What is safe computing?
The Secure Computing Alliance under the Linux Foundation defines secure computing:
Confidential Computing protects data in use by performing computation in a hardware-based Trusted Execution Environment.
Confidential Computing Consortium
The following points are emphasized in this definition:
1. The security calculation protects the data security during the calculation process;
2. Secure computing requires hardware capabilities.
Here is an explanation of these two points:
In the cloud computing scenario, we can simplify cloud computing into three parts: data transmission, data calculation and data storage.
The completeness of the three-part security solution is different. In the data transmission link, the industry has very complete security standards and implementations such as SSL and TLS. In the data storage link, cryptography also provides a very good solution. We can encrypt the data in an appropriate way and save it later to prevent leakage in the storage link. In the data calculation link, there is no complete solution as the other two links. The goal of safe computing is to solve this problem.
How is secure computing achieved?
Let's take Intel's SGX technology as an example to look at the specific technical solutions.
Intel's SGX technology is to use the CPU as a trusted starting point for computing, and to build a secure computing environment (enclave) in applications. From the day the computer was invented, we assumed that the CPU would execute correctly according to the instructions of the software, but we didn't emphasize this point. With the great development of software today, all kinds of software work together on one piece of hardware, the entire ecosystem is becoming more and more complex, and malicious software has also appeared. In order to prevent the destruction of malicious software, the CPU isolates an independent enclave environment for the applications that need to be protected. Applications outside the enclave can neither observe nor modify the code and data in the enclave, thereby ensuring data security in the enclave. The protection of the enclave by the CPU is very strong, and even a highly privileged operating system and virtualization management software cannot break through this protection. In fact, not only can prevent software attacks, even peripheral hardware providers (such as motherboard manufacturers, memory providers) cannot break through this protection.
Intel SGX is currently the most mature secure computing product, but it is not the only secure computing product. Other hardware manufacturers such as AMD, ARM, and Nvidia are launching secure computing products. All of these products are integrated software and hardware solutions, summed up with the following characteristics:
After understanding the concept of secure computing, some typical scenarios of secure computing are introduced:
With a secure computing environment, users can safely put applications in a shared cloud computing environment, and the data used in the calculations and the results of the calculations can be encrypted for transmission. This can unify the infrastructure architecture and avoid complex hybrid cloud deployments.
Data transactions and data services on the cloud have also become possible. The data owner and algorithm provider can respectively provide data and algorithms to the secure computing platform to complete the calculation without worrying about the leakage of secrets.
Secure computing can also facilitate more data cooperation. Data from all parties can be fused in a secure environment, allowing the data to generate greater value.
In edge computing scenarios, computing nodes are deployed in a very complex environment, and the machines are not controlled. Secure computing can effectively protect user data and privacy.
With so many application scenarios of secure computing, why haven't we seen large-scale deployment? This is because secure computing currently has a very big shortcoming: the ease of use is not strong. The specific performance is 3 points:
application segmentation is difficult: is very difficult to transform an existing application into a secure computing application. Need to do code splitting.
scenario deployment is difficult: secure computing is to rely on hardware. In actual deployment, the application scheduling system needs to be modified.
security analysis is difficult: an application that uses secure computing to be safe? The answer is uncertain. This requires a very detailed security analysis of the entire application.
In response to these problems, engineers from Ant Group and Alibaba Group put forward unique solutions.
The first is to solve the problem of application segmentation.
The open source Occlum project of Ant Group has developed a LibOS adaptation layer in the enclave, allowing applications under Linux to run in the SGX environment without modification, completely solving the problem of application segmentation. Occlum is developed using Rust language to ensure memory security; it supports multi-process and encrypted file system, and the application does not need to be modified.
For example, applications developed based on the financial-grade cloud native framework SOFABoot of Ant Group can run in the Occlum environment without modification.
👇Website link🔗:
https://github.com/occlum/occlum/tree/master/demos/sofaboot
In response to the difficulty of deployment, Alibaba Cloud launched the Inclavare open source project.
Inclavare is based on Occlum and provides users with a secure computing container. The user only needs to focus on the application itself, and Inclavare will schedule the calculation to the appropriate computing node.
Aiming at the difficulty of security analysis, Ant Group's MORSE multi-party secure computing engine and MYTF blockchain computing platform provide solutions for different computing scenarios. Users no longer need to bear the high cost of security analysis.
Ant Group continues to invest in the field of secure computing, using the power of technology to protect data security, protect user privacy, and provide users with more secure services. Ant Group open sourced TEE security LibOS Occlum.
Users can find all the implementation codes https://github.com/occlum/occlum Users can review Occlum's source code to ensure the safety of the overall solution; they can also refer to existing demos to learn how to use Occlum and quickly get started with safe calculations.
Recommended reading this week
- ant cloud native application runtime exploration and practice-ArchSummit Shanghai
- takes you into cloud native technology: exploration and practice of cloud native open operation and maintenance system
- stability is greatly improved: SOFARegistry v6 new features introduction
- Financial-level capabilities become core competitiveness, service grid drives enterprise innovation
For more articles, please scan the QR code to follow the "Financial Grade Distributed Architecture" public account
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。