Confidential Computing Meets Kubernetes

Introduction

Hardware and software providers have long offered assurances of security, and these assurances have oftentimes fallen short of expectations. An analysis of the track record for placing trust in individual organizations to protect data raises important questions for security professionals.
Unlikely scenarios of data breaches similar to those of Equifax and Capital One Bank have led to understandably deep skepticism of technologies that pledge new security protections.

In cloud computing, vendors and clients adhere to a shared responsibility model that is built on a certain degree of trust. Confidential Computing fortifies the separation of responsibilities and isolation of resources, to enable clients to control protecting applications and their data while running on the infrastructure provided by the cloud vendor.

The goal of Confidential computing is to reduce the attack surface to a minimum by reducing the trusted compute base (TCB), which usually includes the OS, hypervisor, and other software components in the lowest levels of the stack.

Definition

Like matter exists in three states — solid, liquid, and gas — in classical computing, data exists in three states: in transit, at rest, and in use. Data traversing the network is “in transit,” data in storage is “at rest,” and data being processed is “in use”.

The Confidential Computing Consortium has defined Confidential Computing as:

“The protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment”

New Features of Confidential Computing

In confidential computing, data processing takes place within a Trusted Execution Environment (TEE). This is achieved through a combination of memory page encryption, integrity protection, and remote attestation, enforced by the capabilities of modern CPUs.
These new features complete the trifecta of encryption at rest, encryption in transit, and now also encryption in use.

Tech primitives

Hardware-based TEE are widely available within modern CPUs and in datacenters for cloud platforms. Examples include Intel SGX and AMD SEV technologies.

When code is executed inside a TEE, it is both invisible and inaccessible to any unauthorized party — including the operating system itself.

Confidential Computing provides us with two new primitives: Confidential Virtual Machines (CVMs) and enclaves — both of which are considered instances of a trusted execution environment.

• Enclaves

An enclave is a protected memory region that provides confidentiality for data and code execution, and does not require an operating system. Therefore, enclaves remove the OS vendor from the trusted compute base.

Open Enclave Architecture

This increases the complexity when developing apps for Enclaves, but developer-friendly SDKs, such as Open Enclave and Occlum are available.

• Confidential containers

Confidential containers (CoCo) is an open-source community project working to bring confidential computing to Kubernetes containers. It ensures the entrypoint process of a container is executed inside a hardware-based TEE, and is protected from other confidential containers and any hosting environment in the TEE.

• Confidential virtual machines (CVM)

A confidential VM (CVM) is a virtual machine that is executed inside a hardware-based, attested TEE, whereby code and data within the entire VM image are protected from the hypervisor and the host operating system, as well as from other confidential VMs and any hosting environment in the TEE.

Offerings in Azure and Google Cloud make it as easy as choosing a different machine type or enabling a flag, to start using confidential machines.

• Attestation

Users desire to see for themselves the evidence that new technologies are actually safeguarding their data. While in traditional computing, there is often a desire to authenticate a server, in Confidential Computing the goal is to authenticate the TEE instance, and attestation is the means to do that.

During the attestation process, the CPU chip that created the TEE produces a cryptographically signed report (an “attestation report”) of the measurement of the instance. The measurement is then sent to an attestation service.

An attestation for process isolation authenticates an application, whereas an attestation for VM isolation conceptually authenticates a VM and/or the virtual firmware used to launch the VM.

• (Fully) Homomorphic Encryption (FHE)

Homomorphic Encryption enables performing computation on encrypted data without first decrypting it. Given two encrypted values, you can add, subtract, or multiply them, arriving at a still encrypted result. Among its strengths is that the only thing you must trust is the math, not the host, system admins, or software.

The challenges to commercial adoption are related to performance and cost. An operation that normally takes a millisecond might instead take minutes to complete, making FHE “impractical for general purpose computations due to its poor performance”.

Modernize and secure workloads without compromises!

Running workloads on Kubernetes propelled the wave of infrastructure and application modernization. Using confidential containers is a suitable solution to protect application workloads on managed Kubernetes clusters. Confidential VMs for cluster nodes protect the cluster’s control plane and workloads from the cloud provider, as well as any malware affecting the provider’s network or cloud management software.

Constellation is a Kubernetes distribution that does exactly that. It currently supports AMD SEV-based nodes on AWS, Azure and GCP. Its feature list includes:

• Runtime encryption: Confidential VMs with dynamic cluster autoscaling
• Network encryption using Cilium + WireGuard
• Block storage encryption using dm-crypt & dm-integrity
• Node images based on a minimal version of Fedora with measured boot and integrity protection
• Supply chain protection with sigstore and SLSA Level 3

Conclusion

Confidential Computing is available in production today. It provides practical, useful protections against an increasingly common class of threats occurring during processing, while data is in use.

According to a research study conducted by the Everest Group, Confidential Computing is the “Next Frontier in Data Security.” It is seen as a holistic data security model that mitigates risk across the data lifecycle, and therefore will become a standard for end-to-end security in the next 3–5 years.

The research firm also predicts the market demand for Confidential Computing could potentially double annually due to the increase in cyber risks facing organizations of all sizes, combined with the push from regulators to improve data security and privacy.

On the side of tech innovation, we should see confidential computing solutions based on Web-Assembly such as Enarx, and others based on Homomorphic Encryption, become available for production use cases.

If your organization is prioritizing security in the cloud to protect sensitive data and/or comply with privacy regulations, drop a message to mounir.ghlaiel@skale-5.com for a technical assessment of your use-case.

References

• A Technical Analysis of Confidential Computing — October 2021, v1.2 — White Papers & Reports — The Confidential Computing Consortium
• Terminology for Confidential Computing — December 2022 — White Papers & Reports — The Confidential Computing Consortium
• Confidential Computing: The Next Frontier in Data Security — October 2021 — Everest Group©
• Confidential Computing and Homomorphic Encryption — March 2023 — CCC Blog — The Confidential Computing Consortium
• What is Confidential Computing? — October 2022 — Profian Blog
• What Are Confidential VMs? — Profian — White Paper