Verifiable Confidential Computing
Cosmian Enclave and Cosmian VM are solutions to compute over data
- that keeps data encrypted at all times, even when in use
- and that can be remotely verified at any time, i.e., that a correct non-tampered application is currently running in encrypted memory.
In other words, these solutions ensure that you know what processes your data, and that the data is always encrypted.
Both of these solutions
- have low performance overhead compared to processing in clear text,
- do not require modifications to existing software,
- provide real-time remote verifiability of the hardware environment and the running software
- can run either on the cloud or on-premise.
- are remotely administered and verified using simple CLI tools provided by Cosmian
- do not require external key management while in use
Security Models and Use Cases¶
The two solutions protect applications and data against malicious infrastructure providers (cloud administrators, third-party premises administrators, etc…) that can have physical access to the machine.
- Cosmian Enclave is a solution that provides additional protection against the system administrator of the machine, i.e. someone with operating system level access. Cosmian Enclave is a sealed secured environment best-suited for scenarios where the provider of the application code - or its parameters such as a neural network - wants to protect its intellectual property from the system administrator. This is typically the case of collaborative confidential computing scenarios where the code provider wants to deploy its code (or its parameters) on a system administered by a third party, such as the data provider.
- Cosmian VM provides additional flexibility and performance and is appropriate for scenarios where the running code does not have to be protected against the system administrator. This is typically the migration of an on-premise application to the cloud, or the security upgrade of an on-premise application to allow it to process data with increased confidentiality.
| Solution | Infra. Admins (physical access) | Sys. Admins (OS access) | Use Cases |
|---|---|---|---|
| Cosmian Enclave | No access to data or code | No access to data or code | Collaborative confidential computing, code protection |
| Cosmian VM | No access to data or code | Access | Move to cloud, security upgrade of on-premise apps |
Note: it is possible to “seal” a Cosmian VM by shutting down all operating system level access to the VM (such as the SSH daemon)
Cosmian Enclave¶
Please check the dedicated documentation at Cosmian Enclave
Cosmian VM¶
Please check the dedicated documentation at Cosmian VM
Summary Comparison of Cosmian Enclave and Cosmian VM¶
| Feature | Cosmian Enclave | Cosmian VM |
|---|---|---|
| Memory encryption | Yes | Yes |
| Remote verifiability | Yes | Yes |
| Remote code deployment | Yes (Python ASGI) | No |
| Offline encrypted code deployment | Yes | No |
| Protection against | Infra. Admins + Sys. Admins | Infra. Admins |
| Required hardware | Intel SGX | Intel TDX or AMD-SEV-SNP |
| Cloud providers availability | Azure, OVH | AWS, Azure, GCP, OVH |
| Applications type | Python, Singularity containers | Any application |
| Code modification | None | None |
| Performance overhead | ~+20% | ~+10% |
| Re-usability of OS images | No | Yes |
| Attack Surface | Small | Large |
Note
These solutions will soon be available as IaaS on all the major cloud providers.