Guest Fabian Kammel, Security Architect at ControlPlane, discusses confidential computing, trusted execution environments, and the differences between TPMs and HSMs. The chapter also explores the concept of confidential virtual machines and their use in sensitive industries like defense and healthcare.
Trusted execution environments (TEEs) and confidential virtual machines (CVMs) provide hardware-protected and isolated environments for computations.
TPMs and HSMs offer varying levels of security capabilities for key storage and cryptographic operations.
Confidential computing has practical application in PKIs for autonomous vehicles and verifiable build runners, enhancing security for sensitive workloads in cloud environments.
Deep dives
Trusted execution environments and confidential virtual machines
Trusted execution environments (TEEs) and confidential virtual machines (CVMs) are two key concepts in confidential computing. TEEs provide hardware-protected environments that shield sensitive computations from external observers. They have been used in specialized hardware like TPMs and HSMs. On the other hand, CVMs are virtual machines that offer memory encryption and remote attestation. CVMs are easier to use and provide transparency and isolation within the VM. They are available in cloud environments and can be a secure solution for sensitive workloads.
TPMs, HSMs, and their different capabilities
TPMs (trusted platform modules) and HSMs (hardware security modules) are both used in confidential computing, but with different capabilities. TPMs are common and relatively inexpensive, with limited memory and cryptographic capabilities. They provide basic security for cryptographic operations and key storage. On the other hand, HSMs are more powerful and expensive, offering stronger security measures like physical temper protection. HSMs are used for critical cryptographic operations and storage of root certificates.
PKIs for autonomous vehicles and verifiable build runners
Confidential computing has various use cases, including PKIs for autonomous vehicles and verifiable build runners. PKIs provide identities to vehicles, enabling secure communication between cars, road signs, and even road infrastructure. Verifiable build runners use confidential computing to ensure the integrity of the software build process. By storing attestation reports with the build and binary, one can check if the compiled software is genuine and hasn't been compromised.
Implications and challenges of confidential computing
Confidential computing offers enhanced security for sensitive workloads, especially in regulated industries like healthcare and defense. Despite the overhead of around 1-10% in compute resources, the security benefits outweigh the costs for most applications. However, challenges remain, such as trust within multi-tenant environments and securing the Kubernetes control plane. Projects like Confidential Containers (Coco) aim to address these challenges by integrating cryptographic primitives with Kubernetes to provide enhanced security.
Conclusion
Confidential computing is a rapidly evolving field that aims to enhance the security of sensitive workloads. Trusted execution environments and confidential virtual machines provide hardware-protected and isolated environments for computations. TPMs and HSMs offer varying levels of security capabilities for key storage and cryptographic operations. Use cases like PKIs for autonomous vehicles and verifiable build runners demonstrate the practical application of confidential computing. Despite challenges, confidential computing offers a valuable solution for securing workloads in cloud environments.
Fabian Kammel is a Security Architect at ControlPlane, where he helps to make the (cloud-native) world a safer place. In his career, he continuously worked to bring hardware security and cloud-native security closer together. His past projects include:
* A cloud-native PKIs for on-road vehicle services secured by enterprise HSMs
* An always-encrypted Kubernetes distribution that harnesses the power of Confidential Computing
* And more recently securing SPIFFE-based machine identities via hardware attestation.
Do you have something cool to share? Some questions? Let us know:
