To further strengthen our commitment to providing industry-leading coverage of data technology, VentureBeat is thrilled to welcome Andrew Brust and Tony Baer as regular contributors. See their articles in the data pipeline.
Confidential computing focuses on a potentially revolutionary technology, in terms of its impact on data security. In confidential computing, data remains encrypted, not only inactive and in transit, but also in use, allowing you to perform analysis and machine learning (ML) on the data, while maintaining its confidentiality. The ability to encrypt the data in use opens up a wide range of possible real-world scenarios and has important implications and potential benefits for the future of data security.
VentureBeat spoke to Raluca Ada Popa about his research and work in developing practical solutions for confidential computing. Popa is an associate professor at the University of California, Berkeley, and is also a co-founder and president of Opaque Systems.
Opaque Systems provides a software offering for MC2 open source confidential computing project, to help companies interested in using this technology, but who may not have the technical skills to work at the hardware level.
The journey of confidential computing
Popa retraced the history of confidential computing, its mechanisms and its use cases. The problems that confidential computing is designed to address have been around for decades, with several people working to solve them. He explained that already in 1978 Rivest et al. recognized the privacy, confidentiality and functionality benefits that would come from being able to process encrypted data, although they did not develop a practical solution at the time.
events
Low code / no code vertex
Join today’s top executives at the Low-Code / No-Code Summit virtually on November 9th. Sign up for your free pass today.
Register here
In 2009, Craig Gentry developed the first practical construction, an entirely cryptographic solution, called fully homomorphic cryptography (FHE). In FHE, the data remains encrypted and the calculation is performed on the encrypted data.
However, Popa explained that FHE was “orders of magnitude too slow” to allow for analytics and machine learning, and although the technology has been perfected since then, its speed is still suboptimal.
A better approach of both worlds
Popa’s research combines a recent advance in hardware that has emerged in recent years, called a hardware enclave, with cryptography, into a practical solution. Hardware enclaves provide a reliable execution environment (TEE) in which data is isolated from the software and operating system. Popa described the hybrid approach of combining hardware enclaves with encryption as the best of both worlds. Within the TEE, the data is decrypted and the calculation is performed on this data.
“As soon as it comes out of the hardware box, it is encrypted with a key merged into the hardware …” Popa said.
“It seems to be always encrypted from the perspective of any operating system, administrator or hacker …[and] any software running on the machine … it only sees encrypted data, “he added.” So it’s getting basically the same effect as cryptographic mechanisms, but has processor speed. “
Combining hardware enclaves with cryptographic computing enables faster analysis and machine learning, and Popa said that “for the first time ever we really have a practical solution for analytics and machine learning on confidential data.”
Hardware enclave vendors compete
To develop and implement this technology, Popa explained that she and her team at UC Berkeley’s RISELab “received early access from Intel to its SGX hardware enclave, the pioneer enclave,” and during their research established that “the right use case” for this technology is confidential computing. Today, in addition to Intel, many other vendors, including AMD and Amazon Web Services (AWS), have launched their own processors with hardware enclave technology.
However, there are some differences between vendor products, in terms of speed and integrity, as well as user experience. According to Popa, the Intel SGX tends to have higher integrity guarantees, while the AMD SEV enclave tends to be faster.
He added that AWS ‘Nitro enclaves are mostly software-based and don’t have the same level of hardware protection as Intel SGX. Intel SGX requires code refactoring to run legacy software, while AMD SEV and Amazon Nitro enclaves are better suited for legacy applications. Each of the three cloud service providers, Microsoft, Google, and Amazon, also have enclave offerings.
Because the hardware enclave technology is “very crude, they offer a very low-level interface,” he explained – Opaque Systems provides a “specially created analytics platform for confidential processing” designed to optimize open source MC2 confidential processing project for companies wishing to use this technology to “facilitate collaboration and analysis” on confidential data. The platform includes multi-layered security, policy management, governance, and assistance in creating and scaling enclave clusters.
Further implications
Confidential computing has the potential to change the game for access controls as well. Popa explained that “the next step allowed by cryptography is to provide access not only to the data, but to some function results on it.” For example, don’t give access to ” [the] whole data, but only on a trained model [the] data. Or perhaps a query result, a statistic, an analysis query based on [the] data.”
In other words, instead of giving access to specific rows and columns of data, access would be granted to an aggregate, to a specific type of output or by-product of the data.
“This is where confidential processing and encryption come into play … I encrypt the data and you perform the confidential processing and calculate the correct function while keeping [the data] encrypted … and only the final result is revealed, “Popa said.
Function-based access control also has implications for ethics because machine learning models could be trained on encrypted data without compromising personal or private data or revealing information that could lead to bias.
Real world scenarios of confidential information technology
Allowing companies to leverage analytics and machine learning on sensitive data, and allowing access to data functions, together opens up a wide range of possible use cases. The most significant of these include situations where collaboration is allowed between organizations that previously could not collaborate, due to the mutually confidential nature of their data.
For example, Popa explained that “traditionally, banks cannot share their confidential data with each other”; however, with its platform to help businesses take advantage of confidential information technology, Opaque Systems allows banks to share their data confidentially while analyzing training models and models to detect fraud more effectively.
Also, he said, “health institutions [can] they bring together their patients’ data to find better diagnoses and treatments for diseases “, without compromising data protection. Confidential computing also helps break down the walls between departments or teams with confidential data within the same company, enabling them to collaborate where they couldn’t before.
Plotting a course
The potential of confidential computing with hardware enclaves to revolutionize the computing world was recognized this summer when Popa won the ACM Grace Murray Hopper Award 2021.
“The fact that the ACM community recognizes computing technology on encrypted data … as an outstanding achievement that revolutionizes computing … gives a lot of credibility to the fact that this is a very important issue that we should be working on,” he said. said Popa – and to which his research and work have provided a practical solution.
“It will help because of this confirmation for the problem and for the contribution,” he said.
VentureBeat’s mission it must be a digital town square for technical decision makers to gain insight into transformative business technology and transactions. Discover our briefings.
