Microsoft Team Developed Confidential Consortium Framework (CCF) To Bring Efficiency and Usability To A Decentralized Trust Model

CCF is based on a distributed trust model like that of blockchain while maintaining data confidentiality through secure centralized computation

The era of centralized databases has passed with greater trust in the online world. Many events have shown that the centralization of management and monitoring, while convenient, has a variety of downsides, including duplicate digital transactions, human error, and bias.

Although blockchain offers a more secure alternative to centralized databases, it is far from ideal. The Confidential Computing team at Microsoft Research set out to develop a new system to keep transactions private while benefiting from the advantages of decentralized trust. However, there was no system available at the time that could perform to consolidate computing resources.

To address this problem, the team designed the Confidential Consortium Framework (CCF), a toolkit for constructing trusted, decentralized, and highly available centralized services with stateful components that rely on distributed consensus. According to the researchers, Data privacy is protected through secure, centralized computation, and CCF is based on a distributed trust paradigm similar to blockchain. This paradigm helps reduce the massive energy consumption in blockchain and other distributed computing settings.

Working with the Azure Security team, they developed Azure confidential ledger, a service built on CCF that securely handles sensitive data records in Azure.

By limiting the size of the trusted computing base (TCB), the components of a computing environment, CCF reinforces the trust boundary in circumstances where both distributed trust and data secrecy is required. By configuring CCF’s governance settings, operators can drastically reduce their involvement in the TCB or even have it completely removed.

CCF uses trusted hardware to ensure transaction integrity and secrecy rather than a social root of trusts like a cloud service provider or the participant consensus used in blockchain networks. This results in a trusted execution environment (TEE). These TEEs are encrypted memory regions that remain so even throughout program execution. Memory encryption is strictly enforced by the memory chip itself. There is never any way to access the information stored in TEEs.

The foundation of decentralized trust is remote attestation, which guarantees an external party that every user data computation occurs within a publicly verified TEE. This certification and the separate and encrypted TEE establish a decentralized trust framework. By validating each other’s attestation that they are executing the expected code in a TEE, nodes in the network build a foundation of trust among themselves. 

A flexible consortium, independent of the operator, is responsible for the governance of the service. To establish credibility outside of the network, CCF employs a ledger. In order to ensure the reliability of the service and provide conclusive evidence of transaction execution for other users, all transactions are recorded in an immutable ledger that its users can access for auditing purposes. This is helpful for users in general, but it will be especially helpful for those who must adhere to certain rules and regulations.

The team worked with the Azure Security group to hone and perfect CCF to be utilized as a stepping stone toward developing more secure computing services in Azure. They used Azure API guidelines and ensured CCF followed Azure’s recommendations, such as logging actions, reporting errors, and conducting lengthy searches. They then created an Azure application prototype, which the Azure Security team used to create the first publicly available managed service built on CCF, Azure confidential ledger, which offers cryptographically verifiable, tamper-protected audit recording.




Please Don't Forget To Join Our ML Subreddit
🐝 Join the Fastest Growing AI Research Newsletter Read by Researchers from Google + NVIDIA + Meta + Stanford + MIT + Microsoft and many others...