CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

Understanding confidential computing

What is confidential computing? Former CTO and co-founder of Profian Nathaniel McCallum breaks down exactly what confidential computing is and how it is changing some of the challenges around security.

Video Transcript

[Music] a topic that you mentioned earlier when you were doing your introdes uh profion um was around confidential Computing and that is an interesting term especially here being on security podcast uh what what does that even mean what do you mean by confidential Computing yeah that that's a great question so uh first of all um I'll say that I'm just here following the definition of the confidential Computing Consortium so there's actually a Consortium that that governs this definition so I'm not just making this up out of nowhere uh and if you want more information please check out the confidential Computing Consortium so uh the confidential Computing uh Consortium and the uh in sub industry that it represents uh really represents a new set of Technologies that's come in the latest generation of chips so these are broadly available for example in Intel ice like xeons as well as AMD Milan uh in the Epic line and these allow you to run a computation right so you can run an application where the actual pages of that application as they're kept in memory are encrypted by the memory controller using a unique key this provides several properties first it provides uh confidentiality and integrity of uh of the data that's being run in the application so if you have sensitive data like healthcare data or financial data or cryptographic keys or any of those kinds of things right all of those uh actually run encrypted in the memory and even if you get a root level vulnerability right if or you know ring zero if you can actually get the highest privilege level on x86 for example you still can't see into the data and you can't manipulate the data because it's actually enforced by the hardware so uh so that's a really big benefit but it's actually not the biggest benefit then the next benefit that you get uh is the Integrity of the of the code that's running this is according to the definition now anarchs also aims to provide Integrity uh and confidentiality of the code but what we mean here is that the code that's actually running runs in a way where you can't tamper with it so you can't at runtime for example attach a debugger to it and then change the instruction that actually are executing in that code the uh the third thing is that it provides and we provide attestation attestation is a cryptographic proof from a hardware route of trust that uh that the application is running in this kind of environment and this is what allows you to run a process on one system and then to be able to connect to it in another system and know that it is running in a tamper resistant environment and we think attestation is really the Big Value Point here if you look for example um you know I IBM just released uh the the cloud security study a really great thing go Google it it's it's fantastic um and they you know they revealed for example that according to their study the average data breach costs nine million dollars and um many companies have more than one in a single year uh we we have basically looked at that and we've we've pointed out that uh if you if you look at all of the examples of these these big vulnerabilities that have happened uh the big data breaches that have happened that should be more clear more clear um they they all have at their at their uh Center a root cause which is that uh people are accessing data in a way that uh is and they're successfully completing the uh authentication and authorization but uh they're doing so you know because they have keys so they can spoof another user what we're not seeing in the industry is we're not seeing a failure of authentication as designed uh it is working as designed but what we have a failure to do is a failure to scope a disclosure of data to a particular operation and this is precisely the tool that attestation brings to the Playbook of everyone out there so um a little example I like to give here is uh if you're a customer and you go to a bank and you say hey uh what is the what is the uh balance of account one two three four they're not just going to tell you that information the first thing they're going to do is they're going to say hey who are you and they want to see some ID first right that that's your your authentication and then they're going to look and see if uh if you actually own that account and if you're privileged to have that information and uh and you can they see that you own the account and therefore they are willing to give you information they tell you what the balance of that account is so you've just gone through an authorization another authentication step but what's interesting is that now that data is unscoped they've given you that information but what you can do with that information is absolutely unlimited you could tell your friends you could announce it you could send it you know to a foreign power if you wanted to um so what you can actually do with that data is unscoped and this is roughly the way that we treat all data systems on the internet today and this is the thing that fundamentally needs to change if we're going to actually make a significant Dent by the way the the inflation in terms of cost for data breaches right now is um I think it was something like 22 percent over the last two years so so that's the cost of data breaches going up right and so uh so this this is this is a pretty fundamental problem and the way we solve this with attestation is that rather than asking who gets access to the code and then letting them do whatever they want with that we actually say what are you going to do with that data so in the and this is really important because in Computing systems there are no humans directly involved even if you're sitting at the computer typing there's software in between you and that remote party right so um so what we really have is code talking to code and when we disclose data we need to ask not who owns that code or who is the host operating that code but we really need to be asking is what do you plan to do with that information and we need to be able to scope uh how we can use or when we disclose data we want to be able to scope how it's used and this is the main thing that's actually going to cause a a big decrease in security cost in the industry