Security

Immutable money, infinite containers and indie datacenters

Immutable money, infinite containers and indie datacenters

Author’s note: An earlier draft of this article was published in LinkedIn on June 28, 2021.

I have been working in the mobile industry for about 18 years now. I watched the mobile industry transform from a facilitator of personal voice communication to a facilitator of a personal lives. Eighteen years ago, the scope of mobile security was largely about protecting telecommunications companies from fraudsters. The scope exploded overnight to include protecting user privacy and brokering of trust between the ever expanding set of ecosystem participants - users, technology providers(Phone makers, chip makers, OS vendors etc.), governments, content providers etc.

Immutable money, infinite containers and indie datacenters 1 - These are three exciting security technologies that I think would transform their respective industries in the next 10 years.

Immutable money

Cryptocurrencies are still experiments in progress. And there is a lot to criticize them about. But it is too early to write them off as failed experiments. I believe some Cryptocurrencies will be a net positive for the society. Bitcoin shows a lot of promise as a … currency? asset?… okay, something. Ethereum network is already the de facto application platform for decentralized internet. Checkout Ethereum Naming Service, which is a decentralized alternative for DNS.

Infinite containers

Using address translation primitives to enforce isolation is the original sin in computer security architecture

Using address translation primitives to enforce isolation is the original sin in computer security architecture. CHERI fixes this. For various reasons, performant address translation (Eg: TLB) solutions are expensive to build. That limits the number of HW enforced sandboxes we can have. Complexity of compute has exploded in the past few decades. We need an architecture that will allow us to have 100s or 1000s of HW enforced sandboxes. That’s exactly what CHERI does. A big shout out to the CHERI team at the University of Cambridge. With its Morello architecture supplement, Arm is also showing some love.

Indie datacenters

This is like a paid version of SETI@Home, but at data center scale.

This is about confidential compute architectures such as Intel SGX, AMD SEV/SEV-SNP and Arm CCA. These are typically touted as solutions where cloud customers can deploy applications without having to trust their Cloud service providers (AWS, GCP or Azure). I doubt such zero-trust relationship between cloud providers and end customers will come to fruition.

However, CCA could allow the major cloud providers to contract out compute workloads to independent data centers(Jon Masters' blog about exchange traded cloud compute). They cannot do that today, because so much of server security relies on physical security. CCA allows them to farm out jobs without having to trust the physical security at the indie datacenters they don’t have a lot of control over. This is like a paid version of SETI@Home, but at data center scale.


  1. Homage to Balaji Srinivasan’s ‘Immutable money, infinite frontier, eternal life’ tagline ↩︎