By Greg Ritter, Cyber Solutions Architect, Leidos Cyber Accelerator and Nikhil Deshpande, Sr. Director of Product Management, Intel Corp.
The National Institute of Standards and Technology (NIST) warns enterprises that many security techniques used in the private sector based on perimeter protection are outdated and insufficient, particularly if a company is dealing with sensitive IP or personal information. In the last few years enterprises have increasingly migrated workloads to the cloud and are now supporting an unprecedented number of remote workers (as well as IOT devices) that require regular access to corporate resources. To address these new business models, enterprises need to embrace newer cybersecurity approaches such as Zero Trust and Confidential Computing. In its Special Publication 800-207, NIST lays out tenets of Zero Trust Architecture, and discusses its deployment to protect enterprise resources.
Leidos, a Fortune 500 technology, engineering, and science company that provides services and solutions in the defense, intelligence, civil and health markets, both domestically and internationally, has collaborated with Intel to adopt key tenets of NIST SP 800-207 by deploying Confidential Computing with Intel Trust Authority’s attestation service. Included below are brief definitions of Zero Trust, of Confidential Computing, and of Intel Trust Authority, and then a summary of several of the Leidos implementations underway and their adherence to Zero Trust Architecture as discussed by NIST.
Zero Trust is an approach to cybersecurity that assumes no trust for anyone or any device, regardless of location. Zero Trust architecture is designed to request authentication and authorization of people, applications, and devices each time they interact with an enterprise resource, be it data, services, assets, or applications.
Confidential Computing “protects data in use by performing computation in a hardware-based, attested Trusted Execution Environment” [TEE, or also known in the industry as a secure enclave] according to the Confidential Computing Consortium. Whereas data is almost always encrypted while in transit and in storage, in conventional cloud environments, data becomes unencrypted in memory while it is being processed. This is because encryption slows down the speed of processing. Confidential Computing addresses data in use by placing it into a secure enclave while it is being processed, thus narrowing the trust boundary according to Zero Trust principles. There are several mechanisms to do this, including Intel’s implementation using Intel® Software Guard Extensions (Intel® SGX) or Intel® Trust Domain Extensions (Intel® TDX).
Intel Trust Authority takes this one step further. It offers an Intel service that attests to the identity and integrity of the secure enclave within the Confidential Computing environment. Typically, cloud infrastructure providers who offer Confidential Computing also attest their enclaves, but there are several reasons an organization may require attestation from a third party. Among them, independent attestation adheres to the commonly recognized best practice of separating infrastructure provider from infrastructure verifier, such as in the case of certificate authorities. Also, organizations who run workloads in multiple clouds or in hybrid-cloud environments may want to set a consistent security policy across their deployments and receive attestation from a single service, regardless of who provides the infrastructure.
Below are several Leidos NIST SP 800-207 Zero Trust Architecture implementations that use Confidential Computing with Intel Trust Authority:
Evaluation of Trust: NIST suggests that individual enterprise resources be granted on a per-session basis (NIST SP 800-207 Tenet 3) and continually re-evaluate trust in ongoing communication (NIST SP 800-207 Tenet 6), referred to as Continuous Diagnostics and Mitigation (CDM). Leidos exceeds these recommendations using Intel Trust Authority by re-attesting live connections once they’ve been established between edge servers that are in the field and centralized government servers.
Granting Access to Enterprise Resources: As no resource is inherently trusted in Zero Trust Architecture, NIST states that “subject credentials alone are insufficient for device authentication.” (NIST SP 800-207 Assumption 3). This means that enterprises using Media Access Control (MAC) addresses and a software certificate to authenticate devices is not enough. Leidos demonstrated how Intel Trust Authority can verify the identity and integrity of the secure enclave (in addition to using Intel® SGX to verify the integrity of the application before it enters the enclave).
NIST also notes the need for an enterprise to monitor and measure the integrity and security posture of its owned and associated assets (NIST SP 800-207 Tenet 5) and to determine access to its resources via dynamic policy that includes the observable state of the identities of applications and assets (NIST SP 800-207 Tenet 4).
Previously Leidos could only authenticate the identity of a resource; the only indicators of trustworthiness were successful authentication and the absence of an alert. With Intel Trust Authority, they now have observable evidence with active resource attestation. Furthermore, Intel Trust Authority attests to the integrity of memory content, which exceeds the file integrity verification, a traditional countermeasure.
Protecting Data and Workloads: NIST recommends protecting applications from a potentially compromised host or from other applications running on the asset. NIST recommends host-based micro-segmentation, which Intel SGX provides, as a Zero Trust option, as well as running vetted applications compartmentalized on assets. Leidos uses Intel Trust Authority to attest the host, and Intel SGX to provide the sandbox within the secure enclave or TEE.
Embracing Open and Scalable Architecture: Many offerings to store and process data in a secure environment require organizations to house all their data or workloads in a single cloud environment, or to use just one infrastructure or application service provider. As a government contractor, Leidos embraces open standards and scalability across vendors. Intel operates in accordance with the opensource Confidential Computing Consortium, and Intel Trust Authority intends to support a broad ecosystem of devices including those not supplied by Intel.
Conclusion: Leidos works every day to deliver customizable and scalable solutions to its customers and recognizes the importance of preserving privacy. The collaboration between Leidos and Intel to deploy Confidential Computing with Intel Trust Authority has enabled Leidos to develop a proof-of-concept that satisfies key NIST tenets for Zero Trust Architecture, a preeminent approach to cybersecurity.
For more on Leidos Zero Trust solutions, click here.
For more on Intel Trust Authority, click here.
Nikhil M. Deshpande is currently the Senior Director of Security and Chief Business Strategist for Project Amber in the Office of the CTO at Intel. In prior roles, he led silicon security strategic planning in the Data Center Group as well as managed numerous security technologies research in Intel Labs including privacy preserving multi-party analytics. Nikhil has spoken at numerous conferences and holds 20+ patents. He holds M.S. and Ph.D. in Electrical & Computer Engineering from Portland State University. He also has M.S. in Technology Management from Oregon Health & Science University.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.