The era of centralized databases has passed with greater confidence in the online world. Many events have shown that centralizing management and oversight, while convenient, has various drawbacks, including duplicate digital transactions, human error, and bias.
Although blockchain offers a more secure alternative to centralized databases, it is far from ideal. Microsoft Research’s Confidential Computing team set out to develop a new system to keep transactions private while gaining the benefits of decentralized trust. However, at the time, there was no system capable of consolidating computing resources.
To solve this problem, the team designed the Confidential Consortium Framework (CCF), a toolkit for building reliable, decentralized, and highly available centralized services with stateful components that rely on distributed consensus. According to the researchers, data privacy is protected by secure, centralized computing, and CCF is based on a distributed trust paradigm similar to blockchain. This paradigm helps reduce massive power consumption in blockchain and other distributed computing settings.
Together with the Azure Security team, they developed the Azure Confidential Registry, a CCF-based service that securely manages sensitive data records in Azure.
By limiting the size of the Trusted Computing Base (TCB), the components of a computing environment, CCF enforces the trust boundary in circumstances where distributed trust and data secrecy are required. By configuring the governance settings of the CCF, operators can significantly reduce their involvement in the TCB or even remove it altogether.
CCF uses trusted hardware to ensure the integrity and secrecy of transactions rather than a social root of trust like a cloud service provider or participant consensus used in blockchain networks. This results in a Trusted Execution Environment (TEE). These TEEs are encrypted memory regions that remain encrypted even throughout program execution. Memory encryption is strictly enforced by the memory chip itself. There is never any way to access the information stored in the TEEs.
The foundation of decentralized trust is remote attestation, which assures an external party that every computation of user data takes place in a publicly verified TEE. This certification and the separate, encrypted TEE establish a decentralized trust framework. By validating each other’s attestation that they are executing the expected code in a TEE, the network nodes build a foundation of trust between them.
A flexible consortium, independent of the operator, is responsible for the governance of the service. To establish its credibility outside the network, the CCF uses a ledger. In order to ensure the reliability of the service and to provide conclusive proof of the execution of transactions for other users, all transactions are recorded in an immutable ledger which its users can access for auditing purposes. This is useful for general users, but it will be especially useful for those who need to follow certain rules and regulations.
The team worked with the Azure Security group to refine and perfect the CCF to use as a stepping stone to developing more secure IT services in Azure. They used Azure API guidelines and ensured that CCF followed Azure recommendations, such as logging actions, reporting errors, and conducting extensive searches. They then created a prototype Azure application, which the Azure Security team used to build the first CCF-based publicly available managed service, Azure Confidential Ledger, which offers a cryptographically verifiable audit trail and protected against tampering.
Please Don't Forget To Join Our ML Subreddit
Tanushree Shenwai is an intern consultant at MarktechPost. She is currently pursuing her B.Tech from Indian Institute of Technology (IIT), Bhubaneswar. She is a Data Science enthusiast and has a keen interest in the scope of application of Artificial Intelligence in various fields. She is passionate about exploring new technological advancements and applying them to real life.