U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NISTIR 8320D (Draft)

Hardware-Enabled Security: Hardware-Based Confidential Computing

Date Published: February 23, 2023
Comments Due: April 10, 2023
Email Comments to: hwsec@nist.gov

Author(s)

Michael Bartock (NIST), Murugiah Souppaya (NIST), Jerry Wheeler (Intel), Timothy Knoll (Intel), Muthukkumaran Ramalingam (AMI), Stefano Righi (AMI)

Announcement

NISTIR 8320D is the latest in a series of reports on hardware-enabled security techniques and technologies.

Organizations employ a growing volume of machine identities, often numbering in the thousands or millions per organization. Machine identities, such as secret cryptographic keys, can be used to identify which policies need to be enforced for each machine. Centralized management of machine identities helps streamline policy implementation across devices, workloads, and environments. However, the lack of protection for sensitive data in use (e.g., machine identities in memory) puts it at risk.

This report presents an effective approach for overcoming security challenges associated with creating, managing, and protecting machine identities throughout their lifecycle. It describes a proof-of-concept implementation, a prototype, that addresses those challenges by using hardware-based confidential computing. The report is intended to be a blueprint or template that the general security community can use to validate and utilize the described implementation.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.

Abstract

Keywords

confidential computing; cryptographic key; hardware-enabled security; hardware security module (HSM); machine identity; machine identity management; trusted execution environment (TEE)
Control Families

Identification and Authentication; System and Communications Protection

Documentation

Publication:
NISTIR 8320D (Draft) (DOI)
Local Download

Supplemental Material:
Project homepage (web)

Other Parts of this Publication:
NISTIR 8320
NISTIR 8320A
NISTIR 8320B
NISTIR 8320C (Draft)

Document History:
02/23/23: NISTIR 8320D (Draft)

Topics

Security and Privacy
identity & access management; key management; roots of trust; zero trust

Technologies
hardware