Welcome to the October/November 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.
Linux Foundation Member Summit
The Linux Member Summit is for leadership of the Linux Foundation, LF projects and major open source initiatives. This year it was held in Monterey, California, and Mike Bursell (Executive Director) and Stephen Walli (out-going Chair of the Governing Board) attended and delivered a session entitled 50+ companies, 500+ opinions: Aligning Activities with Member Priorities, discussing the history of the CCC, the challenges and opportunities presented by its diverse membership and the approaches being taken to mitigate and capitalise on them. The model of minimum-viable governance received a number of questions from the audience and engagement after the session.
A small number of governing board members also met in person for a GB meeting (with others attending virtually), and there were also discussions with existing members, potential members and other projects (Linux Foundation and others) with a possible overlap with Confidential Computing (such as the Linux Foundation’s Digital Trust project).
Privacy-Enhancing Technologies Summit
In November, the CCC was associate sponsor for the PET Summit Singapore, curating the first morning of a two day conference (agenda). Mike Bursell (Executive Director) moderated the initial session of the conference, introducing Privacy-Enhancing Technologies in general and talking to experts from a variety of backgrounds. Richard Searle of Fortanix then moderated another session, looking particularly at Confidential Computing and the impact it is having on industry today, followed by presentations by Vikas Ujjwal Kumar (Lead Architect Microsoft Technology Centre APAC, Singapore) and Ayush Batra (Regional CTO, Intel). Mike closed out the morning with a presentation about Confidential Computing and the work of the CCC.
The rest of the conference looked at various PETs, situating them strongly within a business context, and with strong representation from local agencies and organisations. Notable was the focus on the importance of focussing on the problem that PETs solve, rather than looking for solutions that a particular technology might address. The IMDA (Singapore’s technology hub and regulator) was the other major sponsor and runs “sandbox” projects to identify and solve issues with the use of PETs: they are very interested in projects from members of the CCC.
This conference was an opportunity for the CCC to execute on its strategy of expanding engagement in the Asia Pacific region and led to interest in membership and collaboration with various organisations, as well as the opportunity to meet in person with several existing members.
Welcome to the August/September 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.
Confidential Computing Mini Summit
MONDAY, SEPTEMBER 18 | 13:30 – 17:00
Location: Euskalduna Bilbao In Person Registration Cost: $10 Virtual Registration Cost: $0
Confidential Computing protects data in use by performing computation in a hardware-based, attested Trusted Execution Environment (TEE). The Confidential Computing is bringing together hardware vendors, cloud providers, and software developers to accelerate the adoption of TEEs through collaboration in open source software.
Location: Euskalduna Conference Centre, Level 5, Room 5A, map.
Joining Sessions Virtually
All mini summit sessions will be streamed live on the Linux Foundation YouTube Channel. There will be no virtual platform for this event. For more information on how to join sessions virtually, please visit our Virtual Attendance webpage. Please note: Virtual attendees will only be able to watch the live session – there will be no speaker Q&A and no virtual attendee audio function. However, chat will be enabled on the YouTube live stream.
Session Recordings
The mini summit will be recorded and posted to the Linux Foundation YouTube channel 2 weeks after the event.
Recap of Diana Initiative
By Deirdre Cleary
The Diana Initiative (TDI) is a conference whose aim is to help those underrepresented in Information Security and this year’s event took place on August 7th at the Westin in Las Vegas. I was sponsored by Evervault to attend and give a talk entitled Spilling the TEE.
This was my first time attending and I found The Diana Initiative to be a really welcoming environment for newcomers. The day offered a mix of talks, workshops, and hands-on villages, all of which built on this year’s theme of Lead the Change. The conference is well-timed at the start of Hacker Summer Camp and leaves attendees feeling confident in themselves and their abilities as they take on the many other events the week has to offer.
As a speaker, I gave a 30-minute talk entitled Spilling the TEE. The session was aimed at those who had no previous experience with Trusted Execution Environments, but were curious to learn what they’re all about. I discussed why we need TEEs, the features they offer, the types of TEEs available today, and gave some examples of applicable use cases.
One use case we dove into a little deeper was that of rebuilding trust in period tracking apps. Post Roe v. Wade there was a lot of discussion about whether it is safe to be sharing this very personal data with apps on your phone, having little knowledge of, or control over, what the data can be used for. At TDI I explored how TEEs could be part of the solution. In combination with open sourcing, TEEs can offer users confirmation of exactly what actions are being performed on their data, thanks to attestation. I demonstrated this using Evervault’s open source project (Cages)[https://github.com/evervault/cages] to deploy a simple attestable period prediction tool on (AWS Nitro Enclaves)[https://aws.amazon.com/ec2/nitro/nitro-enclaves].
While this is not the typical example we give for TEEs, it resonated well with the attendees on the day, and goes to show that the more diverse the people involved in confidential computing, the more diverse the solutions we can build together.
On Friday and Saturday August 11-12, I attended DEFCON, the largest hacker conference in the world, held across 3 different Caesars’ convention centers, with over 30,000 attendees. The conference is so big that they have to split it into what they call villages, which are still very large on their own. I spent most of my time in the following villages:
IoT Village
The CCC was sponsoring the IoT Village. This was a very well attended village, and I was surprised by the enthusiasm and knowledge of the attendees. Many arrived early in the morning, and only left the large room late in the afternoon, spending their time trying to break into IoT devices. Many thanks to the IoT Village organizers who received me, Rachael Tubbs and Sara Pickering, MS, PHR, SHRM-CP.
AI Village
The AI Village was one of the most popular ones, and was dedicated to DARPA’s AI Cyber Initiative. Thousands of hackers tried to find vulnerabilities in Large Language Models. This initiative was officially announced at the main auditorium:
DARPA Announces an AI Cyber Initiative – by Dave Weston, Vice President of Enterprise and OS Security at Microsoft; Heather Adkins, Vice President of Security Engineering at Google; Matthew Knight, Head of Security at OpenAI; Michael Sellitto, Head of Geopolitics and Security Policy at Anthropic; Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF); and Perri Adams, AixCC Program Manager at DARPA.
Policy@DEFCON
The Policy@DEFCON room was also well attended, and brought together government officials and specialists interested in safeguarding critical infrastructure, with a particular focus on open source software security. I really liked Kemba Walden’s fireside chat with Jeff Moss at the main auditorium:
Fireside Chat with the National Cyber Director Kemba Walden – by Kemba Walden, Acting National Cyber Director at the Office of the National Cyber Director, the White House; Jeff Moss, Founder of DEFCON.
Crypto & Privacy Village
The Crypto & Privacy Village is one of my favorites, and last year we gave two talks there. This time, I was only attending. I especially enjoyed the entertaining privacy talk from Anthony about how privacy laws are evolving in the U.S.:
Is 2023 the Year of Privacy: How History and States are Posed to Change Privacy? – by Anthony Hendricks
Welcome to the June/July 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.
Confidential Computing Summit: Broad industry representation
On Thursday, 29th June 2023, the first Confidential Computing Summit was held at the Marriott Marquis in San Francisco. Organized by Opaque Systems and the Confidential Computing Consortium, it comprised 38 sessions delivered by 44 speakers and panelists, with 244 attendees – over twice the expected number. Although initially planned as a single track event, the number of responses to the Call for Papers was so large that the agenda was split into three tracks, with keynotes starting and ending the event.
Sessions covered a broad range of topics, from state of the industry and outlook, to deep-dive technical discussions. One of the key themes of the Summit, however, was the application of Confidential Computing to real-life use cases, with presentations by end users as well as suppliers of Confidential Computing technologies. The relevance of Confidential Computing to AI was a recurring topic as data and model privacy is emerging as a major concern for many users, particularly those with requirements to share data with untrusted parties whether partners or even competitors for multi-party collaboration. Other use cases included private messaging, anti-money laundering, Edge computing, regulatory compliance, Big Data, examination security and data sovereignty. Use cases for Confidential Computing ranged across multiple sectors, including telecommunications, banking, insurance, healthcare and AdTech. Sessions ranged from high-level commercial use case discussions to low-level technical considerations.
There was an exhibitor hall which doubled as meeting space and included booths from the CCC and Opaque Systems plus the Summit’s premier sponsors (Microsoft, Intel, VMware, Arm, Anjuna, Fortanix, Edgeless Systems, Cosmian). The venue also had sufficient space (and seating with branded cushions!) for a busy “hallway track”. For many attendees, the ability to meet other industry professionals in person for the first time was as valuable a reason to attend the Summit as the session – while virtual conferences can have value, the conversations held face-to-face at the conference provided opportunities for networking that would have been impossible without real-world interactions.
The Confidential Computing Consortium would like to thank Opaque Systems and the program committee for their hard work in organizing this event. Given the success of the Summit, plans are already underway for a larger instance next year. Please keep an eye on this blog and other news outlets for information. We look forward to seeing you there!
Welcome to the May 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.
Welcome New Members!
Cryptosat is excited to join the Confidential Computing Consortium. We are working to provide a very unique trusted compute environment in space for use-cases requiring a perfect air-gap and physical isolation. We’re looking forward to contribute to the Confidential Computing technology landscape and establish fruitful partnerships with other companies in the consortium.
Confidential Computing Summit Use Case Awards
Calling all Confidential Computing experts! Today we’re launching the Confidential Computing Use Case Awards, with the chance to be recognized for the best case study across healthcare, financial services, and adtech. Use this form to tell your story.
Each case study will be evaluated by a panel of judges. Things to keep in mind:
The case studies do not need to be deployed. We are interested in nominations that identify the real world changes that can be addressed by confidential computing.
The use cases will be grouped in the following sectors: FinServ, Healthcare, AdTech, and Other
The case study must answer two questions: What is the problem? How does confidential computing provide the solution?
The Confidential Computing Consortium is a co-organizer of the Confidential Computing Summit. The event will take place in San Francisco on the 29th of June. The CCC and Opaque are launching the Confidential Computing Use Case Awards, asking teams to share their most interesting use cases across healthcare, financial services, adtech, and social good, with the chance to be recognized at the summit:
Striking a balance between security, privacy, and performance is a challenge in machine learning applications. In this talk we will present BlindAI, an open-source confidential computing solution that harnesses Intel SGX enclaves to enable secure remote ML inference. Our solution effectively safeguards the confidentiality of both the model and user data while also ensuring the predictions’ integrity. We will discuss the motivation behind BlindAI, how we factored in the specificities and constraints of Intel SGX at the design stage, and share the outcome of an independent security audit of our solution.
Dan Middleton, of Intel and the Confidential Computing Consortium (CCC), dives deep on the topic of confidential computing (CoCo) and many related concerns, such as Trusted Execution Environments with Doc Searls and Jonathan Bennett.
Welcome to the April 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.
Welcome New Members!
Spectro Cloud has recently joined the CCC. Founded by multi-cloud management experts, Spectro Cloud aims to make cloud infrastructure boundaryless for the enterprise. It provide solutions that help enterprises run Kubernetes their way, anywhere.
A word from Mike Bursell, CCC’s new Executive Director
I’m very pleased to announce that I’ve just started a new role as part-time Executive Director for the Confidential Computing Consortium, which is a project of the The Linux Foundation. I have been involved from the very earliest days of the consortium, which was founded in 2019, and I’m delighted to be joining as an officer of the project as we move into the next phase of our growth. I look forward to working with existing and future members and helping to expand industry adoption of Confidential Computing.
For those of you who’ve been following what I’ve been up to over the years, this may not be a huge surprise, at least in terms of my involvement, which started right at the beginning of the CCC. In fact, Enarx, the open source project of which I was co-founder, was the very first project to be accepted into the CCC, and Red Hat, where I was Chief Security Architect (in the Office of the CTO) at the time, was one of the founding members. Since then, I’ve served on the Governing Board (twice, once as Red Hat’s representative as a Premier member, and once as an elected representative of the General members) acted as Treasurer, been Co-chair of the Attestation SIG and been extremely active in the Technical Advisory Council. I was instrumental in initiating the creation of the first analyst report into Confidential Computing and helped in the creation of the two technical and one general white paper published by the CCC. I’ve enjoyed working with the brilliant industry leaders who more than ably lead the CCC, many of whom I now count not only as valued colleagues but also as friends.
The position – Executive Director – however, is news. For a while, the CCC has been looking to extend its activities beyond what the current officers of the consortium can manage, given that they have full-time jobs outside the CCC. The consortium has grown to over 40 members now – 8 Premier, 35 General and 8 Associate – and with that comes both the opportunity to engage in a whole new set of activities, but also a responsibility to listen to the various voices of the membership and to ensure that the consortium’s activities are aligned with the expectations and ambitions of the members. Beyond that, as Confidential Computing becomes more pervasive, it’s time to ensure that (as far as possible), there’s a consistent, crisp and compelling set of messages going out to potential adopters of the technology, as well as academics and regulators.
I plan to be working on the issues above. I’ve only just started and there’s a lot to be doing – and the role is only part-time! – but I look forward to furthering the aims of the CCC:
“The Confidential Computing Consortium is a community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration.” – The core mission of the CCC Wish me luck, or, even better, get in touch and get involved yourself.
– Cloud Security Made for the EU: Securing Data & Applications – Dr. Norbert Pohlmann, IT Security Association Germany (TeleTrusT) (Moderator), Ulla Coester, Westphalian University of Applied Sciences Gelsenkirchen (Panelist), Nils Karn, Mitigant by Resility (Panelist), Andreas Walbrodt, enclaive (Panelist)
Mike Bursell will attend the event to promote the CCC. Confidential Computing talks include:
– Advancements in Confidential Computing – Vojtěch Pavlik, SUSE – WASM + CC, Secure Your FaaS Function – Xinran Wang & Liang He, Intel – A WASM Runtime for FaaS Protected by TEE – Sara Wang & Yongli He, Intel – OpenFL: A Federated Learning Project to Power Your Projects – Ezequiel Lanza, Intel
The Confidential Computing Consortium is a co-organizer of the Confidential Computing Summit. The event will take place in San Francisco on the 29th of June. The CCC and Opaque are launching the Confidential Computing Use Case Awards, asking teams to share their most interesting use cases across healthcare, financial services, adtech, and social good, with the chance to be recognized at the summit:
The Arm Confidential Compute Architecture (Arm CCA) builds on top of the Armv9-A Realm Management Extension (RME) by providing a reference security architecture and open-source implementation of hypervisor-based confidential computing. This talk describes the latest open-source project developments (Trusted Firmware, Linux, KVM, EDK2) to enable Arm CCA, including current status and next steps.
CCC Blog: Why Attestation is Required for Confidential Computing?
Alec Fernandez from Microsoft clarifies why the CCC amended the definition of Confidential Computing to add attestation:
The Wikipedia article for Confidential Computing has now been officially published. The article was led by Mike Ferron-Jones under the guidance of Wikipedia consultant Jake Orlowitz with the help of multiple CCC members. The article is available here:
Welcome to the March 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.
New Members
Canonical
Canonical joined the CCC in the prior month, and now they’ve published a blog post:
Customers and partners rely on SUSE to deliver a secure, open source platform that fully protects data regardless of its state. Confidential Computing safeguards data in use without impacting business-critical workloads. Joining the Confidential Computing Consortium enables SUSE to collaborate with open source leaders to advance these security technologies for our customers.
Recent Events
FOSS Backstage
The Confidential Computing Consortium participated at FOSS Backstage that took place in Berlin on March 13-14. CCC Outreach Chair Nick Vidal gave a talk about combining open source supply chain technologies like SBOMs and Sigstore with Confidential Computing. The presentation was very much inspired by the SLSA security framework, where the major threats are highlighted in each stage of the supply chain. Interestingly enough, currently SLSA does not cover much of the last mile of the supply chain, when the application/workload is actually deployed, and this is where Confidential Computing can play an important role. The video recording is available here:
On March 15th , for the third year in a row, the Open Confidential Computing Conference (OC3) brought the confidential computing community together to discuss latest developments, use cases, and projects. The event was hosted by Edgeless Systems, and proudly sponsored by the Confidential Computing Consortium, amongst others. There were 29 sessions with 37 expert speakers from Intel, Microsoft, NVIDIA, IBM, AMD, Suse and many more. 1227 people registered across industries from all over the world. The recordings are available on Edgeless Systems YouTube channel on demand.
You can find Ben Fischer keynote on behalf of the CCC here:
A CTO panel with Greg Lavender, Mark Russinovich, Mark Papermaster and Ian Buck is available here:
Webinar:
Dan Middleton, CCC TAC Chair and principal engineer at Intel, and Dave Thaler, former CCC TAC Chair and software architect at Microsoft, shared their work with Confidential Computing and their efforts to further this technology via the Confidential Computing Consortium. Learn about confidential computing, the problems it solves, and how you can get involved:
The Confidential Computing Consortium is a co-organizer of the Confidential Computing Summit. The event will take place in San Francisco on the 29th of June. The Confidential Computing Summit brings together experts, innovators, cloud providers, software and hardware providers, and user organizations from all industries to accelerate key initiatives in confidential computing. Call for Speakers are open.
Women in Confidential Computing
In March we celebrated International Women’s month. We have several women who are leading the way and advancing Confidential Computing, among which:
Raluca Ada Popa: Raluca is an associate professor of computer science at UC Berkeley. She is interested in security, systems, and applied cryptography. Raluca developed practical systems that protect data confidentiality by computing over encrypted data, as well as designed new encryption schemes that underlie these systems. Some of her systems have been adopted into or inspired systems such as SEEED of SAP AG, Microsoft SQL Server’s Always Encrypted Service, and others. Raluca received her PhD in computer science as well as her two BS degrees, in computer science and in mathematics, from MIT. She is the recipient of an Intel Early Career Faculty Honor award, George M. Sprowls Award for best MIT CS doctoral thesis, a Google PhD Fellowship, a Johnson award for best CS Masters of Engineering thesis from MIT, and a CRA Outstanding undergraduate award from the ACM.
Mona Vij: Mona is a Principal Engineer and Cloud and Data Center Security Research Manager at Intel Labs, where she focuses on Scalable Confidential Computing for end-to-end Cloud to Edge security. Mona received her Master’s degree in Computer Science from University of Delhi, India. Mona leads the research engagements on Trusted execution with a number of universities. Her research has been featured in journals and conferences including USNIX OSDI, USENIX ATC and ACM ASPLOS, among others. Mona’s research interests primarily include trusted computing, virtualization, device drivers and operating systems.
Nelly Porter: Nelly is a lead of the Confidential Computing in Google with over 10 years’ experience in platform security, virtsec, PKI, crypto, authentication, and authorization field. She is working on multiple areas in Google, from root of trust, Titan, to the Shielded and Confidential Computing, has 25 patents and defensive publications. Prior to working at Google, Porter spent some time working in Microsoft in the virtualization and security space, HP Labs advancing clustering story, and Scientix (Israel) as a firmware and kernel driver eng. She has two sons, both are in the CS field, one of them is working for Google.
Lily Sturmann: Lily is a senior software engineer at Red Hat in the Office of the CTO in Emerging Technologies. She has primarily worked on security projects related to remote attestation, confidential computing, and securing the software supply chain.
Ijlal Loutfi: Ijlal is a security product manager at Canonical, the publishers of Ubuntu. She’s a post-doctoral researcher at the Norwegian University of Science of Technology, working with Professor Bian Yang. Her PhD was on trusted computing, trusted execution environments and online user authentication. Research interests include: Online identity management, namely self-sovereign identities; Applied cryptography, namely, proxy re-encryption; and Verifiable Remote Computation.
Mary Beth Chalk: Mary is the Co-founder & Chief Commercial Officer at BeeKeeperAI, Inc. has over 25 years of healthcare innovation experience improving outcomes through data-informed decision making, services, and processes. Her early work with health systems was grounded in statistical process control enabling healthcare executives to discern the signal from the noise of their data. As COO of a mental health organization, she created and implemented a system of predictive algorithms to improve the effectiveness of psychotherapy treatment. Mary Beth was also the co-founder of a chronic disease self-management platform that combined monitoring device data with algorithm-driven digital behavioral coaching to improve health engagement and outcomes. Her current work is focused on the development of healthcare AI from the perspective of the data owner and the algorithm owner including issues such as data access and intellectual property.
Ellison Anne Williams: Anne is the Founder and CEO of Enveil, the pioneering data security startup protecting Data in Use. She has more than a decade of experience spearheading avant-garde efforts in the areas of large scale analytics, information security and privacy, computer network exploitation, and network modeling at the National Security Agency and the Johns Hopkins University Applied Physics Laboratory. In addition to her leadership experience, she is accomplished in the fields of distributed computing and algorithms, cryptographic applications, graph theory, combinatorics, machine learning, and data mining and holds a Ph.D. in Mathematics (Algebraic Combinatorics), a M.S. in Mathematics (Set Theoretic Topology), and a M.S. in Computer Science (Machine Learning).
Sandrine Murcia: Sandrine is the CEO and co-founder of Cosmian, The Personal Data Network. Powered by peer-to-peer and blockchain technologies, Cosmian is the reference for personal data control & access, while favoring sustainable economic models for publishers and brands. Sandrine began her career in 1995 at Procter & Gamble. In 1999, thrilled by the emerging potential of the Internet, she switched gears and joined Microsoft’s MSN consumer division. In 2004, Sandrine joined Google and exercised responsibilities as Southern Europe Marketing Director. Sandrine holds a BA in Biotechnologies from INSA Lyon and a HEC Paris Master in Entrepreneurship. Sandrine is a 2004 Kellogg School of Management MBA graduate.
CCC and FHE
Dan Middleton, CCC TAC Chair, and Rosario Cammarota, Chief Scientist | Privacy-Enhanced Computing Research, Intel Corp., published a special blog post comparing Confidential Computing and Homomorphic Encryption. The blog post is available here:
The Wikipedia article for Confidential Computing is now under the “Drafts” section, awaiting for one of the Wikipedia maintainers to review and publish it. The article was led by Mike Ferron-Jones under the guidance of Wikipedia consultant Jake Orlowitz with the help of multiple CCC members. The article is available here:
