Skip to main content

Core Concepts

AWS Nitro Enclaves

AWS Nitro Enclaves provide a highly secure and isolated computing environment for sensitive data processing on Amazon EC2 instances. This documentation outlines the essential features of AWS Nitro Enclaves, focusing on their implementation of confidential computing through attestation and isolation.

What are AWS Nitro Enclaves?

AWS Nitro Enclaves are specialised virtual machines designed to operate as isolated environments within EC2 instances. These enclaves are created to enhance security for sensitive data processing by providing a restricted environment where data can be decrypted and processed without exposure to less secure parts of the host system or network.

AWS Nitro Enclaves documentation

Access the AWS Nitro Enclaves documentation for additional information and guides on how enclaves work.

You can also check the 2023 Protect sensitive data in use with AWS confidential computing presentation which covers the features and characteristics of the AWS Nitro System and AWS Nitro Enclaves.

To ensure the security of the enclaves in accordance with confidential computing principles, AWS Nitro Enclaves utilises certain features, which are described in the following sections.

Isolation

The enclaves built on the AWS Nitro System are completely isolated from the operating system and hypervisor, using separate memory and CPU allocation. Each enclave is allocated dedicated CPU cores and memory that are completely separate from those used by the parent EC2 instance. This segregation ensures that the enclave operates independently, without sharing resources that could potentially be accessed or influenced by other processes running on the host machine.

In addition, enclaves do not have direct network access. They cannot initiate or receive network connections nor can they be accessed directly over the network. All communication with the outside world must be mediated through the parent EC2 instance using secure local channels, specifically designed to prevent leakage of sensitive data.

Attestation

Nitro Enclaves use a hardware root of trust integrated with the AWS Nitro System to provide a secure attestation mechanism. This involves cryptographic proof that the enclave is running authorised code, verified against a baseline before execution. This attestation also extends to verifying the integrity of the application and its dependencies before they are allowed to execute within the enclave.

The cryptographic hashing can be described in three steps:

  1. Initially, a cryptographic hash of the enclave's software image is generated during its creation, serving as a digital fingerprint.
  2. The hash is included in an attestation document created by the AWS Nitro System when the enclave is launched.
  3. The document, which is also signed with a private key unique to the Nitro Hypervisor, verifies the enclave's identity and integrity.

Subsequently, when the enclave interacts with external systems, these systems can validate the integrity of the enclave's software by checking the hash in the attestation document against a known, trusted hash and confirming the document's signature.

Other Features

Nitro Enclaves can integrate directly with other AWS services such as:

  • Amazon S3 for secure data storage and retrieval.
  • Amazon RDS for database operations.
  • AWS IAM for managing access and permissions.

Despite connecting to other services, security compliance levels are ensured. In addition, enclaves can be dynamically resized and configured with varying amounts of CPU and memory resources, without needing to stop the instance or the enclave.

What's Next?

Refer to the Kubernetes page to discover how you can combine the strengths of both technologies for robust data protection and secure computing environments.