Covering Scientific & Technical AI | Thursday, November 28, 2024

Google Expands Memory Encryption to Kubernetes 

Google Cloud and AMD unveiled a “confidential computing” initiative over the summer that maintains data encryption in memory and elsewhere outside of the CPU. The scheme utilized hardware-based encryption within AMD’s latest EPYC processor.

This week, the partners said they are expanding the confidential cloud computing initiative to cover workloads running on Kubernetes clusters via Google’s Kubernetes Engine. Those GKE nodes will be available in an upcoming beta release. On Tuesday (Sept. 8), Google also announced general availability of the confidential virtual machines unveiled in July.

Google Cloud also said it will expand support for confidential computing beyond AMD to a range of datacenter processors. In both cases, the value proposition is the ability to encrypt data “in-use,” as it is being processed.

Like the confidential VMs, the confidential Kubernetes nodes are based on AMD’s latest EPYC processor that incorporates hardware-based encryption in its Zen 2 Core architecture. Clusters running secured nodes automatically enforce the use of confidential VMs, according to Google (NASDAQ: GOOGL). The confidential nodes use memory encryption within the EPYC processor’s “secure encrypted virtualization” capability.

The partners said confidential VMs running in the Google Cloud can ramp to 240 virtual CPUs and 896 Gbytes of memory. AMD (NASDAQ: AMD) also promotes its latest EPYC processor based on 7-nm process technology as a platform for migrating applications and data to the cloud.

The hardware-based security approach uses a “root-of-trust” methodology in which encryption keys are used to secure functions. AMD said those keys are managed on-chip, meaning only a user can view them.

The architecture encrypts memory using a virtual key, then a secure processor maps keys to the VMs running in memory. The hypervisor can’t access encrypted memory, and a “guest” operating system selects data that can be shared.

Meanwhile, Google Cloud said its confidential nodes would be released in beta form with its upcoming Kubernetes engine release.

“We believe the future of cloud computing will increasingly shift to private, encrypted services,” that prevent exposure of data to cloud providers or outsiders, said Vinton Cerf, Google’s chief Internet evangelist.

“When data is being processed, there is no easy solution to keep it encrypted,” Cerf added. Hence, the confidential computing initiative is promoted as encrypting data “in-use” as well as at rest and while in transit between customers and datacenters.

The confidential VM model is now being applied to container-based workloads, encrypting data in memory and elsewhere outside the CPU. “Data is decrypted within the CPU boundary by memory controllers using embedded hardware keys that Google doesn’t have access to,” Cerf explained.

Isolating application container resources and dependencies was among the initial challenges as enterprise microservices began to take off. Google and AMD are betting an added layer of data processing security will propel the cloud vendor’s private, encrypted cloud services strategy.

Memory encryption would further isolate workloads while also walling off tenants from cloud infrastructure. “Our goal is to ensure that the capabilities are agnostic to the hardware we use,” said Cerf. Hence, Google is working with other CPU vendors and will expand support for confidential computing to GPUs, Tensor processing units and FPGAs.

Google Cloud is among the founding members of the Linux Foundation’s Confidential Computing Consortium formed in October 2019. Other members include Alibaba, Arm, Huawei, Intel, Microsoft and IBM’s Red Hat unit.

About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).

AIwire