jshelby

Adopting on-demand computing for sensitive and private workloads is critical in today’s interconnected and data-driven world. We need simple, fast, and reliable security mechanisms to protect data, code, and runtimes to achieve this. The Confidential Computing Consortium’s new Messaging Guide is a comprehensive resource that explores how Confidential Computing (CC) addresses these challenges and supports organizations in securing their workloads.

Confidential Computing capabilities protect against unauthorized access and data leaks, enabling organizations to collaborate securely and comply with regulatory requirements. By encrypting data at rest, in transit, and during processing, CC technology allows sensitive workloads to move to the clud without requiring full trust in cloud providers, including administrators and hypervisors.

This white paper outlines the motivations, use cases, and solutions made possible by Confidential Computing, empowering organizations to:

Who Should Read This Guide?

This document is tailored to meet the needs of a diverse audience, including:

• Organization leaders to explore use cases and services that can be enabled by Confidential Computing.
• Organization leaders considering whether to use Confidential Computing for securing a new or existing
• product(s), projects, services, and capabilities
• Regulators, standards bodies and ecosystem members in Data Privacy and related fields.
• General public/Mainstream Media/Publication to raise general awareness of Confidential Computing and its benefits

Why This Matters

As the demand for secure data processing grows, Confidential Computing provides a critical solution to meet the challenges of modern cloud environments. Whether enabling secure AI applications, fostering inter-organizational data collaboration, or addressing compliance needs, CC empowers organizations to innovate without compromising security.

We invite you to explore the Messaging Guide and discover how Confidential Computing can transform your approach to secure computing. Together, we can build a future where privacy and security are foundational to all digital workloads.

Read the full report here.

The Confidential Computing Consortium proudly announces the first community release of ManaTEE, an open-source framework for private data analytics. Originally developed by TikTok as a privacy solution for secure data collaboration, ManaTEE is now open-sourced and part of the Linux Foundation’s Confidential Computing Consortium.

Highlights of the Community Release:

• Easy Deployment: Test ManaTEE locally with minikube, no cloud account needed.
• Comprehensive Demo Tutorial: Step-by-step guidance to get started.
• Extensible Framework: Refactored code with Bazel builds and a CI/CD pipeline, ready for contributions.

What’s Next?

ManaTEE is evolving with plans to:

• Expand backend support to multi-cloud and on-prem solutions.
• Integrate privacy-compliant data pipelines.
• Enhance output privacy protections.
• Support confidential GPUs for AI workloads.

A Technical Steering Committee will soon guide the project’s future.

Learn More

Explore the potential of ManaTEE and join the community effort. Read the full announcement: First Community Release of ManaTEE.

January 6, 2025

Author: Sal Kimmich

The rapid adoption of AI and data-driven technologies has revolutionized industries, but it has also exposed a critical tension: the need to balance robust security with explainability. Traditionally, these two priorities have been at odds. High-security systems often operate in opaque “black box” environments, while efforts to make AI systems transparent can expose vulnerabilities. 

Verified Computing bridges this gap that reconciles these conflicting needs. It enables organizations to achieve unparalleled data security while maintaining the transparency and accountability required for compliance and trust.

The Core Technologies That Make It Possible

1. Trusted Execution Environments (TEEs)

TEEs are hardware-based secure enclaves that isolate sensitive computations from the rest of the system. They protect data and processes even if the operating system or hypervisor is compromised. Examples include Intel® SGX, Intel® TDX and AMD SEV.

• How They Work: TEEs operate as secure zones within a processor, where data and code are encrypted and inaccessible to external actors. For example, during a financial transaction, a TEE ensures that sensitive computations like risk assessments are performed without exposure to the broader system.
• Why They Matter: They protect data “in use,” closing a crucial gap in the data lifecycle that encryption alone cannot address.

2. Remote Attestation

Remote attestation provides cryptographic proof that a TEE is genuine and operating as expected. This ensures trust in the environment, particularly in cloud or collaborative settings.

• How It Works: A TEE generates an attestation report, including a cryptographic signature tied to the hardware. This report confirms the integrity of the software and hardware running within the enclave (source).
• Why It Matters: Remote attestation reassures stakeholders that computations occur in a secure and uncompromised environment, a critical requirement in multi-tenant cloud infrastructures.

3. Confidential Virtual Machines (VMs)

Confidential VMs extend TEE principles to virtualized environments, making secure computing scalable for complex workloads. Technologies like Intel® TDX allow organizations to isolate entire virtual machines.

• How They Work: Confidential VMs use memory encryption to ensure that data remains secure during processing. Encryption keys are hardware-managed, inaccessible to the hypervisor or OS (source).
• Why They Matter: They enable secure data processing in public clouds, even in shared infrastructures.

4. Verified Compute Frameworks

Verified Compute frameworks build on TEEs by introducing mechanisms for generating immutable logs and cryptographic proofs of computations. An example is EQTY Lab’s Verifiable Compute.

• How They Work: These frameworks capture the details of computations (inputs, outputs, and environment integrity) in tamper-proof logs. These logs are cryptographically verifiable, ensuring transparency without compromising confidentiality.
• Why They Matter: They allow organizations to meet regulatory requirements and provide explainable AI outputs while safeguarding proprietary algorithms and sensitive data.

5. Homomorphic Encryption and Secure Multi-Party Computation (SMPC)

In cases where external collaboration or ultra-sensitive data handling is needed, additional cryptographic techniques enhance confidentiality.

• Homomorphic Encryption: Enables computations on encrypted data without decryption.
• SMPC: Distributes computations across multiple parties, ensuring that no single party has access to the complete dataset.
• Why They Matter: These techniques complement TEEs by enabling secure collaboration across untrusted parties.

How Verified Computing Bridges Security and Explainability

Achieving Transparency Without Sacrificing Security

Traditionally, efforts to make AI systems explainable required exposing internal processes or sharing sensitive data—practices that risked data breaches or model theft. Verified confidential computing changes the game by:

• Allowing computations to occur in TEEs or confidential VMs, ensuring data is secure at all times.
• Using verified compute frameworks to provide cryptographic evidence of computation integrity, allowing external parties to trust results without accessing sensitive details.

For example, a healthcare provider running an AI diagnostic tool can securely process patient data in a TEE. The AI’s decisions can be explained to regulators or patients using cryptographic proofs, without exposing proprietary algorithms or patient information.

Supporting Regulatory Compliance

Regulations like the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) demand both robust security and transparent handling of sensitive data. Verified confidential computing offers a solution by generating immutable logs and proofs that demonstrate compliance. This reduces audit complexity and ensures adherence to privacy laws.

Building Trust in AI Systems

As AI plays a growing role in critical sectors, trust is paramount. Verified computing ensures that stakeholders can verify:

1. The Security of the Data: Through TEEs and confidential VMs.
2. The Integrity of Computations: Via cryptographic attestation and verifiable compute frameworks.
3. The Explainability of Results: Through transparent logging and auditable records.

For instance, financial institutions can use verified computing to process loan applications, providing regulators with evidence of fairness and transparency without compromising customer data security.

Verified Compute

Verified Computing is more than a technological advancement—it is a paradigm shift. By integrating technologies like TEEs, remote attestation, confidential VMs, and verifiable compute frameworks, it resolves the long-standing tension between security and explainability. Organizations can now protect sensitive data, ensure compliance, and provide transparent, trustworthy AI systems.

As industries adopt this approach, verified computing will become the gold standard for secure and accountable digital transformation. Bridging these historically conflicting priorities paves the way for a future where trust in AI is not just an aspiration, but a guarantee. For more insights and resources, visit the Confidential Computing Consortium.

Author:  Sal Kimmich

The Digital Operational Resilience Act (DORA), a landmark regulation from the European Union, is reshaping the landscape of information and communication technology (ICT) security for financial entities. Designed to strengthen operational resilience, DORA mandates comprehensive measures to protect ICT systems against disruptions and cyber threats, ensuring the continuity of critical financial services.

What Is DORA?

DORA establishes a unified framework for ICT risk management, oversight, and reporting for financial entities operating in the EU. The act applies to banks, insurance companies, investment firms, and other financial organizations, aiming to safeguard the stability of financial systems amid increasing cyber threats.

DORA will come into effect on January 17, 2025, requiring financial entities to meet stringent ICT security and operational resilience standards. The regulation introduces detailed requirements for ICT risk management, third-party ICT service provider oversight, and robust incident reporting mechanisms.

Why Chapter II, Section II, Article 8, Paragraph 2 Matters

One of the most critical aspects of DORA is outlined in Chapter II, Section II, Article 8, Paragraph 2, which states:

Financial entities shall design, procure and implement ICT security strategies, policies, procedures, protocols and tools that aim at, in particular, ensuring the resilience, continuity and availability of ICT systems, and maintaining high standards of security, confidentiality and integrity of data, whether at rest, in use or in transit.

This provision emphasizes a holistic approach to ICT security—ensuring that data remains secure across its entire lifecycle: while being stored, processed, or transmitted. It aligns operational resilience with data confidentiality and integrity, which are foundational for maintaining trust and mitigating systemic risks.

However, the requirement to protect data in use poses a unique challenge. Traditional security measures like encryption effectively safeguard data at rest (storage) and in transit (network transmission), but they falter when data is actively being processed. This is where Confidential Computing steps in as a game-changing solution.

Confidential Computing: The Clear Candidate

Confidential computing enables the protection of data in use by leveraging hardware-based secure enclaves. These enclaves create an isolated environment where sensitive computations can occur, shielding them from unauthorized access—even from the host operating system or cloud provider. By ensuring the confidentiality and integrity of data in use, confidential computing directly addresses one of the most pressing gaps in traditional ICT security strategies.

Key features of confidential computing that align with DORA’s requirements include:

1. Enhanced Data Security: Protects sensitive computations from being exposed, even in shared cloud environments.
2. Resilience and Integrity: Ensures that data remains secure and untampered during active processing.
3. Regulatory Compliance: Provides a robust mechanism to meet DORA’s requirements for high security standards across the data lifecycle.

A Call to Action for Financial Entities

As the 2025 deadline approaches, financial entities must act to design and implement ICT security strategies that align with DORA’s requirements. Confidential computing, with its ability to secure data in use, is a pivotal technology for achieving compliance with Article 8, Paragraph 2.

By integrating confidential computing into their ICT security frameworks, financial institutions can not only meet regulatory mandates but also enhance their overall resilience against evolving cyber threats. Early adoption will provide a competitive edge, enabling organizations to build trust with customers, regulators, and partners in an increasingly digital and interconnected financial ecosystem.

Conclusion

DORA’s focus on ensuring ICT systems’ resilience, continuity, and security presents both a challenge and an opportunity for financial entities. By embracing confidential computing, organizations can address the critical requirements of Chapter II, Section II, Article 8, Paragraph 2, securing their data at every stage of its lifecycle. As the clock ticks toward 2025, the time to act is now.

Resources to Learn More 

DORA Regulation: Article 8

IBM: Navigating the digital wave: Understanding DORA and the role of confidential computing

Edgeless Systems: How to encrypt data in use for DORA compliance

Anjuna: Financial Services Confidential Computing Key Use Cases

Redhat: Confidential Containers for Financial Services on Public Cloud

At ACSAC 2024 (Annual Computer Security Applications Conference), the esteemed Cybersecurity Artifact Award was presented to the “Rapid Deployment of Confidential Cloud Applications with Gramine” project for its innovative approach to enhancing cloud security. The project stood out for enabling the secure deployment of confidential applications in cloud environments while ensuring the protection of sensitive data.

Introducing Gramine: A Breakthrough in Confidential Cloud Computing

The winning artifact showcases Gramine, a lightweight framework designed to facilitate the rapid deployment of confidential cloud applications. By leveraging Trusted Execution Environments (TEEs), specifically Intel SGX, Gramine provides hardware-enforced isolation of data during computation. This ensures that both data and computations remain protected from adversarial threats in the cloud.

Gramine (formerly known as Graphene) is an open-source library that allows developers to build and run applications in secure enclaves, such as Intel’s SGX, without needing to modify the application’s source code. It bridges the gap between traditional cloud computing and confidential computing, making it easier for organizations to protect sensitive workloads in multi-tenant cloud environments while maintaining the flexibility and performance of cloud-native applications.

Key Features of the Winning Artifact

• Confidential Computing: Gramine ensures that sensitive data is encrypted and protected even while in use, guarding it from external threats and insider attacks.
• Easy Deployment: The project simplifies the complex process of setting up and configuring secure enclaves for cloud applications, making confidential computing more accessible.
• Scalability and Flexibility: With support for deploying multiple applications in parallel, Gramine helps large organizations secure diverse cloud workloads efficiently.
• Compatibility with Existing Applications: A major advantage of Gramine is its ability to run unmodified applications in secure enclaves, enabling seamless integration of confidential computing into existing infrastructures.

Why It Won the ACSAC Cybersecurity Artifact Award

The “Rapid Deployment of Confidential Cloud Applications with Gramine” project won first place for its innovative solution to one of the most critical challenges in cloud security: ensuring the confidentiality and integrity of sensitive data in potentially untrusted cloud environments.

As more organizations move to the cloud, the need for tools that protect confidentiality and privacy becomes increasingly urgent. Gramine provides a practical solution by enabling confidential workloads to be deployed at scale while remaining flexible enough to integrate with existing cloud-native applications. This lowers the barriers to secure cloud deployment, making confidential computing accessible to a broader range of organizations.

The Impact on Cloud Security

The success of this project highlights the growing importance of confidential computing in the battle against cloud-based cyber threats. As cloud adoption continues to rise, tools like Gramine pave the way for organizations to secure their cloud applications, safeguard sensitive data, and meet privacy regulations.

The ACSAC Cybersecurity Artifact Award positions this project as a catalyst for further innovation in cloud security and confidential computing. It offers both a technical solution and a blueprint for securely deploying sensitive workloads in a rapidly evolving cloud landscape.

For more information on the winning artifact, visit the ACSAC 2024 program page:

• ACSAC 2024 Artifacts Competition
• ACSAC 2024 Program

Mike Bursell (Executive Director, Confidential Computing Consortium):

Open Source as the Foundation of Trust:

Mike emphasizes that “Magic pixie dust to all of these is open source because you need to know that the software which is guaranteed seeing all of this stuff has been correctly written and there are no people trying to exfiltrate your data or do evil stuff with these keys as you go along…….. without that you just don’t get the scale taking off, that’s really important.“

Simplifying Complex Technologies:

Mike also highlights the importance of abstracting complex technologies like TEEs to make them accessible to users without deep technical expertise. “That’s exactly what companies like Super Protocol are doing and the sort of thing that we are encouraging in the Confidential Computing Consortium as well. So, reducing the friction, bringing it to users who don’t need to know the really low-level detail- it does get very, very techy very, very quickly…“

Nukri Basharuli (Founder and CEO, Super Protocol):

Effective Collaboration Among Companies:

Nukri Basharuli points out “the last McKinsey report says 90% of large and medium companies want to collaborate based on their data. But at the same time, there are two opposite vectors: on one side, you need to collaborate on data with your partners, even with your direct competitors – to observe the market, to find insights, and to grow. But at the same time, you need to prevent these leakages and risks of cannibalization of each other. That’s why verifiable and confidential computing gives us opportunities to make this collaboration effective and provable.”

Accessibility of TEEs:

Nuri discusses Super Protocol’s development of a “ready-made AI & Data Marketplace within a confidential cloud based on TEE. “In just a few clicks, you will be able to launch your model, upload your model from our Marketplace or from Hugging Face, in a fully private decentralized environment. Just a few clicks – deploy a smart contract and… this is why we are building Super: to make this road as easy as possible for millions of projects developing billions of personal AI agents based on personal data for businesses, private needs, and so on…….And you can make this connection verifiable for all participants – that’s why this is a big difference and next is that everything behind smart contracts in Super is governed only by smart contracts – all services, all computation services, 100% of services are governed only by smart contracts. This is another difference from a centralized cloud which is governed by an administrator or owner of the service.”

David Attermann (Head of Web3 Investments, M31 Capital):

Growth of the Confidential Computing Market:

David Attermann predicts: “The confidential computing market is expected to grow 50% annually for the next 10 years. The demand for it is real, and it’s becoming a major industry now. Within Web3, TEEs have gained momentum as the most practical way to verify compute. For the next five years, TEEs will likely serve as the foundation for all verifiable compute in Web3.

Unique Capabilities of Super Protocol: 

David also notes that “even without an interest in cryptocurrencies, one can appreciate the unique functionalities offered by Super Protocol.“

Listen to to the full podcast: https://www.youtube.com/watch?v=gFql1SUNM-o

For a deeper dive into Super Protocol’s architecture check out NVIDIA’s article

 https://developer.nvidia.com/blog/exploring-the-case-of-super-protocol-with-self-sovereign-ai-and-nvidia-confidential-computing/