Internet-Draft | teep usecase for confidential computing | August 2022 |
Yang, et al. | Expires 4 February 2023 | [Page] |
Confidential computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment. Confidential computing could provide integrity and confidentiality for users who want to run application and process data in that environment. When confidential computing is used in network like MEC and CAN which provide computing resource to network users, TEEP protocol could be used to provision network user's data and application in TEE environment in confidential computing resource. This document focuses on using TEEP to provision network user's data and application in confidential computing in such network. This document is a use case and extension of TEEP and could provide guidance for MEC, CAN and other scenarios to use confidential computing.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 4 February 2023.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Confidential Computing Consortium defined the concept of confidential computing as the protection of data in use by performing computation in a hardware-based Trusted Execution Environment" [CCC-White-Paper]. In detail, CPU with confidential computing feature could generate an isolated hardware-protected area, in which data and applications will be protected from illegal access or tampering.¶
In the scenario of confidential computing in network, network users will attest the TEE in confidential computing and provision private data and applications to that TEE by network. This network could be a MEC[MEC], CAN or other network that provide computing resource to users.¶
TEEP architecture [I-D.ietf-teep-architecture] defined the design and standardization of a protocol for managing the lifecycle of trusted applications running inside a TEE. In confidential computing, this TEE can also be provisioned and managed by TEEP protocol.¶
This document illustrates how a network user uses the TEEP protocol to provision its private data in confidential computing resource. The intended audiences for this use case are network users and operators who are interested in using confidential computing in network.¶
TA: Trusted Application¶
UA: Untrusted Application¶
PD: Personalization Data¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].¶
As shown in figure 1 is the architecture of using confidential computing in network. Two new components Network User and Network M/OC are introduced in this document. Interactions of all components in this scenario are described in the following paragraphs.¶
The connection between network user and M/OC depends on the implementation of specific network. The connection between network user and UA (Untrusted Application) or TA depends on the implementation of application. The connection between TAM, TEEP Broker and TEEP Agent refers to the TEEP protocol [I-D.ietf-teep-protocol].¶
The basic process of how a network user uses confidential computing is shown below. In confidential computing, the bundle of an UA, TA, and PD (Personalization Data) refers to case 1,2,3,4 of TEEP architecture section 4.4. Case 5 and 6 are new cases that possible in implementation. At present, the main instances types exist in industry of confidential computing are confidential process,confidential container and confidential VM.¶
This use case refers to the case 1 of TEEP architecture. If the network user provides this package, the process of TEEP is as follow. Whenever PD is involved in a package, this package must be encrypted, similarly hereinafter.¶
As for inform network users to develop their applications, the mapping of UA, TA and implementations are shown in figure 2. This document gathers the main hardware architectures that support confidential computing, which include TrustZone, SGX, SEV, CCA and TDX.¶
The brace means the operation steps to deploy packages. The arrow means deploy package to a destination.¶
This usecase refers to the case 2 and case 3 of TEEP architecture. The PD is a separate package, the UA and TA could be separated or integrated as a package. If the network user provides packages like this, the process of TEEP is as follow.¶
The mapping of UA, TA and implementations are shown in figure 3.¶
In this case, the process of TEEP is as follow.¶
In this case, network user provides TA and PD as a package with no UA attached. The process of TEEP in this case is as follow.¶
In this case, network user provides TA and PD as separate packages with no UA attached. The process of TEEP in this case is as follow.¶
The original design of TEEP only includes TEEP Agent and TA inside TEE. While in confidential computing implementation, other submodules may also be involved in the TEE. In TEEP, these submodules could be covered by TEEP Agent.¶
In SGX based confidential computing, submodule could provide convenient environment or API in which TA does not have to modify its source code to fit into SGX instructions. Submodules like Gramine and Occlum .etc are examples that could be included in TEEP agent. If there is no submodule in TEEP agent, the TA and UA need to be customized applications which fit into the SGX architecture.¶
In SEV and other architectures that support whole guest VM as a TEE, TEEP agent doesn't have to use extra submodule to work as a middleware or API. However with some submodules like Enarx which works as a runtime JIT compiler, TA could be deployed in a hardware independent way. In this scenario, TA could be deployed in different hardware architecture without re-compiling.¶