Single Blog

Customers from all over the world and of all types entrust their most sensitive data and applications to
Amazon Web Services
. For this reason, over the years, AWS has invested more and more in technologies and systems designed precisely to continue to maintain and increase the level of security and confidentiality of its customers. Particularly in the last year, there has been a growing interest in the concept of Confidential computing.

AWS defines
Confidential Computing as “the use of specialized hardware and associated firmware to protect customer code and data during processing from external access.”

In addition, confidential computing distinguishes between two dimensions: security and privacy. The most important dimension is the protection of the customer’s code and data from the operator of the underlying cloud infrastructure. The second dimension is the ability of customers to divide their workloads into more reliable and less reliable components, or to design a system that allows parties to build systems that work in close collaboration while maintaining the confidentiality of each party’s code and data.

To meet both levels of security and privacy, AWS has developed the
Nitro System
(first security dimension) and the
Nitro Enclave
system (second security dimension). During the last edition of
Re:Inforce
, an AWS event entirely dedicated to security, space was given to the presentation of the Nitro system.

Nitro consists of three main parts: the Nitro cards, the Nitro security chip , and the Nitro hypervisor. Nitro cards are dedicated hardware components with compute capabilities that perform I/O functions, such as the Nitro card for Amazon Virtual Private Cloud (Amazon VPC), the Nitro card for Amazon Elastic Block Store (Amazon EBS), and the Nitro card for Amazon EC2 instance storage.

Let’s try to see specifically how the Nitro system manages to offer different levels of security.

• Protection from Cloud operators. With the Nitro system, no one can access EC2 servers (the underlying host infrastructure), read EC2 instance memory, or access data stored in instance storage and encrypted EBS volumes.

• Protection from AWS system software. The Nitro system design uses low-level hardware-based memory isolation to eliminate direct access to customer memory, as well as to eliminate the need for a hypervisor on bare metal instances.

For virtualized EC2 instances. Nitro Hypervisor coordinates with the underlying hardware virtualization systems to create virtual machines that are isolated from each other and from the hypervisor itself. Network, storage, GPU, and accelerator access uses SR-IOV, a technology that allows instances to interact directly with hardware devices using a pass-through connection securely created by the hypervisor.

For bare metal EC2 instances
. In this case, there is no hypervisor running on the EC2 server, and customers get dedicated, exclusive access to the entire underlying main system board. Bare metal instances are designed for customers who want to access physical resources for applications that take advantage of low-level hardware capabilities, and for applications that are intended to run directly on hardware or licensed and supported for use in non-virtualized environments. Bare metal instances have the same storage, networking, and other EC2 capabilities as virtualized instances because the Nitro system implements all of the system functions normally provided by the virtualization layer in isolation and independently using dedicated hardware and purpose-built system firmware.

• Protection of sensitive data from customer operators and software. For this type of approach, AWS proposes the Nitro Enclaves. Nitro Enclaves is a hardened, highly isolated computing environment that is launched and attached to a customer’s EC2 instance. By default, no users or software running on the customer’s EC2 instance can have interactive access to the enclave. Nitro Enclaves has cryptographic attestation capabilities that allow customers to verify that all software deployed in their enclave has been validated and has not been tampered with. A Nitro enclave has the same level of protection from the cloud operator as a regular Nitro-based EC2 instance, but adds the ability for customers to divide their systems into components with different levels of trust. A Nitro enclave provides a means to protect particularly sensitive elements of customer code and data not only from AWS operators but also from customer operators and other software.

The primary benefit of the Nitro system is that it allows customers to protect and isolate sensitive data processing from operators and AWS software at all times. It offers the most important dimension of Confidential computing, i.e. the set of protections intrinsic, by default, from system software and cloud operators and, thanks to Nitro Enclaves, also protects from software and customer operators.