| Internet-Draft | ccican | March 2022 |
| Yang, et al. | Expires 3 September 2022 | [Page] |
Confidential Computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment. Especially in virtualization environments, confidential computing could protect data and applications from access or tampering by hypervisor or other privileged users. In Computing-Aware network, computing resource is an essential element to provide computing services for network users' applications. Introducing confidential computing in Computing-Aware network could mitigate the distrust of computing resource efficiently. This document provides the architecture of confidential computing in Computing-Aware network management plane to provide confidentiality and integrity for applications.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 2 September 2022.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Confidential Computing Consortium defined the concept of confidential computing as "Confidential Computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment"[CCC-White-Paper]. In detail, CPU with confidential computing feature could generate an isolated hardware-protected area, in which processing data or running code will be protected from any illegal access or tampering. In cloud computing scenario, CPU with confidential computing feature could be used to protect users' applications and data from access or tampered by hypervisor, privileged users or other attackers in the cloud platform. In hardware industry, Intel, AMD, ARM and other chip venders have already released their confidential computing CPU series.¶
In Computing-Aware network, cloud-based computing resource prepared for applications is from different places like edge or data center. If the edge or data center is outsourced or even distributed in different security domains, not only the network administrator but also the application owner cannot trust the computing environment. The potential leakage of secret data or intellectual property will restrict the range of applications. With the protection of confidential computing, users could trust the computing environment and make sure their sensitive data and intellectual property will not be leaked.¶
This document introduces confidential computing to Computing-Aware network and illustrates the general architecture in network management plane. Computing-Aware network designers and users could use this document as a information reference to enhance their security.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].¶
CC: Confidential Computing¶
CCR: Confidential Computing Resource¶
TEE: Trust Execution Environment¶
CCM: Confidential Computing Management¶
CCI: Confidential Computing Instance¶
TEEP: Trust Execution Environment Provisioning¶
TAM: Trusted Application Management¶
In Computing-Aware network, there is a suspicion about how to protect users' application and data efficiently. Computing resource in Computing-Aware network is more decentralized and ambiguous than regular cloud computing. The network may distribute users' applications in different computing platforms maintained by different administrators. If the computing platform is malicious, secret data and application intellectual property could be easily stolen or tampered. Confidential computing provides a new security model in where network users only need to trust the confidential computing hardware, firmware and the applications provided by users themselves, any other hypervisor or software in computing platform do not have to be trusted.¶
Targeting
+--> Environment
| +-------------+ +----------+
| | Application | +->| APP Owner|<--+
| +-------------+ | +----------+ |
| | Middleware |<-+ |
| +-------------+ |
| | TEEP Agent |<-----+ |
| +-------------+ | |
| | |
| +--------------------+------+ |
| | Hypervisor TEEP Broker |<--+ |
| +---------------------------+ | |
| | CPU/Firmware Attesting | | |
| | Environment| | |
| +---------------------+-----+ | |
| | | |
+------------------------+ | |
| |
+--------------------+--+-+
| TAM & Middleware Repo |
| M/OC |
+-------------------------+
Figure 1 shows the basic architecture of confidential computing in Computing-Aware Network. This architecture refers to RATs [I-D.ietf-rats-architecture] arch and TEEP[I-D.ietf-teep-architecture] arch for remote attestation and trust execution environment provisioning. Confidential computing needs the support of CPU, in which MUST have the function of generating isolated execution environment and attesting environment. The layer of Hypervisor is for virtualization.¶
Targeting Environment is the computing environment e.g. virtual machine, process that could provide confidentiality and integrity for applications. When used for remote attestation, the Targeting Environment will be attested by application owner. Targeting environment includes Application, Middleware, and TEEP Agent.¶
Application which runs in Computing-Aware network.¶
Middleware in CC has two functions: enable remote attestation and environment provisioning; provide a user-friendly environment. Some confidential computing CPU like SGX needs to use middleware to provide a environment in where applications don't have to change their source code, e.g. Enarx [Enarx] and Occlum [Occlum].¶
TEEP Agent is a module for provisioning middleware and application in Targeting Environment.¶
TEEP Broker is only for communication between TEEP Agent and TAM, it doesn't have to know any confidential information.¶
Attesting Environment is hardware based component, like Intel Quote SGX, AMD SEV-SP, etc. This component is a part of TCB, and is used to collect targeting environment evidence for remote attestation.¶
M/OC is the manage and orchestration console of Computing-Aware Network.¶
Trust Application Management, this entity is for provisioning of application and relevant middleware.¶
This repository keeps a variety of middleware packages, which is for TAM to access based on Application type and confidential computing hardware type.¶
When deploying applications in Computing-Aware network, TAM will choose confidential computing environment and relevant Middleware to fit their applications. Meanwhile, Computing-Aware Network needs to provide the secure procedure of provisioning middleware and applications. This document uses TEEP as reference to provision Middleware and applications in Computing-Aware network.¶
Targeting
Environment
+-------------+ +----------+
| Application | | App Owner|<--+
+-------------+ +----------+ |
| Middleware | |
+-------------+ |
| TEEP Agent |<-----+ |
+-------------+ |3 |
| |
+--------------------+------+ |1
| Hypervisor TEEP Broker |<--+ |
+---------------------------+ | |
| CPU/Firmware Attesting | | |
| Environment| |2 |
+---------------------+-----+ | |
| |
| |
| |
+--------------------+--+-+
| TAM & Middleware Repo |
| M/OC |
+-------------------------+
The Provisioning steps in Computing-Aware Network are illustrated below.¶
Need to clarify that at this stage the Middleware dosen't contain any secret information. The secret information of application should be provisioned after remote attestation. The specific mechanism of building targeting environment is based on specific CPU and is out of scope of this document.¶
In Computing-Aware Network, remote attestation is used for application owner to appraise if the Targeting Environment is trusted. Only after remote attestation, application owner could trust the confidential computing environment and deploy secret information. The general architecture of remote attestation in Computing-Aware Network is shown below.¶
Targeting
+--> Environment
| +-------------+ 1/4 +----------+
| | Application | +->| APP Owner|<--+
| +-------------+ | +----------+ |
| | Middleware |<-+ |
| +-------------+ |
| | TEEP Agent | |
| +-------------+ |
|2 |3
| +--------------------+------+ |
| | Hypervisor TEEP Broker |<--+ |
| +---------------------------+ | |
| | CPU/Firmware Attesting | | |
| | Environment| | |
| +---------------------+-----+ | |
| | | |
+------------------------+ | |
| |
+--------------------+--+-+
| TAM & Middleware Repo |
| M/OC |
+-------------------------+
The remote attestation steps in Computing-Aware Network are shown below. After appraising the remote attestation evidence, the application owner could deploy secret data in Targeting Environment.¶
Confidential computing provides confidentiality and integrity of data and applications in the running stage. This document depicts the abstract architecture of confidential computing from the perspective of Computing-Aware Network. The following are some use cases of confidential computing in Computing-Aware Network.¶
VR/AR Application: Users wants to use Computing-Aware Network to host VR communication and interaction with other user. They don't want their conversation to be awared by the network. And it is hard to encrypt all the VR context because of unacceptable cost. So, the users choose confidential computing to protect their privacy. After the remote attestation of computing environment, the users could transfer and process private information in Computing-Aware Network.¶
Medical Imaging Aalysis: A medical institute wants to use Computing-Aware Network to share and process medical images in different branches. One primary concern is that they don't want the patients' medical images to be leaked. So they choose confidential computing to process these images.¶
The root of trust of confidential computing is the CPU hardware. Application Owner could use the certificate or signature in remote attestation information to verify the identity of CPU. The connections between Application Owner and their applications are protected by security protocols like TLS.¶
The author would like to thank Eric Voit, Mike Bursul and Dave Thaler in CCC group who have provided valuable supports and suggestions.¶
This memo includes no request to IANA.¶