Confidential computing with CYSEC ARCA & AMD-SEV [WHITEPAPER]

Enterprises are accelerating their migration to digitalization and to adopting cloud-based services but remain reluctant to move sensitive and mission-critical data and workloads onto the cloud because of concerns that include.

Integrity and confidentiality of data, particularly while that data is in use
Ownership and management of the security and encryption keys
Cloud provider access to the data and workloads
Regulatory and other government legislation to access data

We also evaluate on-premises technology deployments where internal breaches and attacks are common threats that must be addressed, such as misuse of data and applications initiated by legitimate users or malicious code installed in the enterprise software architecture.

Combining the AMD SEV platform and CYSEC software stack offers enhanced security and data encryption, whether on-premises or in the cloud. Users receive enhanced control over how their data is accessed and used with no need to involve a third-party service provider.

CONFIDENTIAL COMPUTING: AMD EPYC HARDWARE SUPPORT

Confidential computing can help ensure data privacy and integrity by employing hardware-based encryption when enabled on both the host and the VM guest.

AMD EPYC™ processors contain an AMD Secure Processor that provides a hardware root of trust. Secure Encrypted Virtualization (SEV) uses the AMD Secure Processor to issue and manage keys that encrypt each virtual machine. This helps isolate the hypervisor and guests from each other. Enabling SEV on both the hypervisor and guest allows the guest OS to indicate which memory pages to encrypt. The hypervisor communicates with the AMD Secure Processor to manage the appropriate keys in the memory controller. AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES) builds on this by encrypting CPU register contents when a VM stops running, thereby helping prevent CPU register information from leaking to the hypervisor. SEV-ES can also detect malicious modifications to a CPU register state.

AMD SME is enabled either via BIOS or through direct integration into the Linux kernel. Enabling and activating AMD SME usage in BIOS encrypts memory access and one need not activate Linux memory encryption.

The Linux kernel implements Content Security Policy (CSP) and provides the interaction between the AMD Secure Processor (AMD-SP) and the hypervisor. The AMD-SP provides a secure key management interface that performs common hypervisor activities, such as encrypting bootstrap code, snapshots, migrating, and debugging the guest.

AMD SEV-ES expands on AMD SEV by protecting the guest register state from the hypervisor. It encrypts the VM register state on each hypervisor transition to help prevent the hypervisor from seeing the data being used by the VM.

CONFIDENTIAL COMPUTING: CYSEC ARCA ON-PREMISES

ARCA by CYSEC is a full software stack that accelerates deployment of AMD SEV-based services by running natively on a server equipped with one or more AMD EPYC CPU(s) and offering a user-friendly Linux interface and Kubernetes API for service and workload development. Combining AMD SEV with CYSEC ARCA facilitates on-premises or cloud technology deployments while helping enhance security. On-premises deployments that use AMD SEV and ARCA receive the following benefits:

Patched kernel with hardening patches and safe system defaults.
Minimal trusted images. CYSEC owns the software tree and masters versions and features. Only required software is installed on ARCA Trusted OS.
ARCA OS images are read-only and have a robust A/B update mechanism.
Trusted boot chain (secure boot) with OS image signatures.
Safe Kubernetes stack on top of ARCA Trusted OS with sandboxing and least privileges by default.
Available to use AMD-SEV features inside containers or run ARCA Trusted OS inside the confidential VM.
SEV services help secure the overall system by encrypting:
Data being processed and operated by the ARCA Trusted OS VM.
Clusters and pods being handled by Kubernetes layer

CONFIDENTIAL COMPUTING: CYSEC ARCA IN THE CLOUD

Cloud Service Providers (CSPs) began launching VM offerings based on AMD SEV technology along with the emergence of Confidential Computing efforts, such as the Confidential Computing Consortium where CYSEC is among the founders.

CYSEC ARCA uses existing Google components for initiating ARCA OS processes, such as the virtualized UEFI bootloader and virtual TPM, and boots only if components such as the bootloader, kernel, and OS bundle have not been tampered with. Once booted, the system forms a Trusted Computing Base (TCB) on which applicative workloads can be deployed using Kubernetes. ARCA manages the full stack and forms an integral part of the TCB. Integrating ARCA with AMD SEV encrypts data in use and active memory spaces. All services and workloads run in CYSEC ARCA, thereby isolating the system from Google services to further enhance security.

End users benefit from this architecture that allows them to use CYSEC ARCA to retain control of their execution environment, data set, and workloads by leveraging AMD SEV technology. They only need to trust Google Cloud during the initial sequence of launching CYSEC ARCA.

AMD AND CYSEC: DATA USAGE IN END USER CONTROL

Combining of AMD SEV technology with the CYSEC ARCA full software stack gives users enhanced control over their data via encryption services that limit both which workloads that can access what data and elements of the operating system. This helps ensure that the end user is the only owner and controller of the entire system.

The model is valid for both on-premises and cloud deployments using CSPs such as Google Cloud. Users can take advantage of Google’s scalability and availability services while using AMD SEV and CYSEC ARCA to segregate their datasets and applications from external access by the CSP.

Latest Industry News

Thuraya signs agreement with CYSEC

Thuraya Telecommunications Company (Thuraya), the mobile satellite ser...Read more >

CYSEC & TIESSE : Strategic partnership for satellite links security

CYSEC and Tiesse SpA have established a strategic industrial partnersh...Read more >

Performance benchmark made within the SYNAPSE project

The impact that the security provided by ARCA Trusted OS, CYSEC’s ha...Read more >

Qualification of the ARCA SATCOM solution

As part of studies conducted at CNES, CYSEC qualified its ARCA SATCOM ...Read more >

Securing Edge Devices: The Crucial Role of Root of Trust in a Connected World

In the rapidly evolving landscape of IoT (Internet of Things) and edge...Read more >

ARCAOS x86 compatibility with VM environments

CYSEC aims at offering the capacity to launch VMs running in Confident...Read more >

The SYNAPSE PROJECT

A snapshot of the collaborative SYNAPSE project between CYSEC and Look...Read more >

CYSEC design choices and security maintenance processes

Sovereign cloud is emerging as a preferred choice for many organizatio...Read more >

Unlocking the Potential of Remote Attestation: The Future of Trust and Security in a Connected World

The increasing prevalence of network-connected devices and the rise of...Read more >

Protect your sovereign cloud with CYSEC solutions

Sovereign cloud is emerging as a preferred choice for many organizatio...Read more >

A technical deep dive in the secure boot of ARCA Trusted OS for Raspberry Pi 4B

ARCA Trusted OS is an Operating System (OS) that can run on Raspberry ...Read more >

ESA PUSH

Within the PROGRAMME FOR USERBASE ENHANCEMENT (PUSH), ESA selected com...Read more >

Attested VM launch protocol : The result of CYSEC

CYSEC explored the attestation mechanisms offered by two different CPU...Read more >

ARCA SATLINK successfully tested in space

As part of a project for the European Space Agency - ESA our engineeri...Read more >

Linebreak and CYSEC join forces to securely unlock data in enterprise edge computing

enterprises need confidence when running their sensitive workloads in ...Read more >

ARCAOS x86 on mini-servers

CYSEC continues its edge computing strategy expansion by qualifying tw...Read more >

USE CASE MIDEYE – CYSEC

Mideye and CYSEC have decided to work together to deliver a simple and...Read more >

SixSq and CYSEC – A secure end to end edge computing solution

SixSq, an Ekinops company, and CYSEC are thrilled to announce their pa...Read more >

ARCAOS x86 compatibility on AWS

ARCA Trusted OS for x86 can now be deployed into AWS EC2 instances as ...Read more >

PostFinance and CYSEC

PostFinance, the fifth largest retail financial institution in Switzer...Read more >

Crosscon Project – Enhancing Security in Agricultural UAVs: The Power of Remote Attestation

One of the challenges faced by UAVs is their mobility and the potentia...Read more >

Leveraging ChatGPT at the edge on a Raspberry Pi protected by Arca Trusted OS

In this use-case, ARCA Trusted OS protects the data stored on the Rasp...Read more >

A Trusted Environment at the Edge to Run AI Applications

With the adoption of AI at the edge, companies will expand their busin...Read more >

CYSAT

CYSEC has been organizing CYSAT, the biggest European event entirely d...Read more >

Secure your Raspberry Pi for industrial grade usage with ARCA Trusted OS

CYSEC is pleased to announce its new born ARCA Trusted OS for ARM spec...Read more >

World’s first in-orbit cybersecurity demonstration at CYSAT

First offensive security demo on a flying satellite at CYSAT - In orde...Read more >

Trusted and Secure Stream Analytics for Industrial IoT

Crosser, creator of a market leading low-code platform for stream anal...Read more >

What are the NIST SP 800-190 countermeasures in ARCA Trusted OS?

In addition to these recommendations specific to the host OS, ARCA Tru...Read more >

CYSEC AND SIGHUP PARTNER UP

SIGHUP is partnering with Cysec to provide a secure kubernetes-based c...Read more >

Cysec and Ingram Micro new partnership

Ingram Micro Italy, a global leader in Technology and Supply Chain Ser...Read more >

Cysec and Syntheticus team up

“Cysec and Syntheticus team up to offer a solution enabling the migr...Read more >

SECURED FLEET OF DRONES

The drones industry is getting a lot of success in many verticals such...Read more >

CYSEC raises 2 million CHF with KARISTA’S Newspace Fund

CYSEC announces it has raised an additional €2m from Karista. The bu...Read more >

How Cysec helps you leverage confidential VMs in public clouds

Based on the Confidential Computing Consortium, Confidential Computing...Read more >

For automated, scalable, and secure edge computing environments

LAUSANNE, SWITZERLAND. and STOCKHOLM, SWEDEN. Cysec, a software provid...Read more >

How to migrate your sensitive data to public clouds?

There is a clear trend to migrate data from organizations and companie...Read more >

Web3 and Secure Computing: Cysec case Study

Web3 refers to the next Internet generation, one that leverages public...Read more >

CYSEC featured on cybernews!

Cysec has been mentioned, by the experts of cybernews.com, as one of t...Read more >

Kata Containers: Cysec case Study

Cysec offers to run its orchestration platform with several runtimes s...Read more >

Spacebel and CYSEC team up on a contract with the European Space Agency (ESA)

The European Space Agency (ESA) awarded a contract to Spacebel (Prime ...Read more >

“Because of geopolitical and economical pressures, company data protection is essential”

A talk with the CEO and Co-Founder of CYSECRead more >

Announcing Nicolas Chaillan and Octave Klaba as keynote speakers at CYSAT

The full event agenda is liveRead more >

New Space Economy MOOC

An online course on the challenges of commercial space missions.Read more >

Kata Containers: the ultimate workloads isolation

Introducing Kata Containers supportRead more >

Cybersecurity for Enterprise Blockchain Solutions

Blueprint paper - Crypto ValleyRead more >

Cosimo Calcagno joins Board of Directors

New member of the Board of Directors and investor.Read more >

Securely embrace the public cloud

Innovate faster, with security built in every step of the way.Read more >

Embedded KMS for IoT applications : the SEGWAY project

Filling the security gaps in cloud-edge integration.Read more >

CYSEC raises 4 million CHF in seed extension round

A funding to further its growth in digital assets and edge computing.Read more >

Protecting data: glossary of an industry

Every industry has its own vocabulary and cybersecurity is no exceptio...Read more >

Why cybersecurity is too important to get lost in space

As the race to space takes flight, ARCA is ready for launch. Read more >

2021 in review

Wrapping up yet another special year, but with great achievements.Read more >

Hack CYSAT: Europe’s first satellite hack

Calling for ethical hackers to hack a flying satellite.Read more >

Protecting health data on public cloud with HOSTEUR & CYSEC

Improving the cryptographic key exchange protocol to ensure end-to-end...Read more >

What is confidential computing?

The new kid on the security blockRead more >

CYSEC wins European Space Agency contract to protect governmental data

Improving the cryptographic key exchange protocol to ensure end-to-end...Read more >

Confidential computing with CYSEC ARCA & AMD-SEV [WHITEPAPER]

Whitepaper on how CYSEC ARCA leverage AMD-SEV Read more >

Differential power analysis on SIKE – part 2

Power analysis attack on SIKE in a semi-static setting Read more >

Differential power analysis on SIKE – part 1

An introduction to isogeny-based cryptography Read more >

CYSEC partners with D-Orbit

Fly end-to-end cybersecurity for commercial space missionsRead more >

CYSEC partners with armasuisse Cyber Defence Campus

Protecting the data broadcasted by satellite internet providers Read more >

Triton Malware Attack

Attack targeting Industrial Control System (ICS) Read more >

CYSEC introduces CYSEC LAB

A security evaluation lab Read more >

CYSEC SA introduces CYSEC ARCA Trusted OS

Secure Sensitive Data and Open the Door to CollaborationRead more >

Eureka program support granted for DiCoQuaNet project

A Distributed Computing over a Quantum-Secure NetworkRead more >

Happy Three-Year Anniversary to CYSEC!

Celebrating three amazing years Read more >

CYSEC joins the GAIA-X Space initiative

The next generation of Europe’s data infrastructureRead more >

Researchers and satellite start-ups meet

Discussing celestial cybersecurityRead more >

Il est trop facile de pirater un satellite et ça menace Internet

Cybersecurity in space and its importanceRead more >

La cybersécurité aussi dans lʹespace

Patrick Trinkler talking about the importance of cybersecurityRead more >

CYSAT’21 – kicking-off March 17TH

Cybersecurity for commercial spaceRead more >

Security for Commercial Space: CYSAT’21 Pioneers Cyber Security Solutions

CYSAT’21 Pioneers Cyber Security SolutionsRead more >

CYSEC – As Seen in BILANZ

CYSEC's journey to a secure operating systemRead more >

CYSEC listed in the CV VC Top 50 report

Listed for the second time in a rowRead more >

Cybersecurity for smallsats

Five security concepts for smallsat operators to followRead more >

The European Champions Alliance partners up with CYSEC & AP-Swiss

CYSAT'21: event dedicated to cyber risks in SpaceRead more >

Patrick Nicolet Joins Board of Directors

Former Capgemini CTO, a new strategic entry Read more >

CYSEC wins Swiss Space Office contract

For a secure in-orbit satellite reconfigurationRead more >

CYSEC and AP-Swiss organize CYSAT’21

The first European event on cybersecurity in spaceRead more >

Run Your Applications On Secure Enclaves

CYSEC partners with Kyos and joins a recognised networkRead more >

Let’s not make Newspace a paradise for hackers

Cyber threats in space and their consequencesRead more >

CYSEC selected for Tech4Trust acceleration program

Most innovative startups of the Lake Geneva regionRead more >

Pryv and CYSEC launch an integrated solution

The personal data & consent management secured middlewareRead more >

CYSEC at Forum EPFL

Startup day at SwissTech Convention CenterRead more >

CYSEC listed in the CV VC Top 50 report

Top 50 organizations in the Blockchain Technology sectorRead more >

SwissPKI Now Available On CYSEC ARCA

LibC Technologies and CYSEC launch a secured SwissPKI Read more >

CYSEC voted Best Security Startup

Ranking #62 in TOP100 Swiss Startup Award 2020Read more >

CYSEC partners up with Leaf Space

Offering end-to-end protection for satellitesRead more >

Confidential Edge Computing For IoT Security

Discover confidential edge computingRead more >

CYSEC SA raises 500’000 Swiss francs from FIT

CYSEC rewarded for its cybersecurity innovative solutionRead more >

CYSEC SA welcomes Howard Yu to its Advisory Board

Director of IMD’s Advanced Management Program Read more >

The Things Industries partners with CYSEC

For a secure on-premises LoRaWAN network deploymentRead more >

CYSEC wins European Space Agency contract

Protect ship tracking communications from cyber threatsRead more >

Next generation security platform

Safeguard critical applications and sensitive digital assetsRead more >

CYSEC joins the LoRa Alliance

Foster cybersecurity adoption in IoTRead more >

CYSEC SA welcomes Pascal Junod to its Advisory Board

Expert in applied cryptography and software protectionRead more >

Cloud Constellation Corporation partners with CYSEC

To deliver enterprise-ready Global Private Cloud ServicesRead more >

CYSEC partners with Build38

Facilitate secure deployment of Mobile App and Fraud ProtectionRead more >

CYSEC secures the smart heaters of Lancey Energy Storage

Protecting IoT ecosystems with CYSEC ARCARead more >

CYSEC to secure Astrocast global IoT network

End-to-end security of IoT Communication of 80 nanosatellitesRead more >

CYSEC wins CSO 2019 AWARD

Innovation in cybersecurity of the yearRead more >

Global Challenge Winner 2019

Winner of the ITU Innovations challengesRead more >

Insight SiP and CYSEC SA awarded Eurostars grant

Secure communications solution for medical IoT devicesRead more >

Singapore festival

Swiss fintechs to showcase innovative solutionsRead more >

CYSEC at Deftech, November 2019

Discussing the Swiss ecosystem for defense innovationRead more >

Come and meet us in October at Forum EPFL

Start Up DayRead more >

CYSEC selected by IMD in startup competition

IMD offers support to promising Swiss startups Read more >

New Solution For Secure Digital Asset Management

Swiss-made crypto asset management ecosystemRead more >

CYSEC selected to take part in ESA’s Business Incubation Programme

Program dedicated to startups innovating in spaceRead more >

REGDATA SA & CYSEC SA announce strategic alliance

Setting secure foundation and use of applicationsRead more >

Sysmosoft SA & CYSEC SA announce strategic alliance

Setting secure foundations of cryptographic technologiesRead more >

GEOSATIS and CYSEC announce technological partnership

For secure deployment and operation of IoT solution Read more >

CYSEC raises 1.5 million Swiss francs

To accelerate the deployment of innovative data security solutionsRead more >

CYSEC receives a FIT seed loan of CHF 100’000

To finalise product development and perform market validationRead more >

Swiss Fintech startups in NY

CYSEC selected to showcase ARCA in Venture Leaders roadshowRead more >