AMD Teams With IBM To Improve Secure ‘Confidential Computing’ Cloud Data Processing
AMD and IBM have announced a multi-year partnership today that targets the growing Confidential Computing cloud sector. This sector came into being after concerns from corporate cloud computing users regarding the safety of their data while it is being processed virtually came to light. Chips from AMD's rival, Intel Corporation are already employed in this space, and through the partnership, AMD and IBM plan to develop solutions in overcoming what is believed by many to be the last hurdle in the adoption of cloud computing by companies mindful of their data security.
AMD & IBM Will Develop On Open Source Software and Tools For Confidential Computing As Part of Their Multi-Year Partnership
Data security for cloud computing revolves around three sub-areas, namely when the data is stored, when it is being transferred and when it is being processed. While ensuring security for storage and transfer has seen secure solutions emerge, cloud users have often expressed concerns about when this data is being processed.
This is due to the fact that when processing is taking place, standard security processes such as encryption need to be removed if the processor is to access the data. This results in information that is present in a processor's memory being vulnerable for malicious access since all that a potential attacker has to do is write code that makes the memory transfer its contents for open picking.
AMD and IBM's partnership intends to precisely target this drawback, which as a whole is dubbed as Confidential Computing. As per today's announcement, they will focus on open-source software, standards and architecture as part of their partnership and also target HPC accelerators, encryption and virtualization. Confidential Computing aims to solve the problem of data security during processing by implementing hardware-based Trusted Execution Environments (TEEs) that cannot be accessed by the operating system and are encrypted. This encrypts the data while it is in a processor's memory, with the TEE allowed to only give access to an authorized application code with the encryption keys.
Intel also targets this market through Software Guard Extensions (SGX) and intends to expand its Xeon processor lineup's security through secure enclaves and memory encryption later this year. Flaws such as Meltdown and Spectre for the company's products capitalized on gaining unauthorized access to a processor's memory registers, and Intel promises to bring SGX extensions to its full lineup of data center processors in addition to the Xeon-E chips on which they are currently available.
AMD's Epyc processors feature Secure Encrypted Virtualization (SEV) and a secure processor within the system-on-chip (SoC) to generate encrypted keys for data protection. The chip designer scored a big win in the Confidential COmputing space earlier this year when Google announced that it would use AMD's second-generation Epyc processors for its new Confidential Virtual Machines. AMD's SEV on the chips is capable of supporting 509 encryption keys as it works with the Arm-based secure co-processor within.
Since the keys are generated by this co-processor, no party involved in the virtual computing processor is capable of viewing them. Additionally, when using AMD chips, corporations do not have to tweak their workloads to work with SEV - which is a major point when it comes to cost savings and consumer choice.
Cryptographic isolation in Sony Corporation's Play Station 4 and Microsoft's Xbox One led to the development of SEV for Epyc chips. This isolation is the primary reason users are unable to play pirated games on the console – a phenomenon that plagued their predecessors, especially the second-generation Play Station 2.