A community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration.

CCC is a project community at the Linux Foundation dedicated to defining and accelerating the adoption of confidential computing. It will embody open governance and open collaboration that has aided the success of similarly ambitious efforts. The effort includes commitments from numerous member organizations and contributions from several open source projects.

Confidential computing focuses on securing data in use. Current approaches to securing data often address data at rest (storage) and in transit (network) but encrypting data in use is possibly the most challenging step to providing a fully encrypted lifecycle for sensitive data. Confidential computing will enable encrypted data to be processed in memory without exposing it to the rest of the system and reduce exposure for sensitive data and provide greater control and transparency for users.

Join the Project as a Member

A common, cross-industry way of describing the security benefits, risks, and features of confidential computing will help users make better choices for how to protect their workloads in the cloud. Of the three data states, “in use” has been less addressed because it is arguably the most complicated and difficult. This is a major change to how computation is done at the hardware level and how we structure programs, operating systems and virtual machines. This cross-industry collaboration will accelerate this transformation in security in the enterprise. To get involved, please email us info@confidentialcomputing.io.

FAQ

What is the Confidential Computing Consortium?

CCC will be home to an open source community dedicated to defining and accelerating the adoption of confidential computing. It will be hosted at The Linux Foundation and embody open governance and collaboration. The effort includes commitments from Alibaba Cloud, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.

What is confidential computing?

Confidential computing focuses on securing data in use. Current approaches in cloud computing address data at rest and in transit but encrypting data in use is considered the third and possibly most challenge step to providing a fully encrypted lifecycle for sensitive data. Confidential computing will enable encrypted data to be processed in memory without exposing it to the rest of the system. Confidential computing will reduce exposure for sensitive data and provide greater control and transparency for users.

Why is this an important focus right now?

Across industries computing is moving to span multiple environments, from on premises to public cloud to edge. As companies move to these environments, they need protection controls for sensitive IP and workload data and are increasingly seeking greater assurances and more transparency of these controls. Current approaches address data at rest and in transit; confidential computing will address data in use.

Why does this require a cross-industry effort?

A common, cross-industry way of describing the security benefits, risks, and features of confidential computing will help users make better choices for how to protect their workloads in the cloud. Of the three data states, “in use” has been less addressed because it is arguably the most complicated and difficult. This is a major change to how computation is done at the hardware level and how we structure programs, operating systems, and virtual machines. Currently confidential computing solutions are manifesting in different ways in hardware, with different CPU features and capabilities, even from the same vendor.

How will it work with similar efforts?

There is a breadth of organizations in the industry focused on problems in security from a number of perspectives (standards and protocols, education, marketing, certification, etc.).  The Confidential Computing Consortium will focus specifically on open source licensed implementation work with respect to data-in-use scenarios. The organization will act as a home for such open source projects to support their growth and success, as well as a place to document and share best practices and discuss new challenges. The industry can rally behind CCC for implementation and other related orgs for standards and certification.

How will the Consortium advance security in the enterprise?

It will establish open source software and standards and provide tools for developers working on securing data in use.

How will the Consortium be governed?

An open governance model consistent with open source best practices established at The Linux Foundation will be created upon formation.

How do developers get involved?

Developers are encouraged to participate in any open source project under the auspices of the Confidential Computing Consortium. The initial project at launch is the Open Enclave SDK found on GitHub.

What is the Open Enclave SDK project?

An SDK for building and signing hardware-protected trusted applications.

What is an enclave?

A hardware-protected environment for executing trusted applications (i.e, a trusted execution environment or TEE).

Which secure hardware architectures are supported already by the Open Enclave SDK project? Which OS platforms are supported?

Intel SGX and ARM TrustZone are supported. Linux (X86-64 and AARCH-64) and Windows (X86-64).

How is the Open Enclave SDK project licensed?

The Open Enclave SDK is licensed under the MIT License.

How will the Open Enclave SDK project advance confidential computing?

The Open Enclave SDK makes it easy for developers to add secure enclave technology to their applications. Specific examples include:

  • Building secure multi-party dataset machine learning models.
  • Allowing confidential query processing in database engines within secure enclaves.
  • Protecting sensitive data in IoT edge devices such as patient information, billing/warranty activity, and ML model execution.

Can this technology/confidential computing be used for nefarious purposes? How with the CCC protect against this?

There are research experiments that have been probing Intel-based enclave technologies. But there are also best practices for securing enclaves, and the Confidential Computing Consortium will be a place to educate developers on new threat models and best practices to protect against them.

Are there other organizations addressing confidential computing? If so, why should the industry rally behind CCC?

Join the Project as a Member

No other organization is supporting application developers with open source implementation work securing data-in-use.