Among the movie-inspired AI doomsday scenarios that people worry about is a possibility both more mundane and yet far more plausible: The AI that’s spot-checking welds on an automotive assembly line or running a robot ultrasound scan of your brain has been tampered with to do something bad. It’s not the AI that’s the worry — it’s the humans potentially messing with it.
As plausible as it is, a forthcoming Intel study found that security professionals worry least about data in use — compared to data in transit or in storage. For the past five years, however, it’s the in-use part of the equation where security incidents have most often occurred.
“Once the data gets to where it needs to be processed, everybody assumed for the last 50 years that it’s working on a server, so it must be safe,” says Raghu Yeluri, a senior principal engineer at Intel who’s literally written a book on cloud security. He’s spent several years working on technology to protect data in use: confidential computing.
Yeluri is the chief architect of Project Amber, an operator-independent multi-cloud trust verification service from Intel. It’s a mouthful. What that means is when somebody wants to run an application in a confidential castle, they can call up Project Amber to verify the trustworthiness of the castle — that the hardware technology underneath is authentic, the firmware is correctly patched and configured and the application code itself is undoctored and launched. It can do this no matter where the castle physically exists — in one of many public clouds, in a private data center or even on a factory floor or in a doctor’s office.
Overall, Yeluri says, the service helps speed the industrywide push to zero-trust architectures.
Yeluri has secured himself a unique position at the company, applying his three decades of experience and expertise in hardware security to build Intel’s most ambitious entry into the enticing world of software-as-a-service (SaaS). It’s a balanced dichotomy: a seasoned engineer helping start up a SaaS business inside a 54-year-old company known for designing and manufacturing silicon chips.
Fixing the ‘Separation of Duties’ Problem for Confidential Computing
How did we get here? It comes back to the rise of confidential computing, which puts data in use inside a hardware-protected container (a “trusted execution environment” or TEE in industry parlance). Applications can run safely isolated from bad actors and even bad code that may exist elsewhere on the same system. But how do you know something labeled confidential is truly safe and protected?
“Attestation is the ability for you to prove that something is what it says it is,” Yeluri explains. “And that is really the ground truth in confidential computing. If you can’t attest and say it is truly what it is, confidential computing is immaterial.”
Up until now, most providers of confidential computing services offer their own attestation, but Yeluri saw the opportunity to achieve a level of security based on “separation of duties.”
“More and more customers are asking for a third-party independent provider to say, ‘Hey, what that cloud provider is giving you is good, and here is the proof,’ and I can then trust them and go do something sensitive with that environment.”
Yeluri proposed that third party should be Intel, which offers multiple TEEs — notably Intel® Software Guard Extensions (Intel® SGX) and Intel® Trust Domain Extensions (Intel® TDX) — and has worked at the forefront of security and encryption of computing for decades. “We understand confidential computing the best,” he asserts. The hypothesis, he adds, was that “this is a gap in the industry today and we have to build it.”
‘We Have to Build It’ — And Customers Want It
Before taking that big step, Yeluri and team checked with a couple dozen customers — banks, manufacturers, telecommunications services — and received votes of support. Some of the cloud service providers, however, needed proof. I mean, that would be appropriate given the subject, right?
Their attestation came back positive. As a matter of fact, some industries require third-party attestation, so having it available could open new business opportunities for those cloud providers.
A few suggested Intel just build it as open source. But Yeluri and team believed that while the core attestation primitives can be open sourced, a solution could only succeed “as a turnkey service. That means somebody has to operate it at scale,” he says, “and we think we can do that.”
“Selling the concept was easy and building a prototype was easy,” Yeluri recalls. “But making sure it becomes a highly scalable, highly available software-as-a-service where we can add new features and capabilities in an incremental way, that’s where the biggest challenge is.”
Just like you want an app you tap on your phone or your desktop to launch quickly, that “call to Amber” needs to happen fast. It needs to be reliable, and most of all, it needs to be secure.
Secure Design and Development Happen Out Loud
That meant a rigorous design process, Yeluri explains, with rounds of architectural reviews to weed out potential vulnerabilities. The over-the-shoulder development approach carried through to several hackathons on the solution and bringing in outside experts to “completely tear this thing apart, line by line of code.”
And it can’t just work with Intel processors and TEEs — customers would also like to verify accelerators and GPUs not only from Intel but also from other vendors, like AMD and Nvidia. “The roadmap includes all those things,” he confirms.
At this point, Project Amber is in beta, being tested out by several companies, with plans to launch with an official name and general availability later this year.
Project Amber is a harbinger of the software strategy that Intel CTO Greg Lavender has been building and evolving over the past two years. In short: Intel will ensure hardware features and performance are not only accessible through open software and for developers to employ, but in some cases delivered through unique Intel services.
“We have a lot riding on it,” Yeluri says. And in spite of the scrutiny and strain the team’s withstood from design to development to testing, he adds, “we have room to grow.”