"The current demand for large amounts of data, as well as data fusion and joint computing, is increasingly conflicted with data security and data privacy protection." Tencent Blade Aoj Team technical chief, said in order to reconcile the contradictions, tencent cloud issued jointly with Intel tencent cloud number of chain products, this product combines the confidential technology, computing and block chain depends on the Intel CPU offers SGX technology, implements the technology integration and innovation of cooperative parties, to solve the problem of data sharing and security of privacy protection to provide the perfect solutions Case.
Build hardware security barriers for blockchain
"Software Protected Extension (SGX) is a hardware-based trusted execution environment and an important system feature in Intel's xeon 3 scalable processors." According to Intel technologists, the third generation of Expandable Xeon processors released this year incorporate SGX technology, the first time Intel has implemented secret computing on a chip. "When we use it on a server, we can achieve up to 1TB of memory isolation."
SGX is characterized by ensuring data security in the computing process, while Tencent Cloud is seeking confidential computing or privacy computing technology, aimed at data sharing and fusion cases, while guaranteeing converged computing and data security privacy. In the view of Liu Jiang, head of Tencent's cloud number chain products, the cooperation with Intel is the right choice after multiple investigations and investigations. "Digital Link products use Intel SGX technology, combined with Tencent cloud blockchain technology, through the distributed consensus capabilities of blockchain, to solve user authorization and fusion in the process of interaction and sharing. In the computing process, SGX's trusted computing capabilities protect our security and privacy in the computing process, so as to better realize the play and mining of user business data value."
Based on SGX technology, Tencent Yundatalink products build a software technology stack from bottom to top from the underlying hardware, providing customers with help in "data ecological construction, data governance extension, data value mining" and other aspects. Zhang Bo introduced that Digital Link products use SGX technology to build TEE computing cluster, perform data security calculations, and trace data sources through blockchain technology. Confidential computing can be allocated 512 GB memory, which can meet the computing requirements of massive data, solve the problem of joint analysis of large data, and provide users with a low-cost, high-performance, secure, reliable, flexible and scalable blockchain data platform.
"With SGX technology, blockchain can be better secured in contractual, computation-related aspects." Liu jiang added that Tencent's cloud Data Link products put the execution of smart contracts related to users' business into the SGX environment to further ensure the arrangement of contract calculation and realize the security protection of business data, algorithm model and contract itself in the whole process of blockchain business collaboration.
SGX update and optimization direction
Intel SGX technology has been released along with the 6th generation of Core processors, providing security protection for lightweight applications such as host DRM, password protection and electronic payment signature. The concept of confidential computing was developed to protect data in use as massive amounts of data migrated to the cloud and memory security isolation became an urgent issue for enterprises. As a chip maker, Intel sees the trend in confidential computing and is adapting its SGX technology to customer demand in areas such as servers and virtual machines, Intel technology experts said.
Memory support has become the most important development direction of SGX technology. First, how to efficiently allocate the physical memory that a virtual machine can support dynamically. Taking Tencent Cloud as an example, after users apply for virtual products, their virtual machines can support SGX technology. Intel SGX technology will have 1T sgX-protected virtual physical memory, which needs to be allocated to virtual machines according to a certain schedule, and the current static allocation scheduling method can not meet the market demand. Therefore, efficient dynamic allocation of physical memory becomes one of the directions of SGX improvement and optimization.
Second, remote authentication is another SGX optimization direction. Remote authentication is an important part of loading a workload to the remote end. For example, when the algorithm is loaded to the data owner in federated learning, we should first confirm whether the loaded workload is protected by SGX, and use the remote authentication function of SGX technology to allocate legal memory on the remote machine, so as to realize data loading and transmission.
"When it comes to trusted execution environments, Intel has the most extensive research, the most timely problem detection, and the most efficient fixes in the industry. We are constantly optimizing our technology as it evolves." Intel technology experts said that in the future, Intel will continue to work closely with the industry to ensure the advance awareness and protection of CPU, especially SGX trust root.
Open data silos
"Through the consensus mechanism of blockchain, distributed storage and network technology, we can overcome the problem of data islands existing in the closed loop of various applications." Liu Jiang said that from the perspective of blockchain development, blockchain is a trusted infrastructure, Tencent cloud based on blockchain alliance chain technology, landing a large number of application scenarios such as supply chain finance, food traceability, trusted vouchers and electronic invoices, financial bills. "The greatest value of blockchain is to provide better metro technology and a trusted foundation in multi-application integration."
From the perspective of chip manufacturers, Intel technical experts believe that as blockchain applications become more widespread and in-depth, optimisation in CPU, software and ecology is also becoming more and more important. Intel is also making continuous layout and planning for the optimisation of specific workloads of blockchain and the formulation of blockchain standards and specifications. It hopes to work closely with Tencent Cloud to provide strong underlying technical support for the actual implementation of blockchain.