The era of centralized databases has passed with greater reliance on the online world. Many events have shown that while centralizing management and monitoring is convenient, it has a number of disadvantages, including duplicate digital transactions, human error, and bias.
While blockchain offers a more secure alternative to centralized databases, it’s far from ideal. Microsoft Research’s Confidential Computing team set out to create a new system to keep transactions private while reaping the benefits of decentralized trust. At that time, however, no system was available that could consolidate computing resources.
To address this problem, the team designed the Confidential Consortium Framework (CCF), a toolkit for building trusted, decentralized, and highly available centralized services with stateful components that rely on distributed consensus. According to the researchers, privacy is protected by secure, centralized computation, and CCF is based on a distributed trust paradigm similar to blockchain. This paradigm helps reduce massive power consumption in blockchain and other distributed computing environments.
Working with the Azure security team, they developed Azure Confidential Ledger, a CCF-based service that securely handles confidential datasets in Azure.
By limiting the size of the Trusted Computing Base (TCB), the components of a computing environment, CCF strengthens the trust boundary in situations where both distributed trust and data privacy are required. By configuring the CCF governance settings, operators can have their participation in the TCB drastically reduced or even removed entirely.
CCF uses trusted hardware to ensure transaction integrity and confidentiality, rather than a social trust base like a cloud service provider or the participant consensus used in blockchain networks. This creates a Trusted Execution Environment (TEE). These TEEs are encrypted storage areas that remain so throughout program execution. Memory encryption is strictly enforced by the memory chip itself. There is never any way to access the information stored in TEEs.
The foundation of decentralized trust is remote attestation, which guarantees to an external party that every user data calculation occurs within a publicly verified TEE. This certification and the separate and encrypted TEE create a decentralized trust framework. By validating each other’s confirmation that they are running the expected code in a TEE, nodes in the network establish trust with one another.
A flexible consortium independent of the operator is responsible for the governance of the service. To establish credibility outside the network, CCF uses a ledger. To ensure the reliability of the service and to provide other users with conclusive evidence of transaction execution, all transactions are recorded in an immutable ledger that users can access for audit purposes. This is helpful for users in general, but especially helpful for those who need to follow certain rules and regulations.
The team worked with the Azure security group to refine and perfect CCF so that it can be used as a springboard for developing more secure computing services on Azure. They used the Azure API guidelines and ensured that CCF followed Azure’s recommendations, such as: For example, logging actions, reporting errors, and performing lengthy searches. They then built an Azure application prototype, which the Azure security team used to create the first publicly available managed service based on CCF, Azure Confidential Ledger, providing a cryptographically verifiable, tamper-proof audit record.
Please Don't Forget To Join Our ML Subreddit
Tanushree Shenwai is a Consulting Intern at MarktechPost. She is currently pursuing her B.Tech from Indian Institute of Technology (IIT), Bhubaneswar. She is a data science enthusiast and is very interested in the application areas of artificial intelligence in various fields. She is passionate about exploring new technological advances and their application in real life.