The Linux Foundation Projects
Skip to main content

Decoding Trust in Confidential Computing: Foundations and Open Source Perspectives

By April 23, 2024No Comments3 min read

At this month’s Open Source Software Summit NA, Mike Bursell, Executive Director of the Confidential Computing Consortium, presented at the session “Decoding Trust in Confidential Computing” with Sal Kimmich, Technical Community Architect, also with the CCC. The session explored trust in computing, merging confidential computing and open-source principles. 

Mike and Sal discussed frameworks for trust in Confidential Computing  environments, including technological protocols, human factors, and trust in open source. Case studies revealed hardware-level attestation in confidential computing and the philosophical dimensions of open source. Join us for a deep dive into computing trust, where technical, communal, and policy aspects converge. 

Read more below for greater insights.

Confidential Computing Definition

Confidential computing safeguards data in use by conducting computations within hardware-based Trusted Execution Environments (TEEs). It is defined as “the protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment.”

Introduction to Trust in Confidential Computing

Trust in Confidential Computing hinges on components such as the software supply chain, key management, cloud computing, software correctness, AI provenance, identity, authorization/authentication, data privacy, hardware supply chain, and cryptographic primitives. The fundamental question arises: Whom do we trust, and for what purposes?

Workloads and Host

In the standard virtualization model, VMs and containers handle Type 1 and Type 2 workloads well, while Type 3 poses challenges that VMs and containers cannot adequately address. Trusted Execution Environments (TEEs) become crucial for Type 3 isolation, particularly for cloud-native workloads involving sensitive data and applications. Hardware-based TEEs offer Type 3 isolation as well as Types 1 and 2.

Trust in Open Source

The Open-Source Software (OSS) community endorses trust, with its roots in software primitives and derivable properties. This endorsement isn’t confined to monolithic authorities but is embodied within communities. Exposing this endorsement through commercial implementations/distributions, open-source foundations, and decentralized organizations is essential.

Pillars of Trust in Confidential Computing

Trust in Confidential Computing rests on several pillars: Tools of Trust (trust anchors) encompassing hardware, firmware, and software; Derivable properties including integrity, confidentiality, identity, and uniqueness; and Primitives such as hardware-based TEEs. Endorsers, including silicon, firmware, software, and the open-source community, play a vital role in building trust. They are not solely monolithic authorities but can represent the collective authority of a community.

The Role of the Confidential Computing Consortium

The Confidential Computing Consortium plays a pivotal role in instilling confidence among businesses, regulators, and standards bodies through the technical maturity of the open-source community. Examples of applications include Microsoft’s migration of credit card processing to Confidential Computing, the University of Freiburg’s adoption of collaborative research platforms, combating human trafficking and modern slavery, AI inference for data and model protection, remote attestation models, standardized ABIs, and database protection models.

Confidential Computing is not merely a potential open-source technology but a necessary one. Its foundation in open-source principles is indispensable for fostering trust and security in the digital landscape.

The Confidential Computing Consortium is a community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration and bringing together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards.

Learn how you and your organization can get involved .

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.