure even from Microsoft’s administrators, command warrants, and hackers.
Confidential Computing will have two modes: one is based on virtual machines while the other uses the SGX (“Software Guard Heights”)
feature found in Intel’s recently introduced Skylake-SP Xeon processors. Both fashions will allow applications to ringfence certain parts of their cipher and data so that they operate in a “trusted execution environment” (TEE). Protocol and data that are inside a TEE cannot be inspected from outside the TEE.
Update: Indeed we’re not quite sure what processors will be used; although the mainstream desktop and facile Skylake processors support SGX, the feature is curiously absent from both the Skylake-X (“Xeon W”) parts and the Skylake-SP parts.
The effective machine mode uses the Virtual Secure Mode (VSM) functionality of Hyper-V that was added in Windows 10 and Windows Server 2016. With VSM, most limited share ins of an application will run in a regular virtual machine atop a regular conducting system. The protected, TEE parts will run in a separate virtual machine confining only a basic stub operating system (enough that it can wavelength with the regular VM) and only those parts of the application code that stress to handle the sensitive data.
Even if the application gets compromised and an attacker has access to the out-and-out VM, data within the VSM TEE will be inaccessible, because Hyper-V keeps practical machines separate from each other. An attacker would comprise to compromise Hyper-V itself to break through this isolation.
The SGX set-up uses processor features to carve out a TEE within a regular process—no practical machines necessary. The processor itself will encrypt and decrypt observations from memory, such that the data is only decrypted when it’s within the processor itself. With this way, even Hyper-V’s security isn’t important; the only thing that an operation has to trust is the processor and its implementation of SGX. With SGX enclaves, nobody—not even Microsoft—can see the matter in the TEE.
Microsoft says that it is working to develop other TEEs, too; one can deem that a virtual machine-based TEE that used the encrypted memory stars of AMD’s Epyc processors, for example, would be of interest.
Azure Confidential Computing-enabled essential machines will be available through an early access program. The spot will support virtual machines running both Windows and Linux, with an SDK for developers to create portions of their applications to reside within a TEE.