From Confidential Computing to Zero Trust, Come Along for the (Bumpy?) Ride

Abstract

Increasingly, business opportunities available to various types of industries, such as semiconductor chip designs with electronic design automation (EDA), digitalization and innovations in automotives, far exceed those addressable with on-prem compute resources. An attractive option to capture these opportunities is offloading computations onto cloud. However, security concerns with cloud computing arise from having to protect highly valuable third party intellectual properties (IPs), sensitive/private user data, etc. One way to address security concerns for cloud computing is to leverage Confidential Computing to significantly reduce the probability of data breaches. However, there remain challenges to be addressed. First is whether we can achieve Zero Trust computing by leveraging state-of-the-art Confidential Computing techniques. Second is whether large workload performance will suffer with Confidential Computing. Third is whether the deployment of Confidential Computing can be configured by users and automatically deployed, especially when cloud admins/hypervisors cannot be trusted. In this position paper, we deploy an EDA workload into an end-to-end Confidential Computing environment. We utilize this deployment as a case study to demonstrate the Zero Trust, performance, and automation challenges.