With so much emphasis on secure computation we thought it might be useful to take a look at the state of SGX availability across some popular providers. In case you’re not familiar with SGX this primer will be helpful, but in short it is a set of data security related instructions built into some modern Intel CPUs.
Tozny has been analyzing cloud security options for secure computation with our end-to-end encryption toolkits. Since we learned a few things about SGX, we figured we’d share!
What is SGX?
SGX is a “hardware enclave” where code can run in a way that’s secured from other processes, even root-level processes. An enclave is a protected environment that can run your secure computations. SGX in particular provides two key properties – isolation and attestation. Isolation enables your computation to run isolated from untrusted software outside of the enclave. Attestation lets a remote party authenticate the code you’re currently running.
Attestation is extremely useful because that remote party could require a specific app or a specific computation to run on the CPU, and therefore cryptographically trust the output of that computation, even though they don’t control the hardware. This makes SGX exciting for use in the cloud since it could, in theory, give data owners cryptographic control over their data and computations even though they don’t control their hardware.
But are cloud providers offering access to SGX for secure computation? Our analysis indicates that Microsoft currently provides SGX extensions in their cloud platform, and IBM has their Data Shield product portfolio which includes access to SGX hardware. Google and AWS do not. Lesser-known (at least in the US) Alibaba Cloud and packet.net do provide bare-metal access. A number of SDKs from various vendors are available. Read on for specific links:
- Microsoft: Azure Confidential Computing seems to be in early access; they also have an Open Enclave SDK and a VM deployment container.
- Google: Google has Asylo, an open source framework for TEE/SGX, but don’t seem to provide the actual compute resources as part of GCP. Recently, on a forum post, Google said GCP does not yet have a hardware-enforced enclave backend that is available to users.
- IBM: IBM Cloud announced an early access program in late 2017 that provided SGX hardware. Today IBM claims to have SGX in general availability. They also claim “you can provision SGX capable bare metal servers on IBM Cloud today (Model: Intel Xeon E3-1270-v6). You can start building your applications using the Intel SDKs for C/C++ or Fortanix RUST SDK.” For more information check out IBM Datashield.
- AWS: There’s no evidence that Amazon has run a pilot program or will offer support for SGX. Some of their servers have SGX-enabled hardware, but it’s disabled in the bios. Although it would be a safe bet that Amazon is internally testing SGX capable offerings, nothing has come to public release yet.
- Others: Two providers that aren’t as big in the US or Europe are Alibaba Cloud and packet.net, both of which provide bare-metal hardware that has SGX support. These appear to be dedicated services, perhaps to avoid potential virtualization isolation problems.
SGX Software Development Kits
To write code that utilizes SGX, you have to know a lot about cryptography, cybersecurity, and the hardware architecture of the system. Furthermore, you have to be able to write pretty low-level code in C to accomplish your secure computation goals. In order to make it easier to use SGX, software development kits are available from various vendors. Although vendors don’t necessarily provide servers to run the code, you can run it on your own hardware. There are many systems that come with SGX if you do pursue obtaining and managing the hardware yourself.
The following provides links to several vendors providing open-source frameworks and SDKs for developing code to run in enclaves (trusted execution environments).
- Note that this Intel SDK is for non commercial use; contact Intel about commercial use.
- SCONE uses SGX and Docker to run secure computations.
- Graphene lets you run relatively arbitrary code in an enclave, although you may give up many information security properties of the enclave if you use it with complex code bases.
Unfortunately, previous versions of SGX have had vulnerabilities that leak key material. These vulnerabilities have been fixed, though the fact they were uncovered does raise the concern that future vulnerabilities may be shown to undermine the security properties of the system.
In summary, hardware enclaves for secure computation are an emerging technology in the cloud compute space with minimal offerings from the big players. If you’re looking to leverage SGX in your next application you may need to rely on a combination of SDKs and ‘creative’ resourcing of servers to meet your data privacy needs.
Tozny’s end-to-end encryption platform doesn’t use SGX at this time, but we’re keeping an eye on it. More of our customers are expressing interest in support for some level of secure computation on encrypted data.
What do you think about SGX? Do you know of SGX services or SDKs that should be added to this list above?
Do you see a need for an SGX software development kit for end-to-end encryption as one of Tozny’s offerings? Drop us a note at firstname.lastname@example.org and let us know!