A simple explanation of Confidential Computing, Part Two
In part one of this series, I introduced the idea of Confidential Computing:
Imagine if the padlock in your browser told you WHAT would happen to your data and not only with WHOM you were sharing it.
But imagine such a technology existed. What could you practically do with it?Who cares? Why does it matter?
It turns out that two of the three “big” use-cases are insanely important and already rapidly reaching the mainstream. But the third is something entirely new. This third problem is also the focus of the forthcoming Conclave platform and I explain more below.
Interestingly, the three big chip firms who are most active in the Confidential Computing space — ARM, AMD and Intel — have come at this from intriguingly different angles. So I can use them to help frame the story.
Saving users from themselves: keeping mobile phones secure
Remember the bad old days when you could install a new piece of software and your PC would no longer boot? Or you were constantly getting viruses? That doesn’t really happen on your iPhone, right?
Why not?
Part of the answer is the App Store and Apple’s ruthless approach to application review, of course.
But another part is that Apple — and others — have learned the lessons of the early days of PCs and deliberately engineered their phones in ways that make it really hard for their owners to do something stupid that will stop it from working. This really annoys some users, who actively try to “jailbreak” their phones. But, for everybody else, that “jail” is more like a protective shield. And it’s enabled, in part, by Confidential Computing.
Confidential Computing helps solve this problem of “protecting users from themselves”.
It helps the device manufacturers prevent the owner of a mobile phone from inadvertently screwing everything up by installing malware or deleting critical system files.
This is harder than it seems: the owner of a computer can usually figure out a way to make it do whatever they want. So the key to protecting the mobile device ecosystem is finding a way to protect the user from themselves by removing their control over some aspects of the phone’s operation.
ARM, whose designs power pretty much every phone on the planet, therefore focused on this problem with their “TrustZone” architecture, which makes it possible for phone manufacturers to lock down parts of the phone so the user can’t mess certain things up.
Securing Cloud Workloads
Another big problem Confidential Computing can help with is the problem of companies running their applications in the cloud. They want to upload their important business applications to the cloud yet be 100% sure that the operator of that cloud can’t see what it’s doing.
AMD have focused on this problem with their SEV technology. Google and others are using this as the basis of services that purport to let you upload an application and run it, unchanged, but in a way that Google can’t spy on.
It’s surprisingly tricky to get this to work securely but the attractions are obvious.
An entirely new class of business services
Both of the problems above are hugely important, and the value of their solutions is obvious. But there’s a third possibility that Confidential Computing can open up and it’s both ambitious and potentially game-changing.
And it’s the problem I opened this series with:
How do you, as the consumer of a service, know what it will do with your data when you submit it?
That’s not a problem phone manufacturers have to worry about. And it’s not a problem big companies need to worry about when they move their applications to the cloud; they already know what their application does!
It’s a third, entirely different problem. And it’s one that users of third party services worry about deeply.
From the perspective of a provider of data services, this is the problem of offering a service where your users can know, for sure, how you will handle their data. It’s the problem of inventing a ‘padlock’ that lets users know what you will do with their data rather than just telling them who is processing it.
And this is totally new. It would enable an entirely new class of “tamperproof” service, where users would know how their data would be processed, safe in the knowledge that the operator couldn’t tamper with the algorithm to exfiltrate their secrets.
For the first time in history, customers could be sure how their data will actually be processed.
And this is the world that we’re working to enable with the Conclave platform from R3, building on the third major technology in the Confidential Computing space, SGX from Intel. Intel SGX applies the concepts above but really focuses hard on the problem of convincing third parties exactly what a service is going to do with their data, and Conclave helps make business developers insanely productive with this technology so they can focus on their business logic.
This approach to Confidential Computing allows us to imagine stock exchanges whose operators cannot front-run their customers, or fraud analytics algorithms that can run across data owned by multiple firms at once but with nobody learning about each other’s customers, and much more.
Ultimately, when you know how your data will be used by your service provider — because it is, in effect, “tamperproof” — you’ll be far more willing to share your data and so service providers can, in turn, imagine ever more ambitious, powerful and valuable services for their customers.
This idea of “tamperproof” services is fundamentally new and it’s where we see a ridiculous amount of opportunity for those firms who seize the opportunities it presents to them. Any situation your customer is reluctant to share data because they fear how it might be used is one where this form of Confidential Computing can add value.
But why is the CTO of a blockchain firm writing about this?
The answer is that we at R3 had to solve a very similar problem as part of building Corda and, in so doing, we developed a platform that makes it extremely easy to write these new forms of “tamperproof” services. I don’t think Intel will mind me saying that SGX “out of the box” is not exactly user-friendly for business developers. And so building a platform that “tames” this technology and makes it accessible to the world’s independent software vendors and the engineers who work for them is of paramount importance.
And we’re making this platform, Conclave, available as a standalone product, as well as integrated with Corda Enterprise in the future. You can read more about it here.
In summary, Confidential Computing is the key to solving security problems for mobile devices and making it safe to run critical workloads in the cloud. And it is also going to enable entirely new “tamperproof” products and services that can prove to their customers exactly how data will be processed. And Conclave from R3 is at the forefront of this new wave of tamperproof applications that will soon be unleashed on the world!
