How Google and Intel make Confidential Computing more secure
Staff Software Engineer, Google Cloud
Principal Engineer Platform Security
Confidential Computing has quickly emerged as a critical technology to ensure confidentiality and security of sensitive data while it’s being processed. It performs computation in a hardware isolated environment that is encrypted with keys managed by the processor and unavailable to the operator. These isolated environments help prevent unauthorized access or modification of applications and data while in use, thereby increasing the security assurances for organizations that manage sensitive and regulated data in public cloud infrastructure.
Raising the bar for Confidential Computing
Google is committed to ensuring Confidential Computing technology is as secure as possible before releasing products to customers. We therefore evaluate various attack vectors to make certain that Google Cloud Confidential Computing environments are protected against a wide range of adversaries.
While there are no guarantees in computer security, collaborative research efforts can help identify security vulnerabilities that may emerge in these complex environments before malicious actors can exploit them. To this end, it is essential to have strong partnerships between industry leaders to develop and implement the most secure solutions possible.
Recently, Google and Intel collaborated on a new research project to identify potential security vulnerabilities in Intel's new Confidential Computing technology, Intel Trust Domain Extensions (Intel TDX). In addition to an expanded feature set, Intel TDX offers full VM compute models without requiring any code changes.
The primary goal of the security review was to provide assurances that the Intel TDX feature is secure, has no obvious defects, and works as expected so that it can be confidently used by both cloud customers and providers. Any defects or weaknesses discovered during the review were fed back to Intel for remediation. We are now happy to report all issues that we reported have been remediated by Intel.
A secondary goal was to have a better understanding of the expected threat model for Intel TDX and identify limitations in the design and implementation that would better inform Google's deployment decisions.
During the review there was close collaboration between Google and Intel engineers. Questions and issues were handled through a shared issue tracker and regular technical meetings. This allowed Intel to provide deep technical information about the function of the Intel TDX components as well as enabling the reviewers to resolve potential ambiguities in documentation and source code.
The joint team inspected the firmware looking for issues, including those related to arbitrary code execution, safe error handling and state management, and denial of service. The review covered 81 potential attack vectors, and resulted in 10 confirmed security issues and five defense-in-depth changes over a period of nine months.
Collaboration is key to secure technology
The success of this unprecedented partnership can be seen in a recent report released by Google Cloud Security and Google Project Zero that details the findings and mitigations discovered during their collaboration with Intel. The report showcases the importance of collaborative research efforts in identifying and addressing security vulnerabilities in complex environments. It also highlights the benefits of sharing research results with the broader community to promote transparency and improve overall security.
“We want to make it such that people don’t worry about the security and trustworthiness of their data,” said Anil Rao, vice president and general manager of systems architecture and engineering in the Office of the CTO at Intel. “Organizations use confidential computing to control their data and provide access to trusted parties in a manner that is verifiable, revocable and time sensitive — we have an obligation to make sure the technology is secure. Our early effort with Google solidifies our commitment to perform thorough analysis to address all potential vulnerabilities.”
Our partnership and shared goal of transparency is important beyond this one review. Google is supporting Intel to make the TDX firmware source code base both publicly accessible and verifiably buildable. This firmware is part of what confidential computers will rely on and attest as part of their Trusted Computing Base (TCB), and a primary target for our collaborative review. By open sourcing the code, Intel helps Google Cloud’s customers and the industry as a whole to improve our security posture through transparency and openness of security implementations.
Working together with vendors like Intel helps harden Confidential Computing solutions from threats today and into the future, ultimately delivering increased levels of trust for customers. Joint efforts like this between Google and Intel are compelling examples of how collaboration between industry leaders can strengthen the security of critical technologies like Confidential Computing. With the analysis now complete and the vulnerabilities addressed, the Intel and Google security teams agree that the Intel firmware which enables Confidential Computing solutions meets an elevated security bar for customers, as the firmware updates motivated by this review mitigate several bug classes and offer a way to recover from vulnerabilities.
Secure data in the cloud
The success in improving the security of Confidential Computing platforms is just one example of the benefits of sharing research results and working together on transparent open source code bases to strengthen the security of technologies. We believe Confidential Computing is an industry-wide effort that is critical for securing sensitive workloads in the cloud.
This collaboration is a continuation of the security work we’ve been doing around Confidential Computing. Previously, the Google Cloud Security team, Google Project Zero, and the AMD firmware and product security teams collaborated for several months to conduct a detailed review of the technology and firmware that powers AMD Confidential Computing technology. This review covered both Secure Encrypted Virtualization (SEV) capable CPUs, and the next generation of Secure Nested Paging (SEV-SNP) capable CPUs which protect confidential VMs against the hypervisor itself.
Acknowledgments: We thank the many Google security team members who contributed to this ongoing security collaboration and review, including Josh Eads, James Forshaw, Erdem Aktas, Felix Wilhelm, Christian Ludloff, and Arthur Wongtschowski.
We are grateful for the open collaboration with Intel engineers, and wish to thank Arie Aharon, Baruch Chaikin, Boaz Tamir, Dhinesh Manoharan, Dror Caspi, Fahimeh Razaei, Nagaraju Kodalapura, and Truc Nguyen for their commitment to product security.