End-User Devices for Confidential Computing: Exploring Islet

Author:  Sal Kimmich

As technology evolves, the need for secure and confidential computing extends beyond servers and data centers to end-user devices such as smartphones, tablets, and personal computers. These devices are increasingly used to collect and process sensitive data, necessitating robust security measures to protect user privacy. One notable project within the Confidential Computing Consortium that addresses this need is Islet.

What is Confidential Computing?

Confidential computing is a security paradigm that aims to protect data in use by performing computation in a hardware-based Trusted Execution Environment (TEE). This approach ensures that sensitive data remains encrypted and secure even when being processed, mitigating the risk of unauthorized access and tampering.

The Importance of Trusted Firmware

Trusted Firmware is the cornerstone of Confidential Computing, providing the essential security features and isolation needed to establish a trusted execution environment. Unlike regular firmware, Trusted Firmware includes mechanisms for secure boot, cryptographic verification, and hardware-based isolation of secure and non-secure execution environments. To understand more on this topic, view our blog on Trusted Firmware. 

Islet: A Platform for On-Device Confidential Computing

Islet is an open-source project designed to enable Confidential Computing on ARM architecture devices using the ARMv9 Confidential Compute Architecture (CCA). Its primary objective is to provide a secure platform for on-device Confidential Computing, thereby protecting user privacy and enabling secure processing of sensitive data directly on end-user devices. Islet is implemented in the Rust programming language, and utilizes Rust’s inherent memory safety features to create a robust and secure environment.

Key Features of Islet

1. Realm Management Monitor (RMM):
   • Operates at EL2 in the Realm world on the application processor cores.
   • Manages confidential virtual machines (VMs), known as realms, ensuring their secure execution.
   • Islet RMM complies with ARm’s specifications for platform ABIs, which enables Islet to integrate seamlessly with the ARM ecosystem, supporting Linux and KVM patch for ARM CCA.
2. Hardware Enforced Security (HES):
   • Performs device boot measurement and generates platform attestation reports.
   • Manages sealing key functionality within a secure hardware IP separate from the main application processor.
3. Automated Verification:
   • Incorporates formal verification techniques to enhance the security of Islet, ensuring robustness against various attack vectors.

Use Case: Confidential Machine Learning

Islet showcases its capabilities through a confidential machine learning demo. In this scenario, a mobile device user interacts with a chat-bot application that runs on Islet. The chat-bot processes the request and communicates with an ML server through a secure channel, demonstrating end-to-end confidential computing. This use case highlights Islet’s potential in enabling secure and private machine-to-machine computing without relying on server-side intervention.

Why End-User Devices Need Confidential Computing

While traditional confidential computing solutions focus on server-side protection, securing end-user devices is equally important for several reasons:

1. Initial Data Collection:
   • Sensitive data collection often begins at the user device level, making it crucial to protect this data from the outset.
2. Privacy Apps:
   • As users increasingly rely on privacy-focused applications such as secure messengers, password managers, and private browsers, ensuring the confidentiality of data on these devices becomes essential.
3. End-to-End Security:
   • By enabling confidential computing on user devices, Islet helps establish end-to-end security throughout the entire data processing path, from collection to computation.
4. Machine-to-Machine Computing:
   • On-device confidential computing facilitates secure machine-to-machine communication, reducing the need for server intervention and enhancing overall security.

Conclusion

Confidential computing is not just for servers and data centers; it is equally critical for end-user devices. Projects like Islet within the Confidential Computing Consortium exemplify the application of Trusted Firmware principles to secure user devices. By providing a robust platform for on-device confidential computing, Islet ensures the privacy and security of sensitive data, paving the way for more secure and private user experiences.

For more information on Islet and its capabilities, visit the Islet GitHub repository.