A study of confidential computing as a way to prevent sensitive information exposure on information systems.

Abstract

User privacy is one of the biggest concerns of application developers nowadays. With the advent of new regulations and cyber attacks becoming more common and expensive, the demand for newtechnology that can help reduce or mitigate the risk of sensitive information exposure is rising. As humans are the most substantial liability in most systems, it’s important to search for a method to reduce potential human errors or intentional information exposure. In this article, confidential computing is studied as a way to prevent such data leaks by running applications inside a trusted execution environment. In this context, a trusted execution environment is defined as a secure area of a main processor, which guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. For evaluation, a information system using the SCONE runtime was implemented and a series of security and performance tests against a sample application were performed. The results showed a considerable improvement in application security and a considerable deterioration in application performance. The results suggest that confidential computing can protect applications against the mentioned admin-level attacks, but its use must fit certain use cases where performance is not key to the application’s behaviour or the fact that it needs more resources to run on the same performance level is acceptable.