Confidential Computing offers an additional security layer to protect business logic and preserve the privacy and integrity of data while it's being processed.
Disk encryption is a technique to keep data private while at rest, for example, when it's stored on a backup storage device.
Network protocols which encrypt data are commonly used to protect data while being transferred between remote machines, preventing attackers snooping on network connections or internet routers from accessing or tampering with it.
However, once data arrives at its destination and is decrypted to be processed, it can be observed and even tampered with. High privileged users, people with physical access to the servers or attackers who manage to gain equivalent access can see, copy or modify data and even tamper with the results of the computations being performed.
Confidential Computing brings new ways to protect data while in use. Data and computations can be protected using hardware-based Trusted Execution Environments, relying on the traditional techniques for protecting it at rest and in transit, as well as introducing new techniques to deal with potential attacks from the elements that were implicitly trusted before, but no longer need to be.
With traditional computing the entire software stack, such as eventual services from Cloud providers, BIOS and firmware, the host operating system and/or hypervisor and guest operating system, to the actual application doing the business logic and all the libraries it depends on, need to be trusted.
Fig. 1 - Comparison of trust boundaries between traditional computing and several confidential computing isolation scopes.
Confidential Computing introduces different scopes of isolation in order to reduce the number of layers which can access private data.
With Virtual Machine isolation, only the guest operating system, application and libraries have access to private data. The virtual machine runs on the TEE preventing access from the hypervisor or host operating system. An attacker compromising the host operating system won't have access to private data, but one who compromises the guest operating system and escalates privileges will.
Application isolation reduces the trust boundary further so the operating system doesn't have access to the private data. Only the application and its dependencies are running on the TEE and therefore an attacker would need to compromise the application logic to gain access to private data.
Library isolation reduces the trust boundary even further by running only the libraries processing private data on the TEE. The part of the application that doesn't process the private data doesn't need to be trusted, but may remain responsible for other tasks such as forwarding messages in and out of the TEE.
Confidential Computing is a huge paradigm shift. When using attestable TEEs it gives the data owners proof of how their data is going to be used before they submit it and guarantees the integrity of the computations' results.