Community Blog Alibaba Cloud Released Industry's First Trusted and Virtualized Instance with Support for SGX 2.0 and TPM

Alibaba Cloud Released Industry's First Trusted and Virtualized Instance with Support for SGX 2.0 and TPM

Recently, Alibaba Cloud announced its support for SGX 2.0 and released a virtualized ECS instance based on SGX 2.0 and TPM.

In 2015, Alibaba Cloud launched the Data Protection Proposal, making it one of the first cloud service providers to do so. In this proposal, Alibaba Cloud stated that it would never make use of user data without approval. Alibaba Cloud also proposed that the platform had the responsibility and obligation to help its customers ensure the privacy, integrity, and availability of user data. Over the past five years, Alibaba Cloud has held fast to its proposal and released various data security products and services, such as transparent logging, sensitive data protection, and key management. In addition, Alibaba Cloud is also the first enterprise in the Asia-Pacific region to deploy cryptographic computing, exploring chip-level protection capabilities of data security.

Virtualized ECS Instances based on SGX 2.0 and TPM

Recently, Alibaba Cloud announced its support for Software Guard Extensions (SGX) 2.0, and released the industry's first virtualized ECS instance based on SGX 2.0 and Trusted Platform Module (TPM).

The virtualized ECS instance released this time has two value-added features:

  • Larger EPC memory: Compared with the EPC's memory limitation of 256MB for the first generation of SGX services, the EPC memory based on SGX 2.0 can reach up to 1TB. Larger EPC memory can remove the memory restriction that hinders the development of big data related applications.
  • Alibaba Cloud's DCAP-based remote attestation service: Users can directly use the remote attestation service provided by Alibaba Cloud. Moreover, the service can be customized according to users' needs, helping users achieve better performance and gain better experience.

This instance fundamentally meets enterprises' needs of efficient computing with gigabyte of data, such as machine learning and artificial intelligence. The instance also provides higher-level data protection in new financial and large-scale internet usage scenarios. In addition, the instance also provides efficient and stable remote attestation service based on native advantages of Alibaba Cloud as a cloud service provider.

Cultivating the Growth of SGX Security Technology

In 2017, Alibaba Cloud was the first to launch chip-level SGX-based cryptographic computing solution, and it was also the first cloud service provider to commercialize the SGX technology. On November 2019, Alibaba Cloud jointly held the industry's first Application Contest Based on Chip-level Encryption with Zhejiang University. Through this contest, Alibaba Cloud strives to seek for and cultivate more SGX application developers in Chinese universities and enterprises, and to explore new business scenarios.

In addition, Alibaba Cloud also hopes to jointly build a new ecosystem and a new force in the security technology field of SGX, through the combination of industry, university and research. In the same year, as the only cloud service provider in Asia-Pacific region, Alibaba Cloud was listed as a typical vendor in Gartner's Report on Maturity Curve of Cloud Security Technology. Alibaba Cloud gained this title for its several practices in cryptographic computing. In Gartner's Global Security Capability Assessment Report, Alibaba Cloud has reached High level in the assessment of trusted execution environment for cryptographic computing.

Alibaba Cloud's accumulation and exploration of SGX 2.0 encryption technology will further improve protection capabilities of chip-level data security of the cloud infrastructure. This will help cloud developers and users build a more reliable execution environment with higher data protection capabilities.

0 0 0
Share on

Alibaba Cloud Security

32 posts | 15 followers

You may also like


Alibaba Cloud Security

32 posts | 15 followers

Related Products