Alibaba Cloud Released Industry’s First Trusted and Virtualized Instance with Support for SGX 2.0 and TPM
In 2015, Alibaba Cloud launched the Data Protection Proposal, making it one of the first cloud service providers to do so. In this proposal, Alibaba Cloud stated that it would never make use of user data without approval. Alibaba Cloud also proposed that the platform had the responsibility and obligation to help its customers ensure the privacy, integrity, and availability of user data. Over the past five years, Alibaba Cloud has held fast to its proposal and released various data security products and services, such as transparent logging, sensitive data protection, and key management. In addition, Alibaba Cloud is also the first enterprise in the Asia-Pacific region to deploy cryptographic computing, exploring chip-level protection capabilities of data security.
Virtualized ECS Instances based on SGX 2.0 and TPM
The virtualized ECS instance released this time has two value-added features:
- Larger EPC memory: Compared with the EPC’s memory limitation of 256MB for the first generation of SGX services, the EPC memory based on SGX 2.0 can reach up to 1TB. Larger EPC memory can remove the memory restriction that hinders the development of big data related applications.
- Alibaba Cloud’s DCAP-based remote attestation service: Users can directly use the remote attestation service provided by Alibaba Cloud. Moreover, the service can be customized according to users’ needs, helping users achieve better performance and gain better experience.
This instance fundamentally meets enterprises’ needs of efficient computing with gigabyte of data, such as machine learning and artificial intelligence. The instance also provides higher-level data protection in new financial and large-scale internet usage scenarios. In addition, the instance also provides efficient and stable remote attestation service based on native advantages of Alibaba Cloud as a cloud service provider.
Cultivating the Growth of SGX Security Technology
In 2017, Alibaba Cloud was the first to launch chip-level SGX-based cryptographic computing solution, and it was also the first cloud service provider to commercialize the SGX technology. On November 2019, Alibaba Cloud jointly held the industry’s first Application Contest Based on Chip-level Encryption with Zhejiang University. Through this contest, Alibaba Cloud strives to seek for and cultivate more SGX application developers in Chinese universities and enterprises, and to explore new business scenarios.
In addition, Alibaba Cloud also hopes to jointly build a new ecosystem and a new force in the security technology field of SGX, through the combination of industry, university and research. In the same year, as the only cloud service provider in Asia-Pacific region, Alibaba Cloud was listed as a typical vendor in Gartner’s Report on Maturity Curve of Cloud Security Technology. Alibaba Cloud gained this title for its several practices in cryptographic computing. In Gartner’s Global Security Capability Assessment Report, Alibaba Cloud has reached High level in the assessment of trusted execution environment for cryptographic computing.
Alibaba Cloud’s accumulation and exploration of SGX 2.0 encryption technology will further improve protection capabilities of chip-level data security of the cloud infrastructure. This will help cloud developers and users build a more reliable execution environment with higher data protection capabilities.