WIXLIB

Technical Paper Hardware and Software Components of Confidential Computing Architectures2.2 Sealing for Data PersistenceBecause enclaves function by means of shared functioncalls, the internal state of the enclave is not persisted afterthe host application unloads the library. To satisfy caseswhere developers need to persist data that is internal toenclave processes beyond the point where the enclave isloaded into system memory, Intel SGX provides a mechanismcalled sealing that allows this secret data to be stored moresecurely as an encrypted blob on untrusted media, securedby a CPU-generated key. The key can be tied to the enclave’sfingerprint, making the data only available to a specificversion of a specific enclave, or it can be tied to the enclave’ssealing authority, in which case multiple enclaves from thatauthority can seal and unseal each other’s data.2.3 Attestation for Protected Enclave InteractionsTo support cases where enclaves need to communicate orinteract with one another, Intel SGX provides attestationservices that enable those enclaves to each cryptographicallyverify the trusted status of the other’s secured executionenvironment. Those assurances include the following factors: The code is running as-built in a genuine enclave The hardware is a more secure Intel SGX-capableplatform with all needed microcode updates applied All necessary Intel SGX hardware and softwareconfigurations are made correctlyThe enclaves involved in attestation may or may not behosted on the same platform. “Local attestation” refersto interactions between enclaves on the same platform,so multiple enclaves in a single application can worktogether on common tasks or so separate applications cancommunicate data between enclaves. “Remote attestation”refers to similar verification for enclaves on separate hosts,as in the case where client and server applications mustprove their integrity to one another. Both local and remoteattestation enable trusted communication with integrity andconfidentiality assurances to occur over untrusted channels.3F ortanix Runtime Encryption Technology:Enablement for Intel SGXTo enable enterprises to protect data while it is in use,Fortanix Runtime Encryption implements deterministicsecurity such that computation can be carried out onencrypted data without ever exposing it outside enclaves inthe clear. The platform supports application binaries in theirexisting forms, without code modifications, so that time tobenefit is accelerated, and no burden or learning curve isimposed on developers. It also integrates easily with existingorchestration tools and development workflows.The components of Fortanix Runtime EncryptionTechnology—Enclave OS, Confidential Computing Manager,and Enclave Development Platform—are summarizedin Figure 3, and each is discussed in more detail in theremainder of this section.Platform Capabilities that Complement Intel SGX3rd Gen Intel Xeon Scalable processors incorporate multiple hardware-resident security features thatwork in conjunction with Intel SGX. The following features are of particular interest to CoSPs as they deploy5G network functions: Built-in crypto acceleration. To help CoSPs handle the performance impact of pervasive encryption in 5G,platform results include up to 4.2x higher TLS-encrypted connections per second. 2 Intel Platform Resilience. To protect fundamental platform firmware components, this Intel FPGA-basedsolution establishes a chain of trust and verifies firmware images before execution.Confidential ComputingManagerENCLAVE OSEDPRuntime for code insideIntel SGX enclaves:Manages enclaves andconfidential computing nodes:Environment for creatingenclaves from scratch: No changes to applicationbinaries required S ingle pane of glass;cloud-native SaaS O pen source; based on Rustprogramming language Operates a CPU-based rootof trust P rovides policy enforcementand attestation H igh performance and built-insecurity measuresFigure 3. Fortanix Runtime Encryption Technology.3

Technical Paper Hardware and Software Components of Confidential Computing Architectures3.1 Enclave OS: The Runtime Inside EnclavesFortanix Enclave OS provides runtime functionalityfor code inside enclaves so that applications can rununmodified with the confidential computing benefits of IntelSGX. In preparation for deployment, the application, itsdependencies such as libraries or managed runtimes, andEnclave OS are packaged together. The CPU itself derivesthe encryption key for this memory space on the fly usingsecrets provisioned in silicon without involvement from orexposure to privileged system software. Enclave OS providesencryption mechanisms for data written outside of theenclave: Data written to system memory is protected by anencryption key generated at boot time that is usable only byhardware-based processes. Data written to storage is encrypted with a data seal keyderived at runtime using a hardware secret, the identity ofthe application, and the identity of the signer. Data written to the network is protected by encryptionkeys (often TLS) generated by the application, which areisolated within enclaves while in use and encrypted using adata seal key while in storage.3.2 C onfidential Computing Manager: EnclaveManagement, Orchestration, and AttestationFortanix Confidential Computing Manager is a single paneof glass to control the overall enclave lifecycle, includingcreation, deployment, monitoring, and auditing. Teamsuse it to provision, orchestrate, and manage systems andapplications for confidential computing based on IntelSGX, including to create and manage the trust relationshipsbetween them. As a cloud-native SaaS platform, ConfidentialComputing Manager provides future-ready support foremerging enterprise infrastructures and topologies. It alsomanages all attestation activities for the Fortanix RuntimeEncryption platform.Each compute node sends a one-time attestation of itsstatus as a genuine Intel SGX-capable system to ConfidentialComputing Manager for purposes of enrollment as anApplication Node for enclave applications. After verifyingthat status with the Intel Attestation Service, ConfidentialComputing Manager provisions a secret with the FortanixQuoting and Provisioning Enclave on the compute nodethat enables it to attest to its genuine status on its own.Application Nodes may consist of any hardware thatsupports Intel SGX, whether located on-prem, in a hostedenvironment, or in a public cloud. Confidential ComputingManager also provides policy enforcement, such aswhitelisting containers that have been modified to operatewith Fortanix Runtime Encryption and geofencing them togovern where they can execute, to comply with regulationssuch as the EU General Data Protection Regulation (GDPR).3.3 E nclave Development Platform: Enclavesfrom ScratchFortanix Enclave Development Platform (EDP) is an opensource environment specifically for writing Intel SGXenclaves from scratch using the Rust programming language.Product engineering teams at Fortanix originally developedthe platform for internal use, to simplify access to IntelSGX features and functionality. The EDP makes it easy fordevelopers to enable software for confidential computing.Developers code using standard techniques, withoutneeding to partition applications into trusted and untrustedcomponents. They simply compile for Intel SGX using thebuilt-in Rust compiler, which also provides advanced staticcode analysis to automatically help improve softwaresecurity. Rust provides high compute performance, as well asportability to build code once and then run it across a rangeof OSs. The Rust project also makes assurances that existingcode will continue to be compatible with all future compilerupdates.4C onfidential Computing Use Cases:Finance and Healthcare4.1 Use Case 1: Money Laundering DetectionThe United Nations estimates that two to five percent of theglobal GDP is processed each year by money launderingoperations to disguise illicit sources. 3 Money laundering isa critical process for criminal parties to be able to make useof their illegal profits, with much of this money generatedthrough illicit drugs, weapons, and human exploitation.Denying such resources to criminals is of particularimportance, as money can be funneled into potential usessuch as funding terrorism or financing the proliferation ofnuclear, chemical, or biological weapons.Fortanix Confidential Computing technology and Intel SGX lie at the heart of the federated learning arrangementillustrated in Figure 4, where encrypted customer accountand network telemetry data from multiple banks isaggregated in a more secure enclave. That collective data setsupports far more sophisticated analytics than any individualbank’s data alone, enabling detection of transactions andpatterns that signal money laundering. The larger data setalso helps accelerate learning for deep learning modelsused in detection. The Confidential Computing arrangementrepresented in Figure 4 enables these calculations to beperformed without exposing sensitive information, withauditable privacy protections throughout the data lifecycle.4

Technical Paper Hardware and Software Components of Confidential Computing ArchitecturesFigure 4. Federated learning to detect money laundering.4.2 U se Case 2: Electronic Health RecordsImplementationThe German Social Security Code (§ 291a SGB V) sets outstandards for what health data must be stored in electronichealth records (eHR). The dataset includes “data on findings,diagnoses, therapeutic measures, treatment reports, andvaccinations for cross-case and multi-patient documentationabout the patient” for some 75 million individuals withprivate healthcare insurance. As the controllers of their ownhealth data, patients must have confidence in the data’ssafety as well as the ability to control access to it by medicalpersonnel and others.The eHR implementation, represented in Figure 5, deploysFortanix Confidential Computing technology on the IBMcloud to provide security enclaves using Intel SGX forisolated machine learning-based processing of personalheath data. Because the data is processed in unencryptedform only within more secure enclaves, it remains unavailableto unauthorized parties, even those with root access to theserver the data is being processed on. Data is accessibleonly by means of more secure enclaves, with data accesssubject to approval by the patient. The subsequente-prescription project in Germany specifies the use of TEEarchitecture for processing about 800 million transactionsper year, demonstrating the scalability of this type of privacypreserving solution.Figure 5. Protected access to electronic health records.5

Technical Paper Hardware and Software Components of Confidential Computing Architectures4.3 U se Case 3: Protected Real-World Evidence forClinical ResearchThe ability to use real-world evidence—as distinguishedfrom data collected in controlled trials—provides costefficient access to large data sets for clinical research.Examples could include real-time analysis of epidemiologicalor clinical data, reviews of medical and surgical outcomes,or investigations of potential new uses for approvedmedications. For these usages, privacy regulations requirethe data itself to be cloaked from the researchers, even asthey make secure queries against data sourced from largenumbers of healthcare data providers.The topology illustrated in Figure 6 implements Fortanix Confidential Computing Manager to support access andquerying within Intel SGX secure enclaves against nativepersonal health data housed in eHR systems. Patient datais protected using integrated policy controls at the federal,state, and local levels, and enclave-protected encryptionkeys protect audit logging that assists with regulatorycompliance. The ability to use real-world evidence in aprotected framework could enable research that wouldotherwise be impossible.4.4 Use Case 4: Chest X-Ray InterpretationChest X-ray images provide vital information for earlydetection and treatment of pneumonia and otherrespiratory diseases. Technological advances are allowingfor improvements in diagnostic capabilities that can assistcaregivers with information about effects on differentregions of the chest. Deep learning models are adept atanalysis across large numbers of radiological images, subjectto privacy requirements for the personal health data, andsecure training of those models benefits from access to thelargest amount of data possible.Fortanix Confidential Computing Manager enablesprotected programmatic access to chest X-ray imageswithin an Intel SGX secure enclave, as shown in Figure7. A convolutional neural network (CNN) classifies theimages according to their indications for pneumonia, otherconditions, or no findings. Because the neural network caneasily be deployed from the cloud, the model can also helpcompensate for shortages of radiological specialists andcomputing infrastructure, especially in remote areas.Figure 6. Research and analysis with real-world clinical data.6

Technical Paper Hardware and Software Components of Confidential Computing ArchitecturesFigure 7. Automated, more secure diagnosis using chest X-ray images.5 Fortanix Integration with Red Hat OpenShiftFortanix Node Agent is a software element that is deployed on compute nodes to enable confidential computing, includingallowing those nodes to register with Fortanix Confidential Computing Manager. The node agent assists with verification ofcompute-node hardware and system software, making it instrumental in setting up trusted compute pools. It also enablesmanagement of nodes and applications running in more secure enclaves. To enable integration between Red Hat OpenShift andFortanix Runtime Encryption, Fortanix engineers have implemented the Node Agent as a Red Hat OpenShift Operator for useacross on-premises, hosted, and public cloud compute nodes based on Intel SGX-capable systems, as illustrated in Figure 8.Figure 8. Confidential computing with Fortanix Runtime Encryption, Intel SGX, and Red Hat OpenShift .7

Technical Paper Hardware and Software Components of Confidential Computing ArchitecturesRed Hat OpenShift Operators are encapsulated softwarerepresentations of discrete sets of capabilities that RedHat OpenShift uses to provide services such as automatingmanagement or configuration tasks. Red Hat tests andvalidates Operators for functionality and soundness,creating an ecosystem of Red Hat OpenShift CertifiedOperators, which it offers on a SaaS basis. This certificationprocess complements Red Hat tooling and other support,including the Operator SDK, which streamlines developmentby abstracting away a layer of complexity when workingwith Kubernetes APIs. Red Hat also provides the OperatorLifecycle Manager, which oversees the lifecycles of allOperators on a Kubernetes cluster, including installation,configuration, and updates.The Fortanix Confidential Computing Manager NodeAgent Operator is available to developers and clusteradministrators through the Red Hat Embedded OperatorHub, which is included in Red Hat OpenShift. This simpledeployment path allows for quick provisioning andstreamlined maintenance of Fortanix Runtime Encryptioncapabilities on compute nodes as organizations standup enterprise-grade Kubernetes services with Red HatOpenShift. This combination of technologies providesbenefits across industry verticals as enterprises transformtheir digital operations for multi-cloud infrastructure.6 ConclusionConfidential computing fills an important gap in enterprisesecurity by protecting data while it is in use. Even sensitivetypes of data such as passwords and encryption keysare traditionally held in clear text within active systemmemory while computations are carried out on them,making them potentially vulnerable to interception. Inparticular, applications have been unable to shield dataeffectively from privileged processes such as OS services,dramatically reducing the effectiveness of encryption againstcompromised system software or insider threats.Intel SGX enables developers to partition a region of memoryas a more secure enclave that protects code and data whilein use with encryption based on a hardware root of trust.Developers designate a portion of the application as “trusted,”which runs in an enclave, shielded from all external processesand users, regardless of their privilege level. Fortanix RuntimeEncryption streamlines the use of Intel SGX by allowingapplications to take advantage of more secure enclaveswithout being modified and is included in Red Hat OpenShiftby means of a Red Hat OpenShift Certified Operator.The combined hardware and software stack composedof Intel SGX, Fortanix Runtime Encryption, and Red HatOpenShift supports enterprise strategic imperatives to createmore secure, highly automated, cloud-native environmentsfor the future.7 More InformationIntel echnology/software-guard-extensions.htmlFortanix Confidential tial-computing/Red Hat OpenShift iftConfidential Computing Consortium. https://confidentialcomputing.io/.See [70], [90], [71], and [69] at 3rd Generation Intel Xeon Scalable Processors - 1 - ID:615781 Performance Index. Testing by Intel as of August 4, 2020. Performance comparisons relativeto 2nd Gen Intel Xeon Scalable processors using a single buffer algorithm versus multi-buffer algorithms for 3rd Gen Intel Xeon Scalable processors. Results have been estimated based onpre-production tests at iso core count and frequency as of August 2020. Performance gains are shown for individual cryptographic algorithms.3United Nations Office on Drugs and Crime, “Money Laundering.” erview.html.Performance varies by use, configuration, and other factors. Learn more at https://www.intel.com/PerformanceIndex.Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available updates. See configuration disclosure for configuration details.No product or component can be absolutely secure.Intel does not control or audit third-party data. You should consult other sources to evaluate accuracy.Your costs and results may vary.Intel technologies may require enabled hardware, software, or service activation.You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel anonexclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein.The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are availableon request. Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.0222/RKM/MESH/346427-001US12

using Intel SGX instructions, as shown in Figure 2. From the viewpoint of code or data inside an enclave, everything outside is regarded as untrusted, which includes system software, BIOS, firmware, etc. Developers can use the Intel SGX SDK to define trusted and untrusted components of applications and create enclaves for trusted code and data.