The era of centralized databases has passed with greater confidence in the online world. Several events have shown that centralization of management and control, while convenient, has a variety of downsides, including redundant digital transactions, human error, and bias.
Although blockchain offers a more secure alternative to centralized databases, it is far from ideal. The confidential computing team at Microsoft Research has set out to develop a new system for keeping transactions private while taking advantage of the benefits of decentralized trust. However, there was no system available at the time that could lead to the consolidation of computing resources.
To address this issue, the team designed the Confidential Consortium Framework (CCF), a toolkit for building reliable, decentralized, highly available centralized services with state-of-the-art components based on distributed consensus. According to the researchers, data privacy is protected by a secure central account, and the CCF is based on a distributed trust model similar to the blockchain. This model helps reduce the massive power consumption of blockchain and other distributed computing setups.
Working with the Azure Security team, they developed Azure Secret Ledger, a CCF-based service that securely handles sensitive data records in Azure.
By limiting the size of the Trusted Computing Base (TCB), and components of the computing environment, CCF enhances trust limits in conditions that require both distributed trust and data confidentiality. By configuring CCF management settings, operators can significantly reduce or even eliminate their participation in TCB.
CCF uses trusted hardware to ensure the integrity and confidentiality of transactions rather than a social root of trust such as a cloud service provider or participant consensus used in blockchain networks. This results in a Trusted Execution Environment (TEE). These TEEs are encoded memory areas that remain so even during program execution. Memory encryption is strictly enforced by the memory chip itself. There is never any way to access the information stored in TEEs.
The basis of a decentralized trust is remote authentication, which ensures to a third party that every computation of user data that occurs within a publicly verified TEE. This certification and a separate, encrypted TEE establish a decentralized trust framework. By validating each other’s certificate that they are executing the code expected in a TEE, the nodes in the network build a foundation of trust among themselves.
Flexible union, independent of the operator, responsible for service governance. To demonstrate off-grid credibility, CCF uses ledgers. In order to ensure the reliability of the service and to provide conclusive evidence that transactions have been carried out to other users, all transactions are recorded in an immutable ledger that its users can access for audit purposes. This is useful for users in general, but will be especially useful for those who must adhere to certain rules and regulations.
The team worked with the Azure Security Group to refine and improve the CCF to use as a stepping stone toward developing more secure computing services in Azure. Use the Azure API Guidelines and make sure the CCF follows Azure’s recommendations, such as procedures for logging, reporting errors, and performing lengthy searches. They then created an Azure application prototype, which the Azure Security team used to create the first publicly available managed service built on CCF, the Azure Secret Ledger, which provides cryptographically verifiable audit trails that are protected from tampering.
Please Don't Forget To Join Our ML Subreddit
Tanushree Shenwai is a Consultant Intern at MarktechPost. She is currently pursuing a Bachelor of Technology degree from the Indian Institute of Technology (IIT), Bhubaneswar. She is passionate about data science and has a keen interest in the scope of application of artificial intelligence in various fields. She is passionate about exploring new developments in technologies and their real-world applications.