Protecting your data remains complex, especially in the cloud.
It’s true that it is difficult to protect against malicious acts from an infrastructure administrator when this person is a hyperscaler from whom you rent physical or virtual machines. Even if the disks are encrypted, the administrator can still analyze the data in the server’s RAM.
“Confidential computing” techniques help guard against this kind of threat by encrypting data in memory. Since 2015, Intel SGX (Software Guard Extensions) technology has enabled launching processes in an encrypted memory area. This digital enclave technology is now perfectly mature, but its implementation remains complex, as it requires adapting the code to benefit from it. In 2019, AMD offered a more advanced and flexible solution: AMD SEV (Secure Encrypted Virtualization). This technology allows for the direct launch of virtual machines (VMs) in encrypted memory spaces, greatly facilitating the deployment of protected environments. Intel also now offers a technology for deploying confidential VMs: Intel TDX (Trust Domain Extensions).
All companies are now advised to replace their conventional VMs with confidential VMs. The benefits are clear:
- They are available from most hyperscalers and major hosts at affordable rates (about 10% higher than conventional VMs).
- Everything deployed within a confidential VM is protected from the outset, with only a moderate impact on performance (around 5%).
- Confidential VMs allow cloud infrastructures to easily comply with data protection standards and legislation.
A secure technology…as long as the integrity of the environments can be guaranteed
Several vulnerabilities have been found in AMD SEV and Intel TDX solutions. However, these technologies are rapidly maturing and are becoming increasingly reliable and robust. Nonetheless, a malicious infrastructure administrator could bypass them by modifying the hardware or software stack. This is why it is imperative to add a verifiability solution to confidential VMs. This will ensure that neither the hardware environment nor the software layers have been altered, from the firmware to the operating system.
Our approach involves providing turnkey Red Hat and Ubuntu environments, perfectly secured with an integrated standard verifiability tool that will calculate the hardware and software environment’s signature. This makes it possible to verify at any moment that the entire integrity has not been altered by recalculating the signature. The Cosmian Verifiable & Confidential Trusted Execution Environments are offered in two versions: Cosmian VM, to protect against alterations from infrastructure administrators, and Cosmian Enclave, to guard against threats from infrastructure and system administrators.
The Confidential VMs offer the possibility to run any application confidentially and verifiably, including your own Cosmian KMS. The Cosmian Verifiable & Confidential Trusted Execution Environments will be integrated into major hyperscalers marketplaces soon, including Google, Amazon, and Microsoft, each with whom we collaborate. This is an effective way for each of these giants to ensure the integrity of their encrypted virtual machines.
About Intel TDX
About AMD SEV-SNP