Confidential computing with trusted execution environments

The data encountered in computing can exist in three different states: at rest, in transit, or in use. Data at rest refers to files stored locally on a hard drive or in cloud services like Google Photos or iCloud. Data in transit, on the other hand, includes information being transferred between devices or over networks, such as a password sent from a web browser to a bank’s server. Lastly, data in use pertains to information actively processed in a computer’s memory (DRAM) or processor’s registers.

For many years, the focus of data security has been on safeguarding data at rest and in transit. Tools like Proton or Bitlocker facilitate file encryption for data at rest, while public-key cryptography ensures secure transmission over networks. However, with the rise of cloud computing, large volumes of sensitive data, such as health and financial records, are processed on servers (e.g., AWS, Microsoft Azure and Google Cloud) beyond the direct control of data owners. Recent legal frameworks like the EU’s General Data Protection Regulation (GDPR) mandate cloud service providers to implement robust security measures to prevent unauthorized access or disclosure of sensitive client data during processing. The crucial question is how these security measures are implemented in practice.

Trusted execution environments

Confidential computing encompasses all the techniques proposed to protect data in use. One of such techniques is Homomorphic encryption (HE), which provides a way to process data in an encrypted form without the need for decryption. However, this technique is very computationally expensive and slow. A more practical solution introduced in the last decade involves using a Trusted Execution Environment (TEE).

A TEE is a shielded sandbox provided by a computer’s processor, ensuring that data is only decrypted while it is being processed within the CPU package. The data is automatically encrypted once it leaves the processor, making it inaccessible even to privileged software like the operating system or hypervisor. The power of TEEs lies in their ability to perform computations on unencrypted data (significantly faster than homomorphic encryption) while providing robust security guarantees. Additionally, cloud-based TEE technologies provide a technique called remote attestation to ensure that the code deployed on the remote server does not undergo any malicious modifications aimed at exposing sensitive data. Popular TEE technologies in the cloud include Intel SGX, AMD SEV, and more recently Intel TDX.

Use cases

The security guarantees offered by these technologies play a crucial role in facilitating computations involving highly sensitive data. Popular use cases include: collaborative analytics among banks for anti-money laundering and fraud detection, research and analytics on patient data for drug discovery purposes, and analytics involving citizen data.

TEEs are also widely deployed on user-end mobile devices like smartphones and tablets to protect sensitive data such as payment credentials and biometric information, and to enforce digital rights management. TEE technologies like ARM TrustZone can establish a chain-of-trust to ensure the underlying operating systems on mobile devices are free from malware, thus mitigating data breaches.

Vulnerabilities

While TEEs offer robust security guarantees, they are not entirely foolproof. For example, physically probing the processor package to expose secrets during processing is theoretically possible, but very difficult to achieve in practice. Also, certain security vulnerabilities associated with popular TEE technologies have been identified by research. Nevertheless, processor manufacturers continually work to address these issues, ensuring data remains secure on TEE-enabled platforms. Moreover, ongoing research efforts aim to enhance the practicality and performance of TEEs, and provide additional tools and techniques to achieve stronger security guarantees.

Conclusion

TEE technologies represent an important technological advancement aimed at addressing critical security challenges. By providing strong data confidentiality and integrity guarantees, these technologies provide a huge potential for enabling organizations to (more easily) engage in collaborative analytics of sensitive data and innovative research endeavors, while upholding privacy and security standards. With the growing demand for robust security measures, TEEs play a central role in shaping the future of data security.