Trusted Execution Environment

Data breaches within the financial services sector can lead to immediate revenue loss and significantly affect business operations, user trust, and corporate reputation. Ensuring data confidentiality and integrity in computing environments presents a considerable challenge for enterprises, particularly in public cloud settings.

Trusted Execution Environments (TEEs) have been proposed to address this need. By creating an isolated space at the chip level, TEEs establish a secure execution environment that runs parallel to the local operating system, safeguarding the confidentiality and integrity of code and data within. TEEs also protect sensitive code and data from privileged attacks that may exploit vulnerabilities in the local operating system. One example is wallet scenarios, where private keys can be used and managed in an isolated, secure environment, preventing users and applications from accessing or obtaining these keys.

Notable trusted execution environment technologies in the industry include Intel SGX, ARM TrustZone, and the AWS Nitro Enclave, which we utilize.

The benefits of TEEs are:

• Isolated and secure operating environment: Leveraging Nitro Hypervisor, a fully isolated CPU and memory computing environment can be achieved, without persistent storage or interactive access to the host and external network.

• Cryptographic Attestation: Attestation documents enable users to authorize access to the Enclave in the Parent OS and verify the integrity of the business code within the Enclave to prevent malicious tampering.

• Flexibility: No need to bind to specific CPU manufacturers; TEEs support Intel, AMD chips, and any programming language.

• Cost savings: Nitro Enclave operates in EC2 without incurring additional expenses.

• Cloud-native security integration: Seamless integration with cloud-native KMS and ACM security services enhances user experience and security.