Intel introduced a new security-as-a-service (SeCaaS) product today, designed to provide remote verification of the trustworthiness of a compute asset in on-premise, edge, and cloud environments. Called Project Amber, the solution is Intel’s latest effort to enhance its confidential computing services.
Today, confidential computing aims to enable data to remain encrypted while in use by performing computation in a hardware-based trusted execution environment (TEE).
Technologies such as Intel’s Software Guard Extension (SGX), AMD’s secure encrypted virtualization-encrypted state (SEV-ES), or Arm’s Confidential Compute Architecture (CCA) work to stave off a variety of threat vectors, including malicious hypervisors or side-channel attacks from other applications also running on the system that the user might not control.
One of the core principles behind confidential computing is a concept called attestation, which refers to testing the security of workloads. Project Amber aims to create a new multi-cloud, multi-TEE service for third-party attestation.
“Project Amber is a SaaS or a service-based security implementation of an independent trust authority that is separate from the cloud that will actually attest to the TEE,” Nikhil Deshpande, director of product development at Intel told SDxCentral. “This will be decoupled from the cloud provisioning, and attestation will be provided as independent trust authority.”
On top of tackling this self-attestation challenge in the cloud, Project Amber also addresses the uniform attestation across multi-cloud deployment needs with the independent trust authority, he touted.
Plus, attestation is a complex technology, which is expensive to create, operate, and maintain, Deshpande pointed out. Customers “want to basically just have this taken care of by a separate entity or turnkey solution that will just provide them that service and be assured that everything is up to date,” Deshpande said, claiming that Project Amber is this turnkey service.
Project Amber will initially only support Intel TEEs, but the vendor has expansion plans, said Deshpande.
“The first version of Amber is focused on the TEEs and confidential computing. Our intent is to expand that to the rest of the platform, not just TEEs, but other parts of the platform, the devices, and other TEEs as well,” he added. “Our vision is computing should be confidential all the time.”
Intel plans to launch a customer pilot by the end of this year, and then release the service in the first half of 2023.
“With the introduction of Project Amber, Intel is taking confidential computing to the next level in our commitment to a zero-trust approach to attestation and the verification of compute assets at the network, edge, and in the cloud,” Intel CTO Greg Lavender said in a statement.