A winning formula for enhancing application security. Bipul Kumar explains what motivated his winning Proof of Concept in the AMD Code Jam.
With each passing day, the average person is adding to their steadily growing digital footprint. And whether they realize it or not, much of the data they generate online may be visible to just about anyone who cares to find it–unless they take steps to protect it. That's the big idea that motivated Bipul Kumar, the winner of the recent AMD Code Jam. The event was designed to inspire coding innovation for hardware-based security. Hundreds of competitors were tasked with optimizing an application to take advantage of AMD EPYC™ server security technologies such as Infinity Guard -- A set of modern security features that are integrated into AMD EPYC CPUs that provides a hardware foundation for secure encrypted virtualization, secure memory encryption, secure boot, and shadow stack capabilities.
Kumar built "SecureVault," a Python™ application that securely processes transaction data after it's received from a Point of Sales (PoS) device. It encrypts the data with an ASP (auxiliary storage pool)-derived key and then stores the encrypted data in a database and on AWS S3 cloud storage. The app leverages FastAPI and a PostgreSQL® database, as well as the AMD EPYC processor for the “data-in-process” aspects – secure encrypted virtualization and secure nested paging capabilities for VMs.
The Code Jam challenged participants to build applications for the financial services sector. Protecting the industry is vital, given the breadth of business done online. As the World Bank reported, the share of adults worldwide who have made or received a digital payment has grown quickly in recent years. Just in developing economies, that share grew from 35% in 2014 to 57% in 2021. In the US, according to the Federal Reserve, the value of core noncash payments grew to $128.51 trillion in 2021.
While Kumar's app was designed for financial services, his approach could be used for a wide variety of applications – both financial and non-financial – to ensure confidentiality and security. It was a meaningful project for Kumar, who's witnessed several varied attacks on both his server and his computer. Being able to encrypt data in-memory with Infinity Guard is a "game-changer" for the industry, Kumar recently told me. "When you bring something closer to the computations, such as an SOC, it's going to change a lot," he said. With more secure infrastructure running applications, he said, both developers and clients using their technologies should feel more at ease.
Developers like Kumar can help AMD identify possible weak spots in security models and push forward the boundaries of innovation. More than ever, the industry needs to see the creative thinking that open, competitive events like hackathons and "code jams" can inspire. With so much valuable data in the digital realm, bad actors have plenty of motivation -- along with considerable resources at their disposal -- to hack into whatever application they can. According to the Identity Theft Resource Center, more than 3,200 data compromises were reported in the US in 2023 -- an all-time high. These breaches impacted more than 353 million victims.
It takes a collective effort to combat the increasingly costly threat of data breaches. While he's been in the industry for about 10 years, the AMD Code Jam gave Kumar his first opportunity to leverage in-memory encryption. Given that AMD Infinity Guard offers a hardware foundation for secure encrypted virtualization and secure memory encryption, Kumar expects to use it in all of his applications moving forward, he said. It's a confidential computing solution that's accessible enough to benefit users from the industry, he added, as well as researchers and enthusiasts.
Congratulations Kumar!
Learn more about AMD EPYC™ CPU’s and security features at https://www.amd.com/en/processors/epyc-server-cpu-family
