Nikhil Deshpande, Senior Director of Security Product Management at Intel
Raghu Yeluri, Senior Principal Engineer and Lead Security Architect at Intel
Microsoft announced expansion of its Confidential Computing virtual machine offering to include 4th Gen Intel® Xeon® Scalable processors featuring the new hardware-based Trusted Execution Environment (TEE), Intel® Trust Domain Extensions (Intel® TDX), in preview. At the same time, Microsoft also unveiled support for the operator-independent SaaS attestation service (Code Name: Project Amber) that Intel will make generally available later this year. We are excited to see Microsoft make available Intel® TDX in preview and in tandem, Intel® TDX attestation via Project Amber.
Both are important steps forward in Confidential Computing. Using the Project Amber SaaS to attest to the trustworthiness of the Intel® TDX-based TEE within Microsoft Azure Confidential Computing instances will help organizations meet increasing demand for, in Microsoft’s words, “separation of duties” between cloud provider and the trust authority that verifies the authenticity and integrity of the cloud infrastructure and the workloads that run inside it.
Project Amber asserts that the TEE and any workload running inside the TEE haven’t been compromised or modified, and it provides a cryptographically signed token to a relying party. That relying party can then unlock the ability to run the workload, or decrypt an AI model or dataset for execution. With this added layer of security, we’re enabling revolutionary use cases to emerge in Confidential Computing.
In financial services, competitors may find value in sharing certain information to detect fraud or money laundering, without revealing competitive or sensitive information. In healthcare, networks are building new AI models for early detection while preserving patient privacy by using Federated Learning. These collaborations are feasible because all relying parties have assurance that the compute environment and code haven’t been tampered with before they run sensitive workloads or share data.
Built as a SaaS, Project Amber is straightforward to deploy and use. Customers are able to dynamically configure security policies and retain consistency across edge, hybrid, and cloud deployments. Project Amber is currently in preview phase. To learn more, check out intel.com/projectamber.
Testing the Intel® TDX preview in Microsoft Azure with Project Amber is straightforward.
1. Sign up for Intel® TDX preview in Microsoft Azure at https://aka.ms/TDX-signup
2. Then sign up for Project Amber SaaS at https://aka.ms/tdxamber.
In the coming months, Intel will release a streamlined sign-up experience, where you will be able to subscribe to the service, create API keys, manage users and policies. You will also be able to retrieve the Amber Client CLIs, Signing certificates, Policy signing tool, and faithful verification tool. Additionally, you will be able to monitor your attestation usage and metrics.