 Hi folks and welcome to Computing Confidentially in the Clouds, a lightning talk introducing the topic of confidential computing. My name is Ava Black and I'm an open-source program manager at Azure in the Confidential Compute team. Now today I'll be speaking more about a broad shift in technology rather than any specific company or product or open-source project. There's some places you can find me on the internet like the Consortium or the CNCF. I'm also pretty active in Kubernetes and the Code of Conduct Committee and you can follow me on Twitter. So you might have heard the joke that the cloud is just someone else's computer but this is really, it's a misnomer. It belies the complexity and the scale of operating a cloud and it hides all of the work underneath those layers which must not be forgotten if you were, well, working in security. Now if you're not a cloud provider then your operating environment is fundamentally different today than it was before you were consuming a cloud or you're using a cloud whether it was a decade ago or more. Now but contractually speaking the business arrangements or agreements around responsibilities requirements to protect data are not all that different today than in the days of dedicated hosting when everyone got their own bare metal server. And over time we have added a lot of additional security protections to encrypt data at rest, encrypt data in transit. We've even added specialized hardware devices, particularly to cloud computing environments like HSMs and TPMs to try and bring some of the security promises back to these environments. There are, we can talk about three different isolation models. Guest, guest, guest host and host guest. Traditional hypervisors only support two of these right. They protect the host against a potentially malicious guest because if a guest could compromise the host it could then get at other guests and we don't want that. Now confidential computing tries to invert this, tries to protect the guest against a potentially compromised or malicious host environment whether that compromise might be a fault in the kernel or an unpatched device firmware or whatever it might be some layer below the guest. If the compromise with the threat comes from there today there's really not much protection in the guest environment and so this movement by the industry is trying to trying to solve that particular problem or that threat vector. Now no security solution is perfect and so this should be seen as entirely additive to any existing security measures you might have in place. It's also still very early days and so things are changing pretty rapidly. Now the confidential computing consortium itself is another Linux foundation project like the CNCF backed by some of the same companies a lot of the large hardware and cloud providers and it has as a group we've defined confidential computing as the protection of data in use by performing computation in a trusted execution environment. And all these companies since the founding about a year and a half ago a lot of companies have come together to really rally behind this cause and try and bring this vision to reality. Along the way we've identified three key properties that make a given environment confidential as well as some additional properties that might be present but are not necessary strictly speaking to protect data in use. We've also identified two different modes if you will for that protection based on hardware one is process based and one is VM based or application based and so in the process isolation scenario a particular trusted environment is set up where a process is run it's launched within a an untrusted guest next to other untrusted processes and this works through the CPU itself in this case SGX but that's not the only way our trust zone has a pretty similar model to this and it's just less prevalent in in clouds so I didn't really include it in the slide. The alternate model the VM based model actually relies on the hypervisor to launch a trusted guest operating system but it's the CPU that is ultimately isolating that environment that memory region the memory pages from other guests from the hypervisor and from other hardware devices. Now I should mention TPMs and HSMs these tools have been around for a while and people often ask how are they different than TEEs? A TPM lets a verifying process verify the integrity of other components of the platform like the hypervisor or the hardware but it doesn't isolate memory it doesn't protect against a changed different access pattern but it might let you detect a faulty system or an unpatched system something like that and an HSM lets you protect the confidentiality of some small amount of data like a key but it doesn't guarantee the integrity of the application processing that data. Now today available for cloud native use Intel has released the SGX device drivers for Kubernetes which is pretty awesome and Azure has also been working on some similar things and we have in production Kubernetes clusters with SGX devices enabled in them I know a couple other cloud providers like IBM also have SGX available to their clouds and this is you know useful for launching or orchestrating with Kubernetes a process designed to use an SGX device. I did mention at the beginning this talk the notion of trust and maybe inverting trust so I want to talk more about that and I need to introduce two legal terms now the exact definition of these terms varies depending on what regulation you're looking at what region you're in and so the GDPR here in Europe for example or if you're in California the CCPA other states like Washington have other laws that are being drafted right now I know India is looking at similar laws this talk is not legal advice and not a lawyer so whatever region you're practicing in or operating in if these laws apply of course consult your own attorneys for advice but I want to add the gist here whenever a person's data is handled by a company with whom they have established a relationship like say for me my email provider that company is the data controller they are controlling the data on my behalf and according to our agreement whatever I checked and signed when I signed up for that email provider now that data controller might set up agreements with other businesses to process data on their behalf maintain backups or offsite data recovery or index the data or provide some other services for me those data processors operate on the data on behalf of or under the guidance of the data controller and so there are obligations as far as protecting my data on both of those entities and and those might differ between different laws again so I'm not going to give advice here but just broach the topic we all need to begin considering these implications one thing is important to think about that none of those obligations today are contractually enforced between the data processor and data controller it's a business agreement there's no enforcement at a hardware or a crypto level so that's today what if what if we could enforce policy cryptographically you know notary is working on enforcing it uh in adding that capability for these checksums for what images are run and signed where and by whom and that's fantastic what if the actual launch control could not just be through the orchestration system that verified in the hardware does that help I think it might this also sounds kind of like blockchain but maybe without the massive power consumption so that's cool what if as a tenant I could lock down my environment I could prevent the cloud hosting company or their agents or anyone else using the environment from accessing my data or my customer's data and what if I could verify that through a trusted third party even if my data controller chose through business agreements to have someone else process the data on my behalf what if I could still maintain that enforcement through a hardware and so really what if we what if we invert the trust relationship inherent and outsourced computing I think the implications are pretty far-reaching now a group at Cambridge I don't have the link handy but try and get it and put it in chat um they recently published a position paper that proposes the implications this technology could have on the GDPR regulations and companies underneath it that it might strengthen the guarantees that data controllers are able to make and thus enable more companies to more easily comply with the GDPR I think that's pretty awesome there's a lot of other implications I just don't have time to go into here but I would love to chat with you about them and I'd love it if you're interested in collaborating on this you know come work with the CCC or look at some of the projects around confidential computing and SGX or MDSEV or ARM trust zone and and find ways to surface up those capabilities into the cloud native landscape and the CCC is actually planning to host a dev summit pretty soon stay tuned for details um we're really you know we'd love the collaboration between cloud native and confidential computing so if you like this talk you know find me online follow me on twitter you can find me on slack and send me any questions you have thanks so much