Continuum AI is now public. Try out the most secure GenAI service!

ENlDE
Bosch

Case study: Bosch

MarbleRun enables Bosch’s confidential AI pipeline in the public cloud

Bosch logo

Bosch is a global technology and engineering company, with a concentration on automotive and industrial applications, consumer products, as well as energy and construction solutions. They employ over 420,00 employees and have over €80 billion in annual revenue. A significant aspect of their divisions involves pioneering automated driving systems via the Bosch mobility sector.


To improve their advanced driving assistance systems (ADAS), Bosch managed a project to collect street data. They filmed streets with a front-facing car camera, labelled the video, and used it to train their neural network.

Challenge

  • Ensuring the confidentiality, integrity, and authenticity of the pipeline is crucial for all stakeholders involved. Third parties, such as regulators, may also need to verify the pipeline as a whole.
  • The verification process should cover the entire deployment rather than individual services and should be applicable at any given time, including scaling events.

Secure service-to-service communication

  • The distributed nature of the pipeline necessitates secure inter-service communication through encryption and authentication.
  • Implementing these measures at the application layer would blur the separation of concerns and require modifications throughout the application.
  • To address this challenge, a service mesh architecture can be employed.
  • The confidentiality of the pipeline requires that the encryption and authentication provided by the service mesh can be verified during remote attestation.

Day-2 operations

  • The pipeline should not be treated as a "fire and forget" system but rather as a cloud-native application that requires ongoing maintenance. This includes activities such as updates, access management, configuration parameter changes, secrets management, and migration.
  • All of these operations need to be properly authenticated and verifiable. Additionally, the verification process of the system should determine which operations can be performed and by whom.

Self driving car camera view stock image 1

Solution

  • MarbleRun simplifies the verification process by shifting it from individual trusted execution environments (TEEs) to entire pipeline deployments.

  • It achieves this through a deployment manifest that outlines the identity of each service, its metadata, the desired connections between them, and role-based access controls.

  • Secure service-to-service communication

  • MarbleRun leverages the deployment manifest to authenticate individual pipeline services through remote attestation.

  • It configures these services with their deployment metadata and issues each individual identity certificate based on MarbleRun’s certificate authority.

  • These certificates are then used to establish encrypted and authenticated connections between the services.

  • By providing that secure service-to-service communication (service mesh layer), MarbleRun enables independent scaling of pipeline steps without the need for explicit authentication and encryption of service-to-service communication on the application layer.

  • Day-2 operations

  • The role-based access control defined in the MarbleRun manifest allows for granular specification of authorized entities and their operations on the pipeline deployment.

  • For example, a DevOps engineer may be granted permission to change the API for database access, while a release engineer may have the authority to update service versions but only after confirmation from two additional engineers.

  • MarbleRun ensures the continuous operation and maintainability of a production system by enforcing these access control policies without compromising the security benefits offered by confidential computing.

  • With all the services running inside SGX enclaves the PII data is encrypted during processing at all times.

  • MarbleRun ensures that the data is also encrypted during transit between the cars, the de-identification, and the training services. When data is stored in a database between the de-identification and the training, MarbleRun provides encryption keys that are only present inside the SGX context.

  • At no time, therefore, would anybody have access to the PII data other than the processing services inside SGX. Day-2 operations, separate from the PII data, can be performed securely by the DevOps team, with the manifest precisely controlling the access, and providing a record of this, as needed, after the fact.
How does marblerun work

Result

As a result of the effective encryption in key parts of the video and image processing mechanism, Bosch has a highly scalable AI pipeline and the ability to handle data on Azure.

Everything is done respecting European regulations and privacy, with no loss to analysis capabilities, and at a reasonable cost, thanks to the flexibility of a public cloud.

With confidential computing software, Bosch's collected data is never a liability and always an asset.

tech stack in the ai pipeline

Trusted execution environments play a crucial role in implementing future-proof data strategies. In our collaboration with Edgeless Systems, their versatile tools turned out to be the missing link between confidential computing and scalable infrastructure.

Sven Trieflinger, Senior Project Manager at Bosch

Watch our presentation at OC3 on how we built the confidential AI pipeline for Bosch

Download the full case study

The form failed to load. Please send an email to contact@edgeless.systems. Loading likely fails because you are using privacy settings or ad blocks.