If Arm has its way, some time in 2024 or 2025 you might be able to buy a phone that can process your health data securely on the device, or an industrial client might be able to run a proprietary algorithm on a gateway device that’s shared by others without disclosing its intellectual property. Thanks to an innovation called confidential computing, Arm wants to help developers build applications whose data and IP are locked away on silicon and inaccessible to even the device owner if need be.
During its architecture launch this spring when Arm laid out its plans for the next ten years of computing, the chip design firm also introduced confidential computing.
Mark Knight, director of architecture product management at Arm, said that confidential computing will be enabled on Arm silicon in the next two to three years. Since there’s a year or two lag between innovation in physical chips and the appearance of new features in end devices, we’ll see the fruits of Arm’s new security architecture in 2024 at the earliest.
With confidential computing, Arm is adding a concept called “realms” to its trust zone secure enclave on the chip.
I think of realms as like a container that can securely hold the data, the application, and the memory needed by both. Each realm is separate from the hypervisor on top of an OS and is only sharing data required by the app or algorithm when the app or algorithm is running.
Realms are dynamic, which means that you build them as needed and allocate memory as needed. This is different from the secure enclave which has a set amount of memory. This allows people to build larger applications or applications that use more data in a secure way. By secure, I mean that nothing else on the hardware and no other applications can access the contents of a realm.
Arm has also built a means of attestation for the data on a chip, so when data is traveling between the cloud and device, the realm on one chip can assure the other chip that the data comes from the device that it says it came from.
The implications of this are pretty cool. As we move more computing to the edge and carry more private data or valuable IP around on our devices, the need for greater device-side security rises.
At the widest level, a company could process health data in a realm on a device with both the company processing the data and the consumer sharing her data, confident that no other applications or any other person who has access to the device can access that personal medical data (or the proprietary algorithm used to process it).
With attestation, users can also be sure if their medical data does leave the device, it’s headed to the correct cloud, and not an attacker’s website. On the flip side, it becomes harder to spoof data coming from an individual device because each individual device must attest that the data sent to the cloud comes from the correct device. This could be helpful for assessing data quality for large-scale machine learning data sets.
More narrowly, as developers get used to building software that can take advantage of realms we might see the end of attacks that use one application such as email, to attack or corrupt data used by another application.
This could evolve into a way to stop ransomware. I don’t expect attackers to stay still with regards to attacks on confidential computing, and I also think it will take time before developers fully optimize their applications for realms.
However, the idea of secure, on-device containers that can run applications is compelling, especially if these applications aren’t stuck using only a small pool of available memory. Knight also notes that data is encrypted between the device and the cloud.
I’m really excited about the opportunities here, and I hope developers are as well. Because if they aren’t, none of Arm’s dreams of more secure computing for the IoT will come true.