The Confidential Computing Consortium Year in Review, 2020

By Blog

The first year of the Confidential Computing Consortium is coming to a close and it is an important time to reflect on what we’ve done and where we’re going as we look ahead to our next year. 

I want to start from the perspective of ‘why’ the Consortium. Companies create non-profits like the Consortium in the broad open source space because our businesses benefit from that membership. We launched the Consortium with 15 premier and general members and have since grown to 27 company members and 2 non-profit members. 

AccentureAlibabaAMDAnjunaAnqlave
ArmBaiduBytedanceCosmianCysec
DecentriqFacebookFortanixGoogleHuawei
iExecIntelKinditeMicrosoftNvidia
Oasis LabsOracleR3Red HatSwisscom
TencentVMware

Bold indicates a premier member. Our non-profit members are: iotex.io, MIT

For all of our corporate members: 

  • Confidential computing directly (or indirectly) benefits our company stories to customers.
  • Directly supporting/servicing the growth of well-formed OSI-licensed projects that create hardware TEE based solutions can provide building blocks for products and services to customers as part of our product portfolios. 
  • Directly funding/participating in collateral development that educates the marketplace and creates a community within the industry provides a consistent baseline in the market on which to build our individual customer-facing messages.  
  • Directly engaging in the Technical Advisory Council (TAC) discussions provides a collaborative space to debate and test engineering-focused discussions relating to confidential computing and accelerates innovation in the domain. 
  • The Consortium provides a shared cost structure and participation structure for the members supporting projects and building educational collateral.
  • Being a member creates a direct association of the company brand with the technology space through the Consortium brand.
  • ‘Hallway discussions’ around the main business of the Consortium create and strengthen business relationships and opportunities.  

The primary working committees of the Consortium are the Technical Advisory Council (TAC) and the Outreach Committee. They have each (and together) accomplished a lot in these first ten months getting to know each other as members and working towards those common objectives. (Some of this has been particularly challenging as the last five months have been in the midst of the COVID-19 pandemic.) 

The TAC has:

  • Accepted the first three open source projects under the Consortium umbrella in Oct 2019 (enarx, the Open Enclave SDK, and the SGX SDK for Linux). 
  • Agreed on a confidential computing definition, the scoping of the consortium mission, and scoping of TEE to the definition.   
  • Continued to improve and evolve the project acceptance criteria and services work.
  • Accepted three new projects through the Spring 2020 (Graphene, the Trusted Compute Framework, and Keystone… ).
  • Developed an introductory whitepaper on Confidential Computing with the Outreach Committee.
  • Developed content then participated in analyst and press briefings (e.g., Gartner, Forrester, IEEEFortune)
  • Developed and evolved work processes and templates (e.g., project submission) to accomplish the mission.
  • The TAC chair has engaged and coordinated with outside organizations (e.g., homomorphicencryption.org, IETF).

The Outreach Committee has: 

  • Developed the confidential computing messaging framework in coordination with TAC.
  • Organized and ran the press and analyst briefings (e.g., Gartner, Forrester, IEEE, Fortune)
  • Developed the current white paper with TAC.
  • Begun the long process of web site improvements. 
  • Organized and ran our booth presence at the Linux Foundation Open Source Summit in Lyon (October 2019), and at the Linux Foundation Open Source Summit North America virtual event. 
  • Begun planning for a conference for Spring 2021 for 300-500 participants, (and a test virtual event this Fall). 
  • Begun tracking interest in the Consortium with the launch of the Confidential Computing whitepaper.

I would very much like to thank all of the participating members. A truism about successful open source project communities is the need for people in the community to be willing to chop wood and carry water. The ‘community’ isn’t some magic workforce, but rather a group of individuals doing the work together towards shared goals. This is just as true when you build a non-profit as an umbrella organization for such OSI-licensed projects. 

I would be remiss if I didn’t thank our Linux Foundation program manager, Stephano Cetola, who helps us navigate the Linux Foundation services we use, and keeps clearing the to-do lists we collectively put in front of him, as well as Scott Nicolas from the Linux Foundation who helped us with the initial heavy lift of starting the Consortium and continues to get dragged into the occasional discussion about all things charter related.  A special thanks also to Omkhar Arasaratnam and Morgan Akers from JP Morgan Chase who have been active participants in TAC discussions and have shown us the need to build an end user advisory committee this coming year. 

We have a number of exciting projects to begin our second year with the TAC working on an in-depth technical report, the Outreach Committee exploring a Fall virtual event, and beginning work on the End User Advisory Committee. All this along with our regular work supporting the open source projects under our umbrella. I’m looking forward to it, and hope the membership is as excited as I am. 

As the Confidential Computing Consortium Grows

By Blog

The Confidential Computing Consortium is a community focused on open source licensed projects securing data in use and accelerating the adoption of confidential computing through open collaboration. The Consortium announced its intentions in August 2019, and has been heads down laying the foundations for open collaboration between the parties involved in confidential computing and creating a welcoming home for open source projects.

What is Confidential Computing

Confidential Computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment. Technology solutions exist for securing data at rest in storage and data in transit across the network, but until recently securing data in use during computation wasn’t part of the story. Chip manufacturers have been bringing technologies to market (Intel with Secure Guard eXtensions, Arm with TrustZone, and AMD with Secure Encrypted Virtualization). These are examples of Trusted Execution Environments (TEE), the core building block in confidential computing. Software development frameworks and application deployment mechanisms were soon to follow. 

Developers that handle sensitive data such as Personally Identifiable Information (PII), financial data, or health information need to remove threats that target the confidentiality and integrity of the data in system memory. Using TEE to isolate and protect the execution environment of applications ensures data is secure while in use, preventing it from being exposed in the memory of the compute infrastructure. 

Accomplishments to Date

Since launch, the Consortium established an Outreach Committee–chartered with educating the industry and developers about confidential computing, and supporting the health of the Consortium projects–and a Technical Advisory Council (TAC)–chartered with driving the technical direction of the Consortium and supporting the Consortium projects.

In October, the TAC met at the Open Source Summit EU and heard from, and approved, three open source projects to join the Consortium:

  • Software Guard Extensions (SGX) SDK for Linux, designed to help application developers protect select code and data from disclosure or modification at the hardware layer using protected enclaves in memory.  
  • Open Enclave SDK, an open source framework that allows developers to build Trusted Execution Environment (TEE) applications using a single enclaving abstraction. Developers can build applications once that run across multiple TEE architectures.  
  • Enarx, a project providing hardware independence for securing and deploying applications using TEEs. 

As we come through the first quarter of 2020: 

  • The TAC has debated at length a definition for confidential computing after a survey of the members and across the industry.  
  • The Outreach Committee has begun educating industry shapers, like analysts, on this definition, and the work of the Consortium projects  
  • The Outreach Committee is developing educational materials for developers and the wider industry 
  • The administration of the Consortium continues to evolve and take shape. The Legal Subcommittee has now met on a number of topics to get a measure of how the Consortium can best meet its members’ legal needs. The Budget subcommittee is working to help the working committees have a better grasp of the money to be spent supporting Consortium projects and building educational collateral. 
  • New members continue to join the Consortium. We’re up to nine premier members, and 13 general members, with several more members filing paperwork as we speak.
  • New projects are in discussions with the TAC to come under the Consortium umbrella. 

The TAC and Outreach Committee are now heads down developing the website, wiki, and GitHub sites to ensure policies and decisions are captured, documented, and public, and to improve our on-ramps and services to open source licensed projects in the confidential computing space. We’re working to create a User Council to engage with sophisticated large-scale users of confidential computing. It is an exciting time. 

Like any open source project, the Consortium is a continuously evolving and growing effort; evolving to meet the needs of the user and growing in the ways that meet these needs. Consortium meetings are open to anyone, and we welcome all– from those who are curious about what confidential computing is to open source projects curious about what the Consortium offers to security researchers on their umpteeth TEE disclosure–there is a seat waiting for you. To find meeting times, join our mailing lists.