Xilinx Joins Confidential Computing Consortium With Hopes to Bring Security to Accelerators
The Confidential Computing Consortium is drilling down on hardware-based Trusted Execution Environments, and Xilinx is the newest member to benefit.
It seems that every few years there are headlines about a new, widespread, and powerful security exploitation affecting the field. From the Meltdown and Spectre attacks of 2018 to the more recent SolarWinds security attacks, security is becoming an undeniable necessity across hardware and software.
Further, the need for security is also spurred by the increasing use of cloud computing, where the data of millions of users is stored on the same hardware system.
It was with these thoughts in mind that the Linux Foundation launched the Confidential Computing Consortium (CCC) last spring. Since then, some of the industry's major tech companies have joined the consortium, including Arm, Facebook, Google, Huawei, Intel, Microsoft, Redhat, AMD, NVIDIA, and VMWare among others. Now, Xilinx has become the most recent member.
The Goals of the CCC
The CCC is a group of the world’s top hardware and software companies zeroing in on improved hardware security.
The consortium explains that data is always in one of three states: at rest (in memory), in transit, or in use (computation). Historically, effective security measures have been developed and implemented to provide security for data at rest or in transit.
Encryption algorithms help secure data in memory or in transit, but it is when data is in use that data seems to be the most vulnerable. Notably, the Meltdown and Spectre attacks both exploited architectural features of processors and how data was being used.
“The three states of memory.” Image used courtesy of the CCC
The goal then is to develop methods to secure the data while it's in use, also known as confidential computing. The CCC hopes to do this specifically by developing hardware-based Trusted Execution Environments (TEEs).
According to a CCC whitepaper, “A hardware-based TEE uses hardware-backed techniques to provide increased security guarantees for the execution of code and protection of data within that environment.” The CCC strives to provide a level of assurance through data integrity, data confidentiality, and code integrity.
Why Hardware-Backed TEEs?
The need for hardware-backed TEEs stems from the idea that security is only as strong as the layers below it. Research in the field of hardware security has continually shown that it doesn’t matter how secure a software system is if the hardware is exploitable. A classic example of this is the fact that AES is considered virtually impenetrable from brute force attacks, but can be broken relatively easily using differential power analysis attacks.
Venn diagram of various security technologies and how they relate to computing and TEEs. Image used courtesy of the CCC
Hence, for truly secure systems, security is required at the lowest layers possible—all the way down to the silicon. The end goal of the CCC is to create a system that is secure without reliance on proprietary software for confidential computing environments, meaning software-based TEEs just don’t cut it.
Xilinx Joins the Consortium
As of mid-December, Xilinx became the newest member of the CCC. By joining, Xilinx hopes to understand how hardware TEEs can be extended into accelerators, which are becoming an increasingly ubiquitous part of most computing systems.
Comparison of the scope of security for data in use with confidential computing vs. homomorphic encryption (HE) and trusted platform modules (TPM). Image used courtesy of the CCC
The company is currently entertaining two paths. The first includes partnering with AMD to explore AMD’s hardware TEE, Secure Encrypted Virtualization (SEV), to see how it might fit in with future Xilinx accelerators. The second path involves partnering with Arm's TEE, TrustZone, to extend the environment to future accelerator designs.
Secure Computing Environments to Come
The CCC is taking significant steps to create universally secure and easily adoptable computing platforms. With an emphasis on hardware security, the consortium aims to produce TEEs that are more robust, versatile, and importantly, secure.