Security
Determine security ramifications to protect personal data and information
118 Discussions

Microsoft Azure Embraces Intel’s Attestation SaaS (Code Name: Project Amber) in Preview

Nikhil_M_Deshpande
3 1 16.1K

AUTHORS:

Nikhil Deshpande, Senior Director of Security Product Management at Intel

Raghu Yeluri, Senior Principal Engineer and Lead Security Architect at Intel

Microsoft announced expansion of its Confidential Computing virtual machine offering to include 4th Gen Intel® Xeon® Scalable processors featuring the new hardware-based Trusted Execution Environment (TEE), Intel® Trust Domain Extensions (Intel® TDX), in preview. At the same time, Microsoft also unveiled support for the operator-independent SaaS attestation service (Code Name: Project Amber) that Intel will make generally available later this year. We are excited to see Microsoft make available Intel® TDX in preview and in tandem, Intel® TDX attestation via Project Amber.

Both are important steps forward in Confidential Computing. Using the Project Amber SaaS to attest to the trustworthiness of the Intel® TDX-based TEE within Microsoft Azure Confidential Computing instances will help organizations meet increasing demand for, in Microsoft’s words, “separation of duties” between cloud provider and the trust authority that verifies the authenticity and integrity of the cloud infrastructure and the workloads that run inside it.

Project Amber asserts that the TEE and any workload running inside the TEE haven’t been compromised or modified, and it provides a cryptographically signed token to a relying party. That relying party can then unlock the ability to run the workload, or decrypt an AI model or dataset for execution. With this added layer of security, we’re enabling revolutionary use cases to emerge in Confidential Computing.

In financial services, competitors may find value in sharing certain information to detect fraud or money laundering, without revealing competitive or sensitive information. In healthcare, networks are building new AI models for early detection while preserving patient privacy by using Federated Learning. These collaborations are feasible because all relying parties have assurance that the compute environment and code haven’t been tampered with before they run sensitive workloads or share data.

Built as a SaaS, Project Amber is straightforward to deploy and use. Customers are able to dynamically configure security policies and retain consistency across edge, hybrid, and cloud deployments. Project Amber is currently in preview phase. To learn more, check out intel.com/projectamber.

Testing the Intel® TDX preview in Microsoft Azure with Project Amber is straightforward.

1. Sign up for Intel® TDX preview in Microsoft Azure at https://aka.ms/TDX-signup

2. Then sign up for Project Amber SaaS at https://aka.ms/tdxamber.

In the coming months, Intel will release a streamlined sign-up experience, where you will be able to subscribe to the service, create API keys, and manage users and policies. You will also be able to retrieve the Amber Client CLIs, Signing certificates, Policy signing tool, and faithful verification tool. Additionally, you will be able to monitor your attestation usage and metrics.

 

About the Author
Nikhil M. Deshpande is currently the Senior Director of Security and Chief Business Strategist for Project Amber in the Office of the CTO at Intel. In prior roles, he led silicon security strategic planning in the Data Center Group as well as managed numerous security technologies research in Intel Labs including privacy preserving multi-party analytics. Nikhil has spoken at numerous conferences and holds 20+ patents. He holds M.S. and Ph.D. in Electrical & Computer Engineering from Portland State University. He also has M.S. in Technology Management from Oregon Health & Science University.
1 Comment
vtiwari
Employee

Hi Nikhil and Raghu - great to see this milestone. Wishing you and the extended Project Amber team the best for a rapid ramp ahead - Vivek T