The Linux Foundation Projects
Skip to main content
Category

Blog

Jul 02

COCONUT-SVSM Joins the Confidential Computing Consortium: Enhancing Security for SensitiveWorkloads

By Announcement, Blog No Comments

The Confidential Computing Consortium (CCC) welcomes a new project: The COCONUT
Secure VM Service Module (COCONUT-SVSM), which aims to be a game-changer for secure
service provision within confidential virtual machines (CVMs). This is a significant step forward
for the project.


Published by SUSE in March 2023 the project built an active developer community with major
industry players contributing, including AMD, Microsoft, IBM, Intel, Redhat and Google. By
joining the CCC the project gains enhanced visibility and even more collaboration opportunities
within the confidential computing community and is set for further community growth.

Building a Secure Foundation for Confidential VMs

COCONUT-SVSM was started by SUSE and is now hosted by the Linux Foundation (LF),
known for fostering open-source collaboration. This choice reflects the project’s commitment to
open development and community involvement. COCONUT-SVSM aims to become a platform
that delivers essential services to CVMs. These services, which can not be provided by the host
VMM in a secure way, include:

  • Virtual TPM emulation: This functionality provides a secure Trusted Platform Modulewithin the CVM, enabling functionalities like secure key generation and storage, but alsoenable full remote attestation of workloads.
  • UEFI variable store: This secure storage area safeguards critical configuration data forthe CVM and enables secure boot on some platforms.
  • Live migration for CVMs: This feature allows for seamless movement of running CVMsacross different physical hosts without compromising security.

The key advantage of COCONUT-SVSM lies in its secure execution environment. It operates
within the trust boundary of the CVM, but is still isolated from the actual operating system. This
isolation ensures that even if the underlying system gets compromised, the security of services
offered by COCONUT-SVSM remains intact

Benefits for Confidential Computing

This integration will enable users to enhance their confidential VM setups with features like:

  • Secure Remote Attestation: This allows for verifying the integrity and trustworthiness of the execution environment, a crucial requirement for running sensitive workloads and protecting data.
  • End-To-End Data Security: Users can guarantee that their data is always encrypted and never visible to any unauthorized party during storage, transmission, and processing.

Ultimately, these features empower users to fully protect their data even in untrusted
environments like the public cloud. This paves the way for secure cloud deployments and
confidential computing adoption across various industries.

Industry Leaders Support COCONUT-SVSM

COCONUT-SVSM is gaining traction within the tech industry, with key partners recognizing its
potential to advance confidential computing. Here’s what some industry leaders have to say
about COCONUT-SVSM:

AMD
“SUSE and AMD have a long history of collaborating on the development of the Linux
ecosystem and confidential computing technologies for AMD EPYC Processors” said
Frank Gorishek, corporate vice president, Software Development, AMD. “We are thrilled
to see COCONUT-SVSM join the CCC as an open source implementation of the AMD
SVSM specification for SEV-SNP. AMD is committed to open source technologies such
as COCONUT-SVSM as a catalyst for collaborative innovation on transformative
technologies such as confidential compute.”

Microsoft
“A secure environment like COCONUT-SVSM can play a valuable role in confidential
computing.” a spokesperson from Microsoft Hyper-V said. ”It can hold secrets and
provide virtualization services seamlessly to improve the usability of CVMs.”

Open Governance and Continued Growth

The COCONUT-SVSM project fosters open collaboration. SUSE’s Jörg Rödel, as the founding
developer, is the current lead maintainer. In the future, a broader project leadership will be
established by a Technical Steering Committee (TSC) consisting of at least 3 lead people to
ensure diverse perspectives guide the project’s direction.


The project community collaborates via its GitHub organization, a mailing list and in weekly
community meetings. There the project’s future, current challenges, and contributions from a
broad developer base are discussed.


Every developer passionate about confidential computing and secure service provisioning is
invited to start contributing to COCONUT-SVSM and support the continued growth of the
project.

The Meaning Behind the Name

The name COCONUT is a play on the term “CoCo,” a common abbreviation for confidential
computing. The “coconut” metaphor reflects the project’s focus on robust security, symbolizing a
hard-to-crack shell protecting the integrity of sensitive data.


By joining the Confidential Computing Consortium, COCONUT-SVSM is set to make significant
contributions to the field of confidential computing. The community excited to see the project
flourish within the CCC and invite all those interested in secure virtualization technology to join
the thriving COCONUT-SVSM project. Together, we can bring confidential computing and
end-to-end data protection forward for a wide range of industries and applications.

Jun 05

Exciting News: New Start-up Membership Tier from the Confidential Computing Consortium

By Blog No Comments

The Confidential Computing Consortium (CCC) is thrilled to announce the launch of a new membership tier tailored specifically for start-ups.  This initiative is designed to empower emerging companies by offering them a unique opportunity to join the CCC community free of charge for the first 12 months. Here’s everything you need to know about this fantastic new offer.

Why This Matters

Confidential Computing is transforming data protection and processing. By using hardware-based techniques to isolate sensitive data, it ensures security even during processing. As the field evolves, collaboration and innovation are essential to keep up with advancements. The CCC plays a pivotal role by uniting industry leaders, researchers, and innovators to drive the future of secure computing.

What is the CCC?

The Confidential Computing Consortium (CCC) unites hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards. As a project community within the Linux Foundation, the CCC is dedicated to defining and promoting Confidential Computing through open governance and collaboration. This initiative includes commitments from numerous member organizations and contributions from several open-source projects, following the successful model of other ambitious efforts.

Introducing the Start-up Membership Tier

We understand the unique challenges that start-ups face, from limited resources to the need for rapid innovation. To support these dynamic enterprises, the CCC has introduced a Start-up Membership Tier, providing eligible start-ups with complimentary membership for their first year. This new tier aims to foster innovation and collaboration among the next generation of leaders in Confidential Computing.

Benefits of Joining

By becoming a CCC member, start-ups gain access to a wealth of resources, including:

  • Collaborative Opportunities: Connect with leading companies, researchers, and developers in the field of Confidential Computing.
  • Educational Resources: Access cutting-edge research, training materials, and industry insights to stay ahead of the curve.
  • Networking: Participate in exclusive events, workshops, and forums to share ideas and explore potential partnerships.
  • Influence and Visibility: Contribute to the direction of Confidential Computing standards and gain visibility within the industry.

Eligibility Criteria

To qualify for this exciting new membership tier, start-ups must meet the following criteria:

  • Current Member of the Linux Foundation: Your organization must already be a part of the Linux Foundation community.
  • Employee Count: Your organization must have fewer than 100 employees.

How to Apply

Applying for the Start-up Membership Tier is simple! If your start-up meets the eligibility criteria, you can submit your application through the CCC website. Once approved, your start-up will enjoy a full year of membership benefits without any fees.

Join Us in Shaping the Future

This is a remarkable opportunity for start-ups to engage with the forefront of Confidential Computing technology. We invite all eligible start-ups to take advantage of this offer and join us in shaping the future of secure, private computing.

For more details and to apply, visit the Confidential Computing Consortium website.

Let’s innovate, collaborate, and shape the future of Confidential Computing together

Stay connected with the CCC community by following us on X, LinkedIn, and GitHub.

May 28

Unlocking AI for the Enterprise: Confidential Computing Summit

By Blog, CCC Events No Comments

Author: Raluca Ada Popa

With the rapid rise of generative AI and LLMs, we’re on the cusp of one of the largest technology super cycles in history; the global AI market size was already valued at $196B in 2023. However, C-suite execs and IT professionals alike cite data privacy concerns as the #1 obstacle to AI adoption for their organizations.

This is the year for confidential computing innovators and researchers, users and makers to come together, crack the code and unlock AI for the enterprise. The Confidential Computing Consortium, together with Opaque Systems, is co-hosting the Confidential Computing Summit this June with exactly that goal in mind: to expose and accelerate organizational initiatives around confidential data and AI.

Think of the Summit as our Consortium’s mission made manifest. A mega collaboration of the world’s top minds in confidential data, trustworthy AI and privacy-preserving generative AI unfolding over two days of learning and networking.

We anticipate hundreds of decision-makers and thought leaders in sectors such as financial services, insurance, telco, manufacturing, and healthcare. We have over 30 use cases lined up, selected from over 86 submissions, as well as dynamic discussions and visionary keynotes that include:

  • Mike Bursell, Executive Director, Confidential Computing Consortium
  • Raluca Ada Popa, Co-founder and President of Opaque, Associate Professor CS at UC Berkeley, and Chair of the Confidential Computing Summit
  • Anand Pashupathy, VP & GM, Security Software and Services Division, Product Assurance and Security, Intel
  • Karthik Narain, Group Chief Executive – Technology, Accenture
  • Mark Russinovich, Chief Technology Officer, Microsoft Azure
  • Nelly Porter, Director of Product Management, Google
  • Jason Clinton, Chief Information Security Officer, Anthropic
  • Sello Nevo, Director of the Meselson Center, RAND Corporation

And we’ll be delving deep into confidential computing and sensitive data – from national security to genomic epidemiology, noteworthy trends to critical best practices. You’ll learn about: 

  • Confidential Computing
  • Confidential Analytics
  • Confidential AI
  • Privacy-preserving Generative AI and LLM’s
  • Privacy Enhancing Technologies
  • Data Privacy and Compliance
  • Secure Enclaves
  • Confidential Computing Cloud Environments
  • Confidential VM’s

With two full days to roll up our sleeves, open our collars and truly dig into the opportunities and challenges, we’re excited to see where the Summit will take us and what new possibilities will emerge. Check out the full agenda here.

In case you missed it, we’re offering a discount to all of our Confidential Computing Consortium members. Register here and get 50% off with our special promo code CCC50.

Apr 30

Unlocking AI for the Enterprise: Confidential Computing Summit

By Blog, Event No Comments

With the rapid rise of generative AI and LLMs, we’re on the cusp of one of the largest technology super cycles in history; the global AI market size was already valued at $196B in 2023. However, C-suite execs and IT professionals alike cite data privacy concerns as the #1 obstacle to AI adoption for their organizations.

This is the year for confidential computing innovators and researchers, users and makers to come together, crack the code and unlock AI for the enterprise. The Confidential Computing Consortium, together with Opaque Systems, is co-hosting the Confidential Computing Summit this June with exactly that goal in mind: to expose and accelerate organizational initiatives around confidential data and AI.

Think of the Summit as our Consortium’s mission made manifest. A mega collaboration of the world’s top minds in confidential data, trustworthy AI and privacy-preserving generative AI unfolding over two days of learning and networking.

We anticipate hundreds of decision-makers and thought leaders in sectors such as financial services, insurance, telco, manufacturing, and healthcare. We have over 30 use cases lined up, selected from over 86 submissions, as well as dynamic discussions and visionary keynotes that include:

  • Mike Bursell, Executive Director, Confidential Computing Consortium
  • Raluca Ada Popa, Co-founder and President of Opaque, Associate Professor CS at UC Berkeley, and Chair of the Confidential Computing Summit
  • Anand Pashupathy, VP & GM, Security Software and Services Division, Product Assurance and Security, Intel
  • Karthik Narain, Group Chief Executive – Technology, Accenture
  • Mark Russinovich, Chief Technology Officer, Microsoft Azure
  • Nelly Porter, Director of Product Management, Google
  • Jason Clinton, Chief Information Security Officer, Anthropic
  • Sello Nevo, Director of the Meselson Center, RAND Corporation

And we’ll be delving deep into confidential computing and sensitive data – from national security to genomic epidemiology, noteworthy trends to critical best practices. You’ll learn about: 

  • Confidential Computing
  • Confidential Analytics
  • Confidential AI
  • Privacy-preserving Generative AI and LLM’s
  • Privacy Enhancing Technologies
  • Data Privacy and Compliance
  • Secure Enclaves
  • Confidential Computing Cloud Environments
  • Confidential VM’s

With two full days to roll up our sleeves, open our collars and truly dig into the opportunities and challenges, we’re excited to see where the Summit will take us and what new possibilities will emerge. Check out the full agenda here.

In case you missed it, we’re offering a discount to all of our Confidential Computing Consortium members. Register here and get 15% off with our special promo code CCC15!

Apr 23

Decoding Trust in Confidential Computing: Foundations and Open Source Perspectives

By Blog No Comments

At this month’s Open Source Software Summit NA, Mike Bursell, Executive Director of the Confidential Computing Consortium, presented at the session “Decoding Trust in Confidential Computing” with Sal Kimmich, Technical Community Architect, also with the CCC. The session explored trust in computing, merging confidential computing and open-source principles. 

Mike and Sal discussed frameworks for trust in Confidential Computing  environments, including technological protocols, human factors, and trust in open source. Case studies revealed hardware-level attestation in confidential computing and the philosophical dimensions of open source. Join us for a deep dive into computing trust, where technical, communal, and policy aspects converge. 

Read more below for greater insights.

Confidential Computing Definition

Confidential computing safeguards data in use by conducting computations within hardware-based Trusted Execution Environments (TEEs). It is defined as “the protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment.”

Introduction to Trust in Confidential Computing

Trust in Confidential Computing hinges on components such as the software supply chain, key management, cloud computing, software correctness, AI provenance, identity, authorization/authentication, data privacy, hardware supply chain, and cryptographic primitives. The fundamental question arises: Whom do we trust, and for what purposes?

Workloads and Host

In the standard virtualization model, VMs and containers handle Type 1 and Type 2 workloads well, while Type 3 poses challenges that VMs and containers cannot adequately address. Trusted Execution Environments (TEEs) become crucial for Type 3 isolation, particularly for cloud-native workloads involving sensitive data and applications. Hardware-based TEEs offer Type 3 isolation as well as Types 1 and 2.

Trust in Open Source

The Open-Source Software (OSS) community endorses trust, with its roots in software primitives and derivable properties. This endorsement isn’t confined to monolithic authorities but is embodied within communities. Exposing this endorsement through commercial implementations/distributions, open-source foundations, and decentralized organizations is essential.

Pillars of Trust in Confidential Computing

Trust in Confidential Computing rests on several pillars: Tools of Trust (trust anchors) encompassing hardware, firmware, and software; Derivable properties including integrity, confidentiality, identity, and uniqueness; and Primitives such as hardware-based TEEs. Endorsers, including silicon, firmware, software, and the open-source community, play a vital role in building trust. They are not solely monolithic authorities but can represent the collective authority of a community.

The Role of the Confidential Computing Consortium

The Confidential Computing Consortium plays a pivotal role in instilling confidence among businesses, regulators, and standards bodies through the technical maturity of the open-source community. Examples of applications include Microsoft’s migration of credit card processing to Confidential Computing, the University of Freiburg’s adoption of collaborative research platforms, combating human trafficking and modern slavery, AI inference for data and model protection, remote attestation models, standardized ABIs, and database protection models.

Confidential Computing is not merely a potential open-source technology but a necessary one. Its foundation in open-source principles is indispensable for fostering trust and security in the digital landscape.

The Confidential Computing Consortium is a community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration and bringing together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards.

Learn how you and your organization can get involved .

Apr 10

The CIA Triad for Confidential Computing

By Blog No Comments

At the heart of cybersecurity, the CIA triad is a model designed to guide policies for information security within an organization. It consists of three fundamental principles:

Confidentiality: Ensures that sensitive information is accessed only by authorized parties and is protected against unauthorized access. Techniques such as data encryption, secure authentication, and access controls are employed to maintain confidentiality.

Integrity: Guarantees that information is reliable and accurate, safeguarding it from unauthorized modification. Integrity is upheld through mechanisms like checksums, cryptographic hashes, and digital signatures, ensuring that data remains unaltered from its original state unless modified by authorized entities.

Availability: Ensures that information and resources are available to authorized users when needed. This involves protecting against attacks that disrupt access to resources, such as DDoS attacks, and implementing disaster recovery plans to maintain service continuity.

Confidential Computing (CC) enhances the traditional CIA triad by focusing on protecting data in use—complementing existing measures that protect data at rest and in transit. By leveraging hardware-based security mechanisms such as Trusted Execution Environments (TEEs), CC enables sensitive data to be processed in isolated environments, thus offering a unique opportunity to reexamine and reinforce the principles of the CIA triad in modern computing scenarios.

Aligning with the CIA Triad

Confidentiality in Confidential Computing: The essence of Confidential Computing lies in its ability to ensure that data being processed remains confidential, even in shared or cloud environments. Through technologies like Intel SGX and TDX, AMD SEV-SNP, and ARM CCA provide hardware-based, attested Trusted Execution Environments (TEEs) which protect from unauthorized access, including operators of cloud services.

Integrity in Confidential Computing: CC technologies also play a crucial role in ensuring the integrity of data and code execution. Confidential Computing allows for the verification of software and data integrity before execution, ensuring that only authorized code runs within TEEs. This is instrumental in preventing unauthorized modifications and ensuring that computations are performed accurately.

Availability in Confidential Computing: While confidentiality and integrity are the primary focus of Confidential Computing, it also contributes to availability by enhancing the overall security posture. By mitigating the risk of data breaches and ensuring the integrity of computing processes, CC supports the uninterrupted availability of services, fostering trust and reliability in digital ecosystems.

Confidential Computing: A Journey Through the CIA Triad

Confidential Computing (CC) stands as a pivotal advancement in the realm of cybersecurity, offering robust mechanisms to protect data in use and reinforcing the principles of the CIA triad—Confidentiality, Integrity, and Availability—in novel and powerful ways. There are several key takeaways emerge:

Confidential Computing enhances the traditional CIA triad by introducing protections for data in use, alongside existing measures for data at rest and in transit. The evolution of CC technologies demonstrates a concerted effort to address the complexities of modern computing environments, ensuring that sensitive data can be processed securely and reliably.

Integrity and confidentiality are paramount in CC, with innovations providing mechanisms for verifying the authenticity and safeguarding the privacy of data during processing.

Availability, while indirectly impacted by CC, benefits from the improved security posture that CC technologies bring to digital infrastructures, supporting the reliability and accessibility of services.

As the landscape of digital threats continues to evolve, so too will the technologies and strategies employed to counter them. Confidential Computing represents a forward-thinking approach to cybersecurity, promising to play a crucial role in safeguarding the future of digital information processing.

Further Reading and Resources

To further explore the concepts and technologies discussed, the following resources serve as a starting point for those seeking to deepen their understanding of Confidential Computing and its significance in today’s cybersecurity landscape. By engaging with these materials, you’ll gain a more nuanced appreciation of the challenges and opportunities that Confidential Computing presents:

1. The Confidential Computing Consortium: An initiative by the Linux Foundation, this consortium brings together industry leaders to collaborate on open-source projects and standards for Confidential Computing.

2. NIST on Confidential Computing: The National Institute of Standards and Technology (NIST) provides resources and publications that address the technical aspects and standards related to Confidential Computing.

Mar 19

Collaborative Security: The Role of Open Source in Confidential Computing

By Blog No Comments

Authored by Sal Kimmich

Blog Post

As we continue our exploration of Confidential Computing, this week we focus on a crucial aspect that is often the unsung hero of technological advancement: open source. Specifically, we’ll examine how open-source initiatives are contributing significantly to the development and implementation of Confidential Computing.

Open Source: A Foundation for Innovation

Open-source software is built on the principle of collaboration and transparency. It allows developers from around the world to contribute to and review each other’s code, fostering innovation and rapid problem-solving. This collaborative approach is particularly beneficial in the realm of cybersecurity, where the sharing of knowledge and resources is key to staying ahead of threats.

Open Source in Confidential Computing

In the context of Confidential Computing, open source plays a pivotal role. Open-source projects provide the foundation for many Trusted Execution Environments (TEEs) and other secure computing technologies. By leveraging open-source software, developers can create more robust, secure, and versatile solutions for data protection.

Advantages of Open Source in Security

One of the main advantages of open source in the field of Confidential Computing is transparency. Open-source code can be inspected by anyone, which means vulnerabilities can be identified and addressed more quickly than in proprietary software. This transparency builds trust and reliability, essential components in any security solution.

Linux: A Testament to Open-Source Success

Reflecting on the impact of open source, we can’t overlook Linux, released in 1991 and now a cornerstone of open-source software. Linux’s success demonstrates how collaborative efforts can lead to robust and widely-used technology solutions. It’s a testament to the power of open-source communities in driving innovation.

Challenges and Opportunities

While open source offers many benefits, it also presents unique challenges, particularly in terms of coordination and quality control. However, these challenges are often outweighed by the opportunities for innovation and the rapid development cycle that open source enables.

Looking Ahead

As Confidential Computing continues to evolve, the role of open source will undoubtedly expand. Open-source communities will continue to be vital in developing secure, efficient, and adaptable solutions for data protection in an increasingly complex digital landscape.

Next Week’s Focus

Join us next week as we delve into the intricacies of data encryption in Confidential Computing. We’ll explore how encryption techniques are being enhanced and applied in new ways to protect data not just at rest and in transit, but also during processing.

Explore the four-part series on Confidential Computing—a vital innovation for data privacy and security. Dive in now!

Part I –  Introduction to Confidential Computing:  A Year Long Exploration

Part IIThe Evolution of Cybersecurity:  From Early Threats to Modern Challenges

Part IIIBasics of Trusted Execution Environments (TEEs):  The Heart of Confidential Computing

Mar 19

TikTok Becomes Premier Member of Confidential Computing Consortium

By Announcement, Blog No Comments

In an era dominated by rapid technological advancements, the need for robust data security measures has become more critical than ever. Recognizing this imperative, TikTok has joined the Confidential Computing Consortium (CCC) as a Premier member, a collaborative effort dedicated to advancing the adoption of confidential computing technology.

The Confidential Computing Consortium is a community-driven initiative comprising industry leaders and organizations united in their mission to redefine data security standards. Our mission centers on promoting the widespread adoption of confidential computing, focusing on safeguarding sensitive information and cultivating a more robust computing landscape. Utilizing advanced computational techniques, such as hardware-based Trusted Execution Environments, confidential computing enhances security and privacy by protecting data in use. This approach complements existing encryption methods for data at rest and in transit, fostering comprehensive data protection measures.

As a platform, TikTok is used by billions of users worldwide on a global scale. When building products and features, securing the privacy of users is at the forefront of TikTok’s engineering strategy. TikTok’s Privacy Innovation is an open-source initiative dedicated to advancing data privacy through cutting-edge technological advancements and fostering collaboration and transparency. Their open-source initiatives aim to make technology readily available to researchers and practitioners, aligning with a shared vision to shape a safer, more privacy-centric future. By joining this global consortium, TikTok aligns with a community of like-minded entities dedicated to advancing secure computing solutions.

As technology evolves, robust data protection measures become increasingly paramount. Through initiatives like confidential computing, companies like TikTok are safeguarding their users’ information and contributing to the broader effort of establishing a more secure and trustworthy digital ecosystem. TikTok’s membership not only holds significance for the company itself but also serves as an inspiration for other technology companies to prioritize data security in an era where digital trust is of utmost importance.

Join us in welcoming TikTok to the Confidential Computing Consortium.

Read about other organizations who recently joined CCC:

Fujitsu

NVIDIA

Mar 14

The Guide to Confidential Computing Sessions at KubeCon + CloudNativeCon Europe (March 20-21)

By Blog, Event No Comments

Confidential Computing is a transformative approach to protecting data in use, enabling computation in memory without exposing it to the rest of the system. As cloud-native technologies continue to evolve, KubeCon + CloudNativeCon Europe 2024 offers sessions at the forefront. This guide is your go-to resource for exploring the Confidential Computing offerings, ensuring you make the most of your conference experience.

Key Demos, Sessions and Posters 

Learn about Attested Containers for securing containerized workloads and other open source Confidential Computing demos at Intel’s booth, H5.

Poster Session: Kubernetes in the Confidential Computing Marvels: Unlocking SMPC Across Multi-Cloud Clusters

When: Wednesday, March 20 • 18:00 20:00

Who: Gilles Seghaier & Nayani Parameshwari, Astran

Find on KubeCon Schedule

Dive into the world of Secure Multiparty Computation (sMPC) with Kubernetes, exploring its application across multi-cloud clusters for enhanced data security.

Fortifying AI Security in Kubernetes with Confidential Containers (CoCo)

When: Thursday, March 21 • 14:30 15:05

Who: Suraj Deshmukh, Microsoft & Pradipta Banerjee, Red Hat

Find on KubeCon Schedule

A deep dive into securing AI models in Kubernetes using Confidential Containers, ensuring data privacy without sacrificing performance.

Memory Armor for SPIRE: Fortifying SPIRE with Confidential Containers (CoCo)

When: Thursday, March 21 • 17:25 18:00

Who: Matthew Bates, Stealth Security Startup & Suraj Deshmukh, Microsoft

Find on KubeCon Schedule 

Learn how Confidential Containers enhance the security of SPIRE servers, safeguarding sensitive signing keys against unauthorized access.

Confidential Containers for GPU Compute: Incorporating LLMs in a Lift-and-Shift Strategy for AI  

When: Thursday, March 21 • 16:30 17:05

Who: Zvonko Kaiser, NVIDIA

Find on KubeCon Schedule

An exploration of integrating confidential containers with GPU computing for AI/ML workloads, maintaining data confidentiality while leveraging computational power.

Additional Highlights

CRI-O Odyssey: Exploring New Frontiers in Container Runtimes

 An insight into the latest in container runtime technology, touching on Confidential Computing integration.

 Thursday, March 21 • 11:00 11:35

Towards a Cloud-Native, Scalable and Fault-Tolerant Platform for Digital Agriculture

A unique application of cloud-native technologies in agriculture, showcasing the potential of Kubernetes and Confidential Computing.

Wednesday, March 20 • 18:00 20:00

Confidential Computing at KubeCon

KubeCon + CloudNativeCon Europe 2024 offers an opportunity to immerse yourself in the world of Cloud and Compute. Whether you’re a developer, IT professional, or business leader, these sessions provide a wealth of knowledge and a unique chance to advance your understanding of the technology at the Confidential Computing Consortium and its critical role in the future of cloud-native technologies.

Bookmark this page and plan your schedule to make the most of the Confidential Computing sessions at KubeCon + CloudNativeCon Europe 2024. See you there!

Mar 13

Basics of Trusted Execution Environments (TEEs): The Heart of Confidential Computing

By Blog No Comments

Authored by Sal Kimmich

Authored by Sal KimmichAs we delve deeper into our exploration of Confidential Computing, this week we turn our attention to a critical component that plays a central role in this technology: Trusted Execution Environments, or TEEs. Understanding TEEs is key to appreciating how Confidential Computing enhances data security.

What are Trusted Execution Environments (TEEs)?

At its simplest, a Trusted Execution Environment is a secure area within a processor. It guarantees that the code and data loaded inside it are protected with respect to confidentiality and integrity. Essentially, TEEs provide a kind of ‘safe room’ for sensitive operations, ensuring that even if a system is compromised, the data within the TEE remains secure.

How Do TEEs Work?

TEEs operate by isolating specific computations, data, or both, from the rest of the device or network. This isolation is hardware-based, which makes it highly resistant to external attacks, including those from the operating system itself. Within a TEE, code can run without risk of interference or snooping from other processes.

The Role of TEEs in Confidential Computing

In the context of Confidential Computing, TEEs are invaluable. They allow sensitive data to be processed in a secure environment, ensuring that it remains encrypted and inaccessible to unauthorized users or processes. This is particularly crucial when handling personal data, intellectual property, or any information requiring strict confidentiality.

Applications of TEEs

The applications of TEEs are vast and varied. They are used in mobile device security, cloud computing, IoT devices, and more. In each case, TEEs provide a layer of security that is vital in today’s interconnected and often vulnerable digital landscape.

A Look Back at Computing History

As we discuss these advanced concepts, it’s fascinating to reflect on how far we’ve come. Consider the ENIAC, unveiled in 1946 and considered the first general-purpose electronic computer. The journey from such rudimentary computing to today’s sophisticated TEEs underscores the incredible advancements in technology.

Next Steps in Our Journey

Understanding TEEs is just the beginning. As we continue our series, we’ll explore how these environments are implemented and the various challenges and solutions associated with them. 

Stay Tuned

Up next we will delve into the role of open source in Confidential Computing. Open source initiatives are pivotal in the development and adoption of TEEs, offering transparency and collaborative opportunities that are essential in today’s cybersecurity landscape.

Explore the four-part series on Confidential Computing—a vital innovation for data privacy and security. Dive in now!

Part I –  Introduction to Confidential Computing:  A Year Long Exploration

Part IIThe Evolution of Cybersecurity:  From Early Threats to Modern Challenges

Part IVCollaborative Security:  The Role of Open Source in Confidential Computing

Close Menu