Internet DRAFT - draft-yang-teep-ccican
draft-yang-teep-ccican
Internet Engineering Task Force P. Yang
Internet-Draft M. Chen
Intended status: Informational L. Su
Expires: 3 September 2022 China Mobile
March 2022
architecture of confidential computing in computing aware network
draft-yang-teep-ccican-00
Abstract
Confidential Computing is the protection of data in use by performing
computation in a hardware-based Trusted Execution Environment.
Especially in virtualization environments, confidential computing
could protect data and applications from access or tampering by
hypervisor or other privileged users. In Computing-Aware network,
computing resource is an essential element to provide computing
services for network users' applications. Introducing confidential
computing in Computing-Aware network could mitigate the distrust of
computing resource efficiently. This document provides the
architecture of confidential computing in Computing-Aware network
management plane to provide confidentiality and integrity for
applications.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 2 September 2022.
Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved.
Yang, et al. Expires 3 September 2022 [Page 1]
�
Internet-Draft ccican March 2022
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Motivation and Scope . . . . . . . . . . . . . . . . . . . . 3
2.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . 3
2.2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. General Architecture of Confidential Computing in
Computing-Aware Network . . . . . . . . . . . . . . . . . 4
4. Environment Provisioning . . . . . . . . . . . . . . . . . . 6
5. Remote Attestation . . . . . . . . . . . . . . . . . . . . . 7
6. Use Case . . . . . . . . . . . . . . . . . . . . . . . . . . 8
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
10.1. Normative References . . . . . . . . . . . . . . . . . . 9
10.2. Informative References . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction
The Confidential Computing Consortium defined the concept of
confidential computing as "Confidential Computing is the protection
of data in use by performing computation in a hardware-based Trusted
Execution Environment"[CCC-White-Paper]. In detail, CPU with
confidential computing feature could generate an isolated hardware-
protected area, in which processing data or running code will be
protected from any illegal access or tampering. In cloud computing
scenario, CPU with confidential computing feature could be used to
protect users' applications and data from access or tampered by
hypervisor, privileged users or other attackers in the cloud
platform. In hardware industry, Intel, AMD, ARM and other chip
venders have already released their confidential computing CPU
series.
In Computing-Aware network, cloud-based computing resource prepared
for applications is from different places like edge or data center.
If the edge or data center is outsourced or even distributed in
Yang, et al. Expires 3 September 2022 [Page 2]
�
Internet-Draft ccican March 2022
different security domains, not only the network administrator but
also the application owner cannot trust the computing environment.
The potential leakage of secret data or intellectual property will
restrict the range of applications. With the protection of
confidential computing, users could trust the computing environment
and make sure their sensitive data and intellectual property will not
be leaked.
This document introduces confidential computing to Computing-Aware
network and illustrates the general architecture in network
management plane. Computing-Aware network designers and users could
use this document as a information reference to enhance their
security.
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
CC: Confidential Computing
CCR: Confidential Computing Resource
TEE: Trust Execution Environment
CCM: Confidential Computing Management
CCI: Confidential Computing Instance
TEEP: Trust Execution Environment Provisioning
TAM: Trusted Application Management
2. Motivation and Scope
2.1. Motivation
In Computing-Aware network, there is a suspicion about how to protect
users' application and data efficiently. Computing resource in
Computing-Aware network is more decentralized and ambiguous than
regular cloud computing. The network may distribute users'
applications in different computing platforms maintained by different
administrators. If the computing platform is malicious, secret data
and application intellectual property could be easily stolen or
tampered. Confidential computing provides a new security model in
where network users only need to trust the confidential computing
hardware, firmware and the applications provided by users themselves,
Yang, et al. Expires 3 September 2022 [Page 3]
�
Internet-Draft ccican March 2022
any other hypervisor or software in computing platform do not have to
be trusted.
2.2. Scope
This document mainly focuses on the unique features of confidential
computing in network management plane. Other network planes like
control/forwarding/data which have no direct interaction with
confidential computing features will be ignored.
3. General Architecture of Confidential Computing in Computing-Aware
Network
Targeting
+--> Environment
| +-------------+ +----------+
| | Application | +->| APP Owner|<--+
| +-------------+ | +----------+ |
| | Middleware |<-+ |
| +-------------+ |
| | TEEP Agent |<-----+ |
| +-------------+ | |
| | |
| +--------------------+------+ |
| | Hypervisor TEEP Broker |<--+ |
| +---------------------------+ | |
| | CPU/Firmware Attesting | | |
| | Environment| | |
| +---------------------+-----+ | |
| | | |
+------------------------+ | |
| |
+--------------------+--+-+
| TAM & Middleware Repo |
| M/OC |
+-------------------------+
Figure 1: Architecture of Confidential Computing in Computing-
Aware Network
Figure 1 shows the basic architecture of confidential computing in
Computing-Aware Network. This architecture refers to RATs
[I-D.ietf-rats-architecture] arch and
TEEP[I-D.ietf-teep-architecture] arch for remote attestation and
trust execution environment provisioning. Confidential computing
needs the support of CPU, in which MUST have the function of
generating isolated execution environment and attesting environment.
The layer of Hypervisor is for virtualization.
Yang, et al. Expires 3 September 2022 [Page 4]
�
Internet-Draft ccican March 2022
(1) Targeting Environment
Targeting Environment is the computing environment e.g. virtual
machine, process that could provide confidentiality and integrity for
applications. When used for remote attestation, the Targeting
Environment will be attested by application owner. Targeting
environment includes Application, Middleware, and TEEP Agent.
(2) Application
Application which runs in Computing-Aware network.
(3) Middleware
Middleware in CC has two functions: enable remote attestation and
environment provisioning; provide a user-friendly environment. Some
confidential computing CPU like SGX needs to use middleware to
provide a environment in where applications don't have to change
their source code, e.g. Enarx [Enarx] and Occlum [Occlum].
(4) TEEP Agent
TEEP Agent is a module for provisioning middleware and application in
Targeting Environment.
(5) TEEP Broker
TEEP Broker is only for communication between TEEP Agent and TAM, it
doesn't have to know any confidential information.
(6) Attesting Environment
Attesting Environment is hardware based component, like Intel Quote
SGX, AMD SEV-SP, etc. This component is a part of TCB, and is used
to collect targeting environment evidence for remote attestation.
(7) M/OC
M/OC is the manage and orchestration console of Computing-Aware
Network.
(8) TAM
Trust Application Management, this entity is for provisioning of
application and relevant middleware.
(9) Middleware Repository
Yang, et al. Expires 3 September 2022 [Page 5]
�
Internet-Draft ccican March 2022
This repository keeps a variety of middleware packages, which is for
TAM to access based on Application type and confidential computing
hardware type.
4. Environment Provisioning
When deploying applications in Computing-Aware network, TAM will
choose confidential computing environment and relevant Middleware to
fit their applications. Meanwhile, Computing-Aware Network needs to
provide the secure procedure of provisioning middleware and
applications. This document uses TEEP as reference to provision
Middleware and applications in Computing-Aware network.
Targeting
Environment
+-------------+ +----------+
| Application | | App Owner|<--+
+-------------+ +----------+ |
| Middleware | |
+-------------+ |
| TEEP Agent |<-----+ |
+-------------+ |3 |
| |
+--------------------+------+ |1
| Hypervisor TEEP Broker |<--+ |
+---------------------------+ | |
| CPU/Firmware Attesting | | |
| Environment| |2 |
+---------------------+-----+ | |
| |
| |
| |
+--------------------+--+-+
| TAM & Middleware Repo |
| M/OC |
+-------------------------+
Figure 2: Application and Middleware Provisioning in Computing-
Aware Network
The Provisioning steps in Computing-Aware Network are illustrated
below.
(1) First, Application owner requests for confidential computing
resource in Computing-Aware Network. Second, based on the
request and confidential computing resource type, TAM will chose
appropriate middleware.
Yang, et al. Expires 3 September 2022 [Page 6]
�
Internet-Draft ccican March 2022
(2) TAM establishes connections with TEEP Broker to transfer
provisioning information.
(3) TEEP Broker triggers the confidential computing platform to
create Targeting Environment with TEEP Agent. Then TEEP Broker
establishes connections with TEEP agent. TEEP agent receives
the provisioning information and unpacks it as Middleware.
Need to clarify that at this stage the Middleware dosen't contain any
secret information. The secret information of application should be
provisioned after remote attestation. The specific mechanism of
building targeting environment is based on specific CPU and is out of
scope of this document.
5. Remote Attestation
In Computing-Aware Network, remote attestation is used for
application owner to appraise if the Targeting Environment is
trusted. Only after remote attestation, application owner could
trust the confidential computing environment and deploy secret
information. The general architecture of remote attestation in
Computing-Aware Network is shown below.
Targeting
+--> Environment
| +-------------+ 1/4 +----------+
| | Application | +->| APP Owner|<--+
| +-------------+ | +----------+ |
| | Middleware |<-+ |
| +-------------+ |
| | TEEP Agent | |
| +-------------+ |
|2 |3
| +--------------------+------+ |
| | Hypervisor TEEP Broker |<--+ |
| +---------------------------+ | |
| | CPU/Firmware Attesting | | |
| | Environment| | |
| +---------------------+-----+ | |
| | | |
+------------------------+ | |
| |
+--------------------+--+-+
| TAM & Middleware Repo |
| M/OC |
+-------------------------+
Figure 3: Remote Attestation in Computing-Aware Network
Yang, et al. Expires 3 September 2022 [Page 7]
�
Internet-Draft ccican March 2022
The remote attestation steps in Computing-Aware Network are shown
below. After appraising the remote attestation evidence, the
application owner could deploy secret data in Targeting Environment.
(1) Application owner establishes secure connection with middleware
and launches remote attestation request with certain parameters
like nonce.
(2) Targeting Environment launches evidence collection by
Middleware. Middleware sends request to Attesting Environment
for remote attestation evidence. After generating evidence by
Attesting Environment, the evidence will be sent back to
Middleware.
(3) The Application Owner requests for TEEP agent and middleware
source code to generate reference value and appraise the remote
attestation evidence.
(4) The Targeting Environment sends the evidence to Application
Owner. After appraising, Application Owner sends its
application and private data to Targeting Environment.
6. Use Case
Confidential computing provides confidentiality and integrity of data
and applications in the running stage. This document depicts the
abstract architecture of confidential computing from the perspective
of Computing-Aware Network. The following are some use cases of
confidential computing in Computing-Aware Network.
VR/AR Application: Users wants to use Computing-Aware Network to host
VR communication and interaction with other user. They don't want
their conversation to be awared by the network. And it is hard to
encrypt all the VR context because of unacceptable cost. So, the
users choose confidential computing to protect their privacy. After
the remote attestation of computing environment, the users could
transfer and process private information in Computing-Aware Network.
Medical Imaging Aalysis: A medical institute wants to use Computing-
Aware Network to share and process medical images in different
branches. One primary concern is that they don't want the patients'
medical images to be leaked. So they choose confidential computing
to process these images.
Yang, et al. Expires 3 September 2022 [Page 8]
�
Internet-Draft ccican March 2022
7. Security Considerations
The root of trust of confidential computing is the CPU hardware.
Application Owner could use the certificate or signature in remote
attestation information to verify the identity of CPU. The
connections between Application Owner and their applications are
protected by security protocols like TLS.
8. Acknowledgements
The author would like to thank Eric Voit, Mike Bursul and Dave Thaler
in CCC group who have provided valuable supports and suggestions.
9. IANA Considerations
This memo includes no request to IANA.
10. References
10.1. Normative References
[I-D.ietf-rats-architecture]
Birkholz, H., Thaler, D., Richardson, M., Smith, N., and
W. Pan, "Remote Attestation Procedures Architecture", Work
in Progress, Internet-Draft, draft-ietf-rats-architecture-
15, 8 February 2022, <https://www.ietf.org/archive/id/
draft-ietf-rats-architecture-15.txt>.
[I-D.ietf-teep-architecture]
Pei, M., Tschofenig, H., Thaler, D., and D. Wheeler,
"Trusted Execution Environment Provisioning (TEEP)
Architecture", Work in Progress, Internet-Draft, draft-
ietf-teep-architecture-16, 28 February 2022,
<https://www.ietf.org/archive/id/draft-ietf-teep-
architecture-16.txt>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
10.2. Informative References
Yang, et al. Expires 3 September 2022 [Page 9]
�
Internet-Draft ccican March 2022
[CCC-White-Paper]
Confidential Computing Consortium, "Confidential
Computing: Hardware-Based Trusted Execution for
Applications and Data", 2021,
<https://confidentialcomputing.io/wp-
content/uploads/sites/85/2021/03/
confidentialcomputing_outreach_whitepaper-8-5x11-1.pdf>.
[Enarx] Profian, Inc., "Enarx", 2022,
<https://enarx.dev/docs/Technical/Introduction>.
[Occlum] Occlum, "Occlum", 2022, <https://occlum.io/>.
Authors' Addresses
Penglin Yang
China Mobile
Email: yangpenglin@chinamobile.com
Meiling Chen
China Mobile
Email: chenmeiling@chinamobile.com
Li Su
China Mobile
Email: suli@chinamobile.com
Yang, et al. Expires 3 September 2022 [Page 10]
