Confidential computing

Author: Massimo Attoresi

Traditionally, data security focuses on two main states: at rest - when data are stored on physical or digital media - and in transit - when they are being transmitted between systems. Protection for data at rest typically relies on strong access controls and encryption, while data in transit are safeguarded using secure communication protocols that employ cryptographic algorithms.

However, there is still a risk that data may be accessed and modified by unauthorised individuals while being processed in clear text, for example, when executing a service in the cloud. The idea behind confidential computing is to protect data while it is being used. This protection has become increasingly important as organisations have started moving their processing operations out of their data centres, thereby losing direct control of their data.

The Confidential Computing Consortium (CCC) has defined confidential computing as "the protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment (TEE)”. The TEE technology utilises specialised hardware features and software modules to create secure enclaves[i] within (hardware) processors, ensuring that the protected sensitive data and code are processed therein rather than in the general-purpose hardware and software processing environment. This way, data and code remain isolated even from privileged system software and hypervisors.[ii] They are protected from any unauthorised access even by cloud service providers and tenants[iii] of other cloud services deployed within the same IT infrastructure. This approach fundamentally changes the traditional trust model by removing the need to trust the infrastructure owner or operator and reinforces the protection against other threats. When deployed in mobile or edge devices, confidential computing strengthens the protection against attacks by most types of threat agents, from operating system providers, to developers of the vast variety of apps running in the device, to hackers.

The core principles of confidential computing rest on three fundamental security properties provided by TEEs: data confidentiality (unauthorised entities cannot access data during processing), data integrity (unauthorised entities cannot modify data during processing), and code integrity (unauthorised entities cannot alter executing code).

The hardware-based mechanisms that enforce these properties leverage memory encryption, access control and cryptographic attestation. The TEE can prove its origin of code or data through attestation and protect against forgery by unauthorised parties. To ensure authenticity, cryptographic keys generated and securely stored within the TEE are used for data encryption and other operations such as digital signatures. These keys form the foundation of a ‘chain of trust’, serving as the root of trust for all cryptographic processes.

TEEs can be deployed in any processing infrastructure, from local devices to the cloud. Local device implementations typically rely on TEE-enabled processors. Cloud providers offer TEE-enabled virtual machines and container services, allowing customers to deploy confidential computing workloads without managing the underlying hardware.

Trend developments

Confidential computing has its roots in the 1990s’ advancements in encryption technologies for data at rest and in transit. Here we reference just a few milestones of its development, with concrete examples. The adoption of trusted computing in smartphones has its inception in 2004, when Arm introduced TrustZone isolation technology based on CPU extensions. In 2015, Intel introduced Software Guard Extensions (SGX) hardware technology, consisting in setting up secure “enclaves” for code and data, used mostly on cloud platforms. In 2017, AMD introduced the Secure Encrypted Virtualization (SEV) hardware to provide virtual machine-level isolation for cloud platforms.

So far, confidential computing deployment has been limited by the performance overhead and higher costs, depending on the operations performed and the computing architecture. Yet, all major digital technology providers have already started to integrate confidential computing in their mobile and cloud offerings. In mobile devices confidential computing is bound to become a key enabler of high-level of trust applications, such as digital identity wallets.

Recent developments go in the direction of integrating confidential computing with artificial intelligence technologies both in mobile devices as well as in the cloud. For example, NVIDIA is now integrating confidential computing in their Graphic Processing Units (GPU), a type of computing device which has a major role in AI processing thanks to its specialised architecture.

Another trend for confidential computing is complementing privacy-enhancing technologies such as multi-party computation, homomorphic encryption and federated learning,[v] by rendering the integrated solution more secure or more efficient and thus more affordable.

As costs decrease and confidential computing technology matures, it is expected to become as common as encryption of data in transit or at rest, thus providing comprehensive protection for data throughout its entire lifecycle.

Potential impact on individuals

Confidential computing represents a further, crucial component for a layered and holistic approach to protect personal data and individuals by implementing the security measures necessary after assessing data protection risks. This includes security standards and best practices, as well as controls such as proper access control and key management. It complements the mitigation of confidentiality and integrity risks at rest and in transit with the mitigation of these risks when personal data are in use.

For example, when storing and managing cryptographic files and identification data in digital identity wallets, confidential computing can mitigate the risk of impersonation of the device owner by other individuals and avoid any possible prejudicial consequences. At the same time, the use of this technology in cloud-based processing of personal data such as financial data or health data could prevent unlawful access and use of this data by hackers, cloud providers or other tenants, thus avoiding highly impactful consequences for the individuals concerned.

This technology can also increase organisations’ control over their personal data when processed in the cloud and facilitate compliance with data protection rules on transfers when the cloud infrastructure is located in non-adequate countries. More in general, confidential computing provides a decisive level of protection for any kind of collaborative computing when personal data are processed by someone else’s device or are processed by organisations different from the one to whom personal data were entrusted.

Designing and implementing ‘state of the art’ confidential computing where necessary contributes to meeting the principle of data protection by design and by default.

This technology does not protect data in use from every kind of threat. Confidential computing protects from attacks on any software weaknesses, attacks on protocols used for attestation and other functionalities, cryptographic attacks, and some basic physical attacks to memory and other electronic components.

On the other hand, depending on the specific technology and product, confidential computing does not generally protect effectively against supply-chain attacks[vi], side-channel attacks[vii] or sophisticated physical attacks and availability attacks. In confidential computing, the originating source of trust is the hardware manufacturer, which provides the authenticated firmware that guarantees the confidentiality and integrity of the data in use. This is why the protection and certification of the supply chain is essential.

Suggestions for further reading

• Feng, D., Qin, Y., Feng, W., Li, W., Shang, K., & Ma, H. (2024). Survey of research on confidential computing. IET Communications, 18(9), 535-556.
• Bertani, A., Caraccio, D., Zanero, S., & Polino, M. (2024, September). Confidential Computing: A Security Overview and Future Research Directions. In Proceedings of the 8th Italian Conference on Cyber Security (ITASEC 2024) (pp. N-A).
• Confidential Computing Consortium. (2022). A technical analysis of confidential computing. Confidential Computing Consortium–Linux Foundation, Technical Report v1, 3.
• Miladinović, D., Milaković, A., Vukasović, M., Stanisavljević, Ž., & Vuletić, P. (2024). Secure multiparty computation using secure virtual machines. Electronics, 13(5), 991.