Google Cloud Confidential VMs vs Azure Confidential Computing

Yesterday as part of Google Cloud Next’20 On Air, Google introduced a preview of a new set of virtual infrastructure called Confidential VMs which leverage the Secure Encrypted Virtualization (SEV) feature of 2nd Gen AMD EPYC. Confidential VMs run on N2D series VMs and currently support Ubuntu v18.04, Ubuntu 20.04, Container Optimized OS (COS v81), and RHEL 8.2.

So why is this a big deal? All Cloud Providers encrypts data at-rest and in-transit, but customer data must be decrypted for processing.The idea with Confitional Computing is that it encrypts data in-use—while it is being processed. Confidential Computing environments keep data encrypted in memory and elsewhere outside the central processing unit (CPU).

So what kind of attacks can this feature protect against?

  • Failures to handle buffer overflows, pathname exploits, SQL injection, and other logic errors allowing an attacker to exploit system resources.
  • Exploit of an issue that allows a user to gain access that should not be available. Through error, coercion, social engineering, or by choice, trusted individuals access or provide access to data inappropriately.
  • Data in memory remains readable even when powered off. Lowering the temperature increases the longevity. DIMMS can be frozen then transferred to another machine.
  • Attacker reboots system to USB or other drive. A special operating system dumps system memory.
  • An attacker gains access to hypervisor environment from inside a VM.
  • Attacker reads the memory of a running process to steal data.

Confidential computing is an industry term defined by the Confidential Computing Consortium (CCC) – a foundation dedicated to defining and accelerating the adoption of confidential computing. The CCC defines Confidential computing as the protection of data in use by performing computations in a hardware-based Trusted Execution Environment (TEE).

A big issue since this is using AMD SEV: this technology is supported only by the QEMU platform under Linux, so all the software from VMWare and Microsoft does support this feature .But that’s not all: for AMD SEV to work, you need not only the hypervisor, QEMU libraries and Libvirt to support it, but also to use a modern version of Linux as a guest operating system, hence since Google Cloud is running on a modified version of KVM Hypervisor.

What is the difference between Shielded VM’s and Confidential VM’s?

Google Cloud also added a new feature called Shielded VM’s but this feature is aimed at preventing malicious code from being loaded early in the boot sequence. This is to ensure that virtual machines haven’t been compromised by boot- or kernel-level malware or rootkits.

Confidential VM’s build upon Shielded VM’s. Since Shielded VM’s does not provide data encryption at run time, but provides a set of protection mechanisms to ensure that the VM’s are not tampered at boot.

What is the difference between Google Cloud Confidential VM’s and Azure Confidential Compute?

Essentially at the core there are two different hardware differences here where Azure uses Intel SGX and Google Cloud Confidential VM’s are using AMD SEV. This great research paper summerizes the differences between Intel SGX and AMD SEV

The biggest difference between the two offerings.


Leave a Reply

Scroll to Top