Trusted Execution: A Secure Foundation for AI and Beyond
Wed, 16 Oct 2024 10:56:02 -0000
|Read Time: 0 minutes
In this article, the third entry of our VxRail security series, we are picking up where we last left off with supply chain security to examine the foundational role of the Trusted Execution Environment (TEE) alongside the critical function of cryptography in fortifying data protections. We're delving into how VxRail, a cornerstone of Dell Technologies’ infrastructure, reflects the Zero Trust principle of “Never Trust, Always Verify” through TEE and cryptographic layers, ensuring robust defense throughout a product's lifecycle. At the heart of any secure system lies TEE, a sanctuary for your most sensitive operations, providing security for both conventional and AI-centric applications.
Trusted Execution Environment
For a long time, protecting data while it is actively in use was considered a significant challenge. While the performance of cryptographic processing has significantly improved, real-time software encryption on data in use is simply not practical. This limitation led chip manufacturers to identify an alternative in leveraging hardware to provide a secure space in which to process the data to decrease the risk of exposure. This space is the Trusted Execution Environment.
A TEE starts with the main processing unit. Modern CPUs from both Intel and AMD provide a secure area that ensures the confidentiality and integrity of that data being processed by preventing unauthorized access within the TEE. This approach limits the ability of a bad actor accessing or modifying the data running in the secure area. While the AMD TEE is all hardware, Intel provides its Software Guard Extensions (SGX) API which allows for, among other things, direct user and OS level calls to define enclaves and protected private regions of memory, enable secure execution of code on remote servers, protect encryption keys, and more.
Other hardware that can increase security:
- Trusted Platform Modules (TPMs) providing basic hardware-based security functions leveraged for secure storage, key management, and remote attestation.
- Secure Memory Management Units (Secure MMUs) to enhance the CPU TEE by ensuring secure memory isolation and access control.
- Hardware Security Modules (HSMs), typically used for cryptographic operations.
Dell and VxRail recognize that the availability of a TEE is critical to creating a secure operating environment. For AI deployments, a solid TEE can provide protections against injection, infection, extraction, and excessive agency attack vectors. VxRail with PowerEdge offers the ability to choose both Intel and AMD chips enabled for TEE, with TPM 2.0 hardware for increased security capabilities including Silicon Root of Trust, SecureBoot, and Secured Component Verification (SCV).
VxRail, Dell Technologies’ robust infrastructure solution, adheres to the Zero Trust principle. This security philosophy extends across the entire lifecycle of our products, from inception to decommissioning. A Zero Trust Architecture is multifaceted, comprising various layers of security that intersect at different points within this lifecycle. Each layer addresses specific security concerns, collectively forming a formidable defense against malicious actors. In the context of AI environments, where attack vectors are diverse, VxRail’s comprehensive protection becomes even more critical.
Cryptography
Building on the security of TEE, let’s now discuss the uses of cryptography across the entire lifecycle to add additional protections to keep conventional and AI use cases secure.
Cryptographic operations, in one form or another, continue to be a powerful tool in the security toolbox. In terms of infrastructure, typical cryptography takes the form of encryption and signing. With encryption, the goal is to ensure the confidentiality of the data, and signing ensures the integrity of the data. Both actions can be taken separately or in conjunction for added protections. As with most things security, which to use and when are dependent on use case, performance, and usability requirements.
Two artifacts are needed to perform cryptographic operations are:
- Cryptographic processor (hardware) and cryptographic module (software)
- Encryption keys (typically symmetric and asymmetric)
Of course, not all cryptography is equal. Security conscious customers, especially those deploying an AI environment, will want to ensure that the algorithms and methodologies used are strong enough to meet industry standards. In the encryption case that would be NIST (National Institute of Standards and Technology) FIPS 140. This living standard defines the security requirements that cryptographic modules must meet for U.S. Federal deployments while organizations in other industries and verticals recognize that the user of FIPS validated encryption libraries and modules will go a long way to ensure secure cryptography.
Within the datacenter, cryptography is typically applied to communications (data in flight) and storage (data at rest).
Communications
While there are multiple ways to perform data in flight encryption, the most common is by using TLS, or Transport Layer Security. This protocol dictates how to provide secure communication over computer networks ensuring privacy, integrity, and authentication. This protocol is typically used between applications and is a successor to Secure Sockets Layer (SSL).
Another use case for cryptographic operations in communication is with Single Sign-On (SSO). There are industry accepted standards for SSO communications and some of them offer and require the use of cryptography for encryption and/or signatures. Both use cases usually require the creation and use of asymmetric encryption keys which must be properly managed by an infrastructure administrator.
Storage
Data at rest encryption is typically handled in two ways:
- Self-Encrypting Drives (SEDs)
- Software-based encryption
Either or both use cases can be chosen and require the use and proper management of, in this case, symmetric encryption keys.
Cryptography is a security control that is critical to all infrastructure use cases, including AI. Protecting the data from exfiltration and modification is essential to all users. For the AI use case, encrypted communications and storage are the best controls to remediate against the poisoning attack vector. VxRail offers FIPS 140-2 validated encrypted communications and storage built into the appliance using TLS for communications, SEDs for purchase, and supporting VMware vSphere VM and vSAN encryption features.
Be sure to join us next week as we go beyond the technology and examine the vital role of Identity and Access Management (IAM) in the VxRail security ecosystem, which provides peace of mind regardless of an application's nature.
Joann Kent, Cybersecurity Product Manager