aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Computing
  • Design
  • Engineering

How Google And Intel Make Confidential Computing More Secure

  • aster.cloud
  • April 28, 2023
  • 4 minute read

Confidential Computing has quickly emerged as a critical technology to ensure confidentiality and security of sensitive data while it’s being processed. It performs computation in a hardware isolated environment that is encrypted with keys managed by the processor and unavailable to the operator. These isolated environments help prevent unauthorized access or modification of applications and data while in use, thereby increasing the security assurances for organizations that manage sensitive and regulated data in public cloud infrastructure. 

Raising the bar for Confidential Computing 

Google is committed to ensuring Confidential Computing technology is as secure as possible before releasing products to customers. We therefore evaluate various attack vectors to make certain that Google Cloud Confidential Computing environments are protected against a wide range of adversaries. 


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

While there are no guarantees in computer security, collaborative research efforts can help identify security vulnerabilities that may emerge in these complex environments before malicious actors can exploit them. To this end, it is essential to have strong partnerships between industry leaders to develop and implement the most secure solutions possible. 

Recently, Google and Intel collaborated on a new research project to identify potential security vulnerabilities in Intel’s new Confidential Computing technology, Intel Trust Domain Extensions (Intel TDX). In addition to an expanded feature set, Intel TDX offers full VM compute models without requiring any code changes.    

The primary goal of the security review was to provide assurances that the Intel TDX feature is secure, has no obvious defects, and works as expected so that it can be confidently used by both cloud customers and providers. Any defects or weaknesses discovered during the review were fed back to Intel for remediation. We are now happy to report all issues that we reported have been remediated by Intel.

Read More  How Telus Insights Is Using BigQuery To Deliver On The Potential Of Real-World Big Data

A secondary goal was to have a better understanding of the expected threat model for Intel TDX and identify limitations in the design and implementation that would better inform Google’s deployment decisions.

During the review there was close collaboration between Google and Intel engineers. Questions and issues were handled through a shared issue tracker and regular technical meetings. This allowed Intel to provide deep technical information about the function of the Intel TDX components as well as enabling the reviewers to resolve potential ambiguities in documentation and source code. 

The joint team inspected the firmware looking for issues, including those related to arbitrary code execution, safe error handling and state management, and denial of service. The review covered 81 potential attack vectors, and resulted in 10 confirmed security issues and five defense-in-depth changes over a period of nine months.

Collaboration is key to secure technology

The success of this unprecedented partnership can be seen in a recenKt report released by Google Cloud Security and Google Project Zero that details the findings and mitigations discovered during their collaboration with Intel. The report showcases the importance of collaborative research efforts in identifying and addressing security vulnerabilities in complex environments. It also highlights the benefits of sharing research results with the broader community to promote transparency and improve overall security.

“We want to make it such that people don’t worry about the security and trustworthiness of their data,” said Anil Rao, vice president and general manager of systems architecture and engineering in the Office of the CTO at Intel. “Organizations use confidential computing to control their data and provide access to trusted parties in a manner that is verifiable, revocable and time sensitive — we have an obligation to make sure the technology is secure. Our early effort with Google solidifies our commitment to perform thorough analysis to address all potential vulnerabilities.”

Read More  Snooze Your Alert Policies In Cloud Monitoring

Our partnership and shared goal of transparency is important beyond this one review. Google is supporting Intel to make the TDX firmware source code base both publicly accessible and verifiably buildable. This firmware is part of what confidential computers will rely on and attest as part of their Trusted Computing Base (TCB), and a primary target for our collaborative review. By open sourcing the code, Intel helps Google Cloud’s customers and the industry as a whole to improve our security posture through transparency and openness of security implementations.

Working together with vendors like Intel helps harden Confidential Computing solutions from threats today and into the future, ultimately delivering increased levels of trust for customers. Joint efforts like this between Google and Intel are compelling examples of how collaboration between industry leaders can strengthen the security of critical technologies like Confidential Computing. With the analysis now complete and the vulnerabilities addressed, the Intel and Google security teams agree that the Intel firmware which enables Confidential Computing solutions meets an elevated security bar for customers, as the firmware updates motivated by this review mitigate several bug classes and offer a way to recover from vulnerabilities. 

Secure data in the cloud

The success in improving the security of Confidential Computing platforms is just one example of the benefits of sharing research results and working together on transparent open source code bases to strengthen the security of technologies. We believe Confidential Computing is an industry-wide effort that is critical for securing sensitive workloads in the cloud.

This collaboration is a continuation of the security work we’ve been doing around Confidential Computing. Previously, the Google Cloud Security team, Google Project Zero, and the AMD firmware and product security teams collaborated for several months to conduct a detailed review of the technology and firmware that powers AMD Confidential Computing technology. This review covered both Secure Encrypted Virtualization (SEV) capable CPUs, and the next generation of Secure Nested Paging (SEV-SNP) capable CPUs which protect confidential VMs against the hypervisor itself. 

Read More  Hierarchy and Beyond - Organisational Structures for Any Institution

To read the full security review, download it here. We also invite you to read Intel’s blog and the Project Zero blog. You can learn more about Google Cloud’s Confidential Computing offerings here (https://cloud.google.com/confidential-computing).


Acknowledgments: We thank the many Google security team members who contributed to this ongoing security collaboration and review, including Josh Eads, James Forshaw, Erdem Aktas, Felix Wilhelm, Christian Ludloff, and Arthur Wongtschowski.

We are grateful for the open collaboration with Intel engineers, and wish to thank Arie Aharon, Baruch Chaikin, Boaz Tamir, Dhinesh Manoharan, Dror Caspi, Fahimeh Razaei, Nagaraju Kodalapura, and Truc Nguyen for their commitment to product security. 

By: Cfir Cohen (Staff Software Engineer, Google Cloud) and Andrés Lagar-Cavilla (Principal Engineer Platform Security)
Originally published at: Google Cloud Blog

Source: Cyberpogo


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

aster.cloud

Related Topics
  • Confidential Computing
  • Google Cloud
  • Intel
  • Security
You May Also Like
View Post
  • Engineering

Just make it scale: An Aurora DSQL story

  • May 29, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Reliance on US tech providers is making IT leaders skittish

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Examine the 4 types of edge computing, with examples

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

AI and private cloud: 2 lessons from Dell Tech World 2025

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

TD Synnex named as UK distributor for Cohesity

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Broadcom’s ‘harsh’ VMware contracts are costing customers up to 1,500% more

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Weigh these 6 enterprise advantages of storage as a service

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Pulsant targets partner diversity with new IaaS solution

  • May 23, 2025

Stay Connected!
LATEST
  • 1
    Just make it scale: An Aurora DSQL story
    • May 29, 2025
  • 2
    Reliance on US tech providers is making IT leaders skittish
    • May 28, 2025
  • Examine the 4 types of edge computing, with examples
    • May 28, 2025
  • AI and private cloud: 2 lessons from Dell Tech World 2025
    • May 28, 2025
  • 5
    TD Synnex named as UK distributor for Cohesity
    • May 28, 2025
  • Weigh these 6 enterprise advantages of storage as a service
    • May 28, 2025
  • 7
    Broadcom’s ‘harsh’ VMware contracts are costing customers up to 1,500% more
    • May 28, 2025
  • 8
    Pulsant targets partner diversity with new IaaS solution
    • May 23, 2025
  • 9
    Growing AI workloads are causing hybrid cloud headaches
    • May 23, 2025
  • Gemma 3n 10
    Announcing Gemma 3n preview: powerful, efficient, mobile-first AI
    • May 22, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • Understand how Windows Server 2025 PAYG licensing works
    • May 20, 2025
  • By the numbers: How upskilling fills the IT skills gap
    • May 21, 2025
  • 3
    Cloud adoption isn’t all it’s cut out to be as enterprises report growing dissatisfaction
    • May 15, 2025
  • 4
    Hybrid cloud is complicated – Red Hat’s new AI assistant wants to solve that
    • May 20, 2025
  • 5
    Google is getting serious on cloud sovereignty
    • May 22, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.