August 27, 2023August 28, 2023 Azure Confidential Computing Table of Contents What is Azure Confidential Computing (ACC)? In short Azure Confidential computing protects data in use. It also encrypts data in memory and processes it only after the cloud environment is verified to be a trusted execution environment, helping prevent data access by cloud operators, malicious admins, and privileged software.Confidential Computing Consortium (CCC) – a foundation dedicated to defining and accelerating the adoption of confidential computing. The CCC defines confidential computing as: The protection of data in use by performing computations in a hardware-based Trusted Execution Environment (TEE). Confidential Computing - image from MS ignite 2023 presentation Azure Confidential Computing helps you to Prevent unauthorized access:Run sensitive data in the cloud. Trust that Azure provides the best data protection possible, with little to no change from what gets done todayMeet regulatory compliance:Migrate to the cloud and keep full control of data to satisfy government regulations for protecting personal information and secure organizational IPEnsure secure and untrusted collaboration:Tackle industry-wide work-scale problems by combing data across organizations, even competitors, to unlock broad data analytics and deeper insightsIsolate processing:Offer a new wave of products that remove liability on private data with blind processing. User data can’t even be retrieved by the service provider The Need for Trust Running confidential information on the cloud needs trust. You need to trust service providers and their solutions they offer. Very often providers can’t provide security after solution is ready. There are many reasons why this is happening and I don’t list them here. Most of you know them. One of the tool for reducing attack surface in used components is to use The Trusted Computing Base (TCB). The Trusted Computing Base (TCB) The Trusted Computing Base (TCB) refers to all of a system’s hardware, firmware, and software components that provide a secure environment.The components inside the TCB are considered “critical”. If one component inside the TCB is compromised, the entire system’s security may be jeopardized.A lower TCB means higher security. There’s less risk of exposure to various vulnerabilities, malware, attacks, and malicious people. Confidential Computing Framework (CCF) Confidential Consortium Framework (CCF) is an open-source framework for building highly available stateful services that leverage centralized compute for ease of use and performance, while providing decentralized trust. It enables multiple parties to execute auditable compute over confidential data without trusting each other or a privileged operator.Governance: Transparent, programmable consortium-style proposal and voting based governance that supports enterprise operating modelsService Integrity: Hardware-backed integrity for application logic and dataConfidentiality & Privacy: All transactions are confidential by defaultPerformance: Database-like throughput, low latency, deterministic commitsEfficiency: Minimal execution overhead compared to traditional solutionsResiliency: High availability and secure disaster recoveryLinks:Open source solutions to build Enclave applicationsConfidential Computing Framework Image taken from MS Ignite 2023 presentation Offerings in Azure There are offerings in Azure with which you can veryfy that applications are running confidentially form the very foundation of confidential computing. This verification is multi-pronged and relies on the following suite of Azure offerings: Service status during Microsoft Ignite 2023 Microsoft Azure Attestation is a remote attestation service for validating the trustworthiness of multiple Trusted Execution Environments (TEEs) and verifying integrity of the binaries running inside the TEEs. Azure Key Vault Managed HSM is a fully managed, highly available, single-tenant, standards-compliant cloud service that enables you to safeguard cryptographic keys for your cloud applications, using FIPS 140-2 Level 3 validated Hardware Security Modules (HSM). Trusted Hardware Identity Management is a service that handles cache management of certificates for all TEEs residing in Azure and provides trusted computing base (TCB) information to enforce a minimum baseline for attestation solutions. Trusted launch Trusted Launch is available across all Generation 2 VMs bringing hardened security features – secure boot, virtual trusted platform module, and boot integrity monitoring – that protect against boot kits, rootkits, and kernel-level malware. Azure confidential ledger ACL is a tamper-proof register for storing sensitive data for record keeping and auditing or for data transparency in multi-party scenarios. It offers Write-Once-Read-Many guarantees, which make data non-erasable and non-modifiable. The service is built on Microsoft Research’s Confidential Consortium Framework. Azure IoT Edge Azure IoT Edge supports confidential applications that run within secure enclaves on an Internet of Things (IoT) device. IoT devices are often exposed to tampering and forgery because they’re physically accessible by bad actors. Confidential IoT Edge devices add trust and integrity at the edge by protecting the access to data captured by and stored inside the device itself before streaming it to the cloud. Always encrypted with secure enclaves in Azure SQL Always Encrypted with secure enclaves in Azure SQL. The confidentiality of sensitive data is protected from malware and high-privileged unauthorized users by running SQL queries directly inside a TEE.More offerings in Microsoft Learn. Example of use case In this use-case use of a combination of Azure Confidential Compute technologies with Azure Policy, Network Security Groups (NSGs) and Azure Active Directory Conditional Access to ensure that the following protection goals are met for the ‘lift & shift’ of an existing application:Application is protected from the cloud operator whilst in-use using Confidential ComputeApplication resources can only be deployed in the West Europe Azure regionConsumers of the application authenticating with modern authentication protocols can be mapped to the sovereign region they’re connecting from, and denied access unless they are in an allowed region.Access using administrative protocols (RDP, SSH etc.) is limited to access from the Azure Bastion service that is integrated with Privileged Identity Management (PIM). The PIM policy requires a Conditional Access Policy that validates which sovereign region the administrator is accessing from.All services log actions to Azure Monitor. Image from https://learn.microsoft.com/en-us/azure/confidential-computing/use-cases-scenarios Confidential computing deployment models Azure confidential computing supports multiple deployment models. These different models support the wide variety of customer security requirements for modern cloud computing.Choose between deployment models: Infrastructure as a Service (IaaS) Under Infrastructure as a Service (IaaS) deployment model, you can use confidential virtual machines (VMs) in confidential computing. You can use VMs based on AMD Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP), Intel Trust Domain Extensions (TDX) or Intel Software Guard Extensions (SGX) application enclaves.More info. Platform as a Service (PaaS) For Platform as a Service (PaaS), you can use confidential containers in confidential computing. This offering includes enclave-aware containers in Azure Kubernetes Service (AKS). More info.Benefits of using Confidential containers:Confidential containers on Azure run within an enclave-based TEE or VM based TEE environments. Both deployment models help achieve high-isolation and memory encryption through hardware-based assurances. Confidential computing can help you with your zero trust deployment security posture in Azure cloud by protecting your memory space through encryption.Below are the qualities of confidential containers:Allows running existing standard container images with no code changes (lift-and-shift) within a TEEAbility to extend/build new applications that have confidential computing awarenessAllows to remotely challenge runtime environment for cryptographic proof that states what was initiated as reported by the secure processorProvides strong assurances of data confidentiality, code integrity and data integrity in a cloud environment with hardware based confidential computing offeringsHelps isolate your containers from other container groups/pods, as well as VM node OS kernel Confidential VMs on AMD SEV-SNP Confidential VMs on AMD SEV-SNP offer hardware-encrypted protection of the entire VM from unauthorized access by the host administrator. This level typically includes the hypervisor, which the cloud service provider (CSP) manages. You can use this type of confidential VM to prevent the CSP accessing data and code executed within the VM.VM admins or any other app or service running inside the VM, operate beyond the protected boundaries. These users and services can access data and code within the VM.AMD SEV-SNP technology provides VM isolation from the hypervisor. The hardware-based memory integrity protection helps prevent malicious hypervisor-based attacks. The SEV-SNP model trusts the AMD Secure Processor and the VM. The model doesn’t trust any other hardware and software components. Untrusted components include the BIOS, and the hypervisor on the host system. Secure enclaves on Intel SGX Secure enclaves on Intel SGX protect memory spaces inside a VM with hardware-based encryption. The security boundary of application enclaves is more restricted than confidential VMs on AMD SEV-SNP.For Intel SGX, the security boundary applies to portions of memory within a VM. Users, apps, and services running inside the Intel SGX-powered VM can’t access any data and code in execution inside the enclave.Intel SGX helps protect data in use by application isolation. By protecting selected code and data from modification, developers can partition their application into hardened enclaves or trusted execution modules to help increase application security.Entities outside the enclave can’t read or write the enclave memory, whatever their permissions levels. The hypervisor or the operating system also can’t obtain this access through normal OS-level calls. To call an enclave function, you have to use a new set of instructions in the Intel SGX CPUs. This process includes several protection checks. Demo - an acc virtual machine Prequisites There are prerequisites for the subscription but in my case I was already configured it.Free trial subscription doesn’t work. You need to have at least pay-as-you-go subscriptionIf Confidential disk encryption with a customer-managed key is required, please run below command to opt in service principal Confidential VM Orchestrator to your tenant Azure CLI: Connect-AzureAD -Tenant "your tenant ID" New-AzureADServicePrincipal -AppId bf7b6499-ff71-4aa2-97a4-f372087be7f0 -DisplayName "Confidential VM Orchestrator" Create confidential virtual machines Creating confidential virtual machines is done mostly the same way as normal vm but you need to change the OS Security type:and then configure the security features:and select the image and vm architecture which supports confidential computing (SGX). Disks. When choosing Disks you need to enable Confidential compute encryption if you want to encrypt your VM’s OS disk during creation. You can also choose Confidential disk encryption with a customer-managed key as a Key management but before that you need to create Confidential disk encryption set with:Azure Key Vault selecting the Premium pricing tier that includes support for HSM-backed keys OR create Azure Key Vault managed Hardware Security Module (HSM).As needed, make changes to settings under the tabs Networking, Management, Guest Config, and Tags.Select Review + create to validate your configuration. Highlights after creating vm:VM Generation needs to be V2.Security type is Confidential, vTPM is enabled by default (you can’t disable it).The result of the Disks shows (in my demo case) like this:This was for virtual machine but you need to create all the other needed components following ACC guidelines for example AKS, applications etc. Resources There are a lot of documentation in Microsoft Learn but I lifted these links below where to start: Azure Confidential Computing in Microsoft Learn Microsoft Tech Community blogConfidential Computing ConsortiumTrusted Computing BaseThe Open Enclave Software Development Kit (OE SDK)The Intel SGX SDKThe EGo Software Development KitThe Confidential Consortium Framework (CCF)Open Enclave examples from GitHub Conclusion Confidential Computing may be the future of trusted/public cloud computing. Follow these principles:Listen what your customers wantPlan the solutions following Confidential Computing guidelinesExplain to the customer why the project might cost more than basic public cloud project (if needed)Deploy solution as secure as it could be (at least for that security level customer wanted it)Do not over-promise if you can’t deliverThe last bullet needs explanation. I have so many times seen solutions which are not secure enough because with different excuses. Jussi Metso Author is a a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future. Share on Social Media x facebook linkedinwhatsapp Discover more from Jussi Metso Subscribe to get the latest posts sent to your email. Type your email… Subscribe CC