The world’s top cloud service providers are innovating on top of Intel® architecture to create new and differentiated services, such as blockchain and Internet of Things. As these emerging applications increasingly distribute application execution and data to multiple compute nodes across geographies, it is essential that they take security into design consideration as an integral component to help protect code, data, and algorithm in a scalable fashion. These considerations have motivated Alibaba Cloud and Baidu to leverage Intel® Software Guard Extensions (Intel® SGX) to protect selected code and data from disclosure or modification at the hardware level with uncompromised performance.
Intel® SGX Enhances Security for Alibaba Cloud Blockchain-as-a-Service
In September of 2018, Alibaba Cloud announced four new powerful products, including Blockchain-as-a-Service with Hyperledger Fabric protected by Intel® SGX to enhance the security of blockchain keys at the silicon level. Intel® SGX's on-chip security is an integral part of Alibaba Cloud’s Blockchain Platform Service Layer in the overall BaaS architecture.
Blockchain and distributed ledger technology (DLT) have the potential to change the way businesses trust each other by distributing transaction records over many nodes in a network. However, many blockchain users want to keep their application state confidential and maintain data privacy despite the proliferation of data on a blockchain. Intel® SGX has been designed to provide a hardware-assisted Trusted Execution Environment (TEE) with a very small attack surface—the processor boundary. The data and computations that demand privacy can be selectively placed inside the TEE to help it be protected from untrusted blockchain node access. With Intel® SGX, blockchain data can be kept in encrypted form until it is needed for a transaction. It is then decrypted in a secure enclave where permitted participants can view it.
Alibaba Cloud’s collaboration with Intel around Intel® SGX dates back to almost two years ago. During the Computing Conference in 2017, Alibaba Cloud launched Elastic Compute Service (ECS) Bare Metal (EBM) instance that uses Intel® SGX for enhanced security with chip-level TEE in addition to physical server isolation. I am glad to see continued joint innovation between Intel and Alibaba Cloud that helps the leading cloud provider differentiate its cloud offerings.
Baidu MesaTEE Relies on Intel® SGX to Secure FaaS and Smart City Management
I am also very excited about the security innovations that Baidu is delivering on top of Intel® SGX.
In September 2018 at Baidu ABC Summit, Dr. Tao Wei, Baidu’s Chief Security Scientist, and Lorie Wigle, Intel’s Software and Services Group Vice President and General Manager of Platform Security, jointly announced MesaTEE, a solution to enable Function-as-a-Service (FaaS) for security-critical services by allowing even the most sensitive data to be more securely processed in the public cloud.
FaaS is gaining traction as emerging cloud applications desire event-driven on-demand computing, cloud developers enhance agility through microservices, and cloud customers expect more efficiency out of their infrastructure spend. According to MarketWatch, the FaaS market is expected to exceed more than USD 7.5 Billion by 2023 at a Compound Annual Growth Rate (CAGR) of 32% from 2018 to 2023.
However, current FaaS solutions are not designed to ensure the integrity and confidentiality of code and data in the cloud. MesaTEE combines Baidu’s advanced Hybrid Memory Safety (HMS) model and the power of Intel® SGX to enable what we believe is the tightest trust boundary for critical services in banking, autonomous driving, and healthcare.
Since then, MesaTEE has seen good traction, and one application is in trusted secure smart city management, which Dr. Wei introduced in his Baidu World conference presentation. In this application, MesaTEE with Intel® SGX is used to help secure the data collected by thousands of IoT devices and sent to public cloud for AI and big data processing, helping ensure the execution of the deployed service through remote attestation, and fend off more exploits.
I hope that after reading all these exciting innovations about cloud security, you want to check out hardware-enabled security solutions powered by Intel® technology, Intel® SGX solutions for blockchain, and create your next cloud security innovation on Intel® SGX. I look forward to hearing about them.