As you know, industry-leading organizations come together at CCC and are constantly working to develop and collaborate on standards for Confidential Computing.
On this topic, we’re forming a working group to look at repositioning the CCC and how we present ourselves to the outside world (not to mention potential members), including reflecting on the importance of AI, data privacy, and collaborative computation.
Another working group is considering whether the Consortium should offer a certification for companies, products, services, or solutions. We’re looking for involvement in both of these working groups, so if you have strong views on either, please get in touch.
Tech Talk on Attestation
Attestation lets us evaluate whether we can trust an enclave or a Confidential Virtual Machine (CVM). CVMs have more moving parts to evaluate than enclaves.
This month we had a great Tech Talk from Googler, Dionna Glaze. She explained a lot of the detail required to provide transparency and trust in some of these layers like the virtual firmware (UEFI).
Watch this talk on YouTube and find the slides in our TAC Governance repository.
Panel: A new root of trust: changing computing with Trusted Execution Environments
Confidential Computing Summit (Jun 5 – 6)
Keynote, 2 breakout sessions, and poster session + CCC booth
BIGGEST Discount Ever Exclusively for CCC Community
We’re pumped to have so many expert speakers coming together for #CCSummit in just a few weeks. Save BIG with the CCC discount code and invite your network to join us.
Coming to CC Summit? Join us for an evening of an unforgettable speakeasy experience and good conversation. Mark your calendar, RSVP below, and we can’t wait to see you! ⏰ June 4th, Tuesday | 6PM 📍 Bourbon & Branch San Francisco 🎫 RSVP Here
If you find this newsletter helpful, forward this to your network!
Spring greetings! March is the start of a lovely season. We’re continuing our momentum and bringing you the latest and greatest here at CCC. Let’s dive in.
Executive Director’s Note February was a busy month for the CCC, with appearances or attendance at FOSDEM, State of Open, Rocky Mountain Cyberspace Summit, and PET Summit Europe in London. The breadth of engagement – ranging from technical, open source, US government/federal/defense and European banking/compliance and beyond – shows how use cases for Confidential Computing are becoming increasingly relevant across multiple sectors and contexts. With new membership from Fujitsu and Tiktok moving to participate as a Premier Member, we are also seeing a broader global engagement, which we are keen to address with meetings at times that are appropriate for more members, so if you’re interested in attending any of our committees or SIGs, please get in touch and we can hopefully find a time that works for you.
From the TAC In response to requests from the Cloud Security Alliance and others, the TAC is looking at defining additional terminology. Currently terms fundamental to Confidential Computing… like “Confidential Computing” 🙂 are defined in the A Technical Analysis of Confidential Computing. Confidential Computing artifacts like “Confidential Container” and “Confidential VM” are defined in “Common Terminology for Confidential Computing”. We received requests for clarification about what we might call operational terminology – concepts like “Trust Anchor”.
The TAC anticipates formalizing these definitions in a CCC-governed paper and then perhaps promoting them in other places like Wikipedia. If you would like to contribute, as always “All are Welcome” to contribute to our TAC meetings. Last month we announced the TAC goals defined across Projects, Ecosystem, and Community. TAC representatives from each of the premiere members are taking responsibility to lead one of these areas. Lily and Yash from Red Hat have gotten us off to a great start with their work in the Community objectives. Partnering with Riaan and Sal from our staff, they are well underway to make the internship and mentoring process an enriching experience for the CCC and for our new contributors. If you would like to hear more about the other objectives feel free to reach out to any of our TAC members in slack or on the mail list.
They will be excited to tell you what they are planning.Last but not least, we also announced our newest Special Interest Group last month. SIGs are sub-communities with a common topical interest. The Linux Kernel SIG is now underway working to develop common infrastructure and approaches to increase cross architecture reuse and reduce upstream Linux Kernel maintenance burden. Logistical information is making its way onto the CCC committees page.
Technical Community
March has seen significant developments in Confidential Computing, with a major focus on KubeCon. This event brought to light the advancements in container security and the integration of Kubernetes with confidential computing, setting new standards for cloud-native application security.
KubeCon Technical Highlights: – Enhanced security features in container runtimes, notably with CRI-O’s next iteration. – Greater Integration of TEEs with Kubernetes, marking a significant step in securing cloud-native ecosystems. – The introduction of WebAssembly (WASM) for secure microservices, pushing the envelope for container runtime security.
For a full review of the technologies discussed at KubeCon, see our upcoming blog post on the topic.
March underscored the importance of Confidential Computing with key takeaways from KubeCon, focusing on security enhancements in container runtimes, Kubernetes’ integration with TEEs, and the role of WebAssembly in secure microservices. As we head into April, the CCC is gearing up for the IAPP Global Privacy Summit next week, aiming to share key updates on regulation around privacy and technology with our community.
A reminder for project maintainers: prioritize improving your OpenSSF Scorecard scores, we are currently on track to have all projects at a high or perfect security posture score by the end of Q2, great work everyone!
Outreach Engagement ———————– Monthly Analytics Recently, we’ve covered our monthly analytics report of the website, newsletter, and social in our Outreach Meeting. We’re seeing some positive growth and we’ll keep tracking monthly to improve the health of our activities.
Upcoming Events RSA (May 6-9): All members exhibiting or planning to attend, 📣LET’S COLLABORATE. CCC will have a booth and we’d like to work with you. Here’s what you can do: • Submit Your Video Content: We’d love to display member content on our booth screen. • Provide Booth No.: Let’s cross-promote. We’ll promote your booth number on our passport card. • Showcase Demo: If you have something to show on the show floor, you can use the CCC booth to showcase your demo. Identiverse (May 28-31): CCC is hosting a panel session “Confidential Computing: The Internet’s Missing Cryptography Engine“ CC Summit (Jun 5-6): CFP for CCC breakout sessions will be available soon. Join the Outreach Committee call to discuss more. PET APAC (July 16): Calling all our Confidential Computing Enthusiasts in APAC! Open opportunity to be announced soon. For any questions regarding CCC events, email Events SIG.
CHART YOUR COURSE TO CYBERSECURITY BRILLIANCE AT RSAC 2024 Join us for an unforgettable experience at RSAC 2024—the premier destination for cybersecurity professionals to come together for four days of learning, networking, and advancement! We’ve compiled the top agenda highlights that await you, from captivating Keynotes to cutting-edge innovation.
Register by April 5 to take advantage of our Discount Period pricing and use code 14UCCCFDto save $750* on your Full Conference Pass.
You can also use our FREE Expo Pass Code: 52ECONCOMPXO VIEW FULL AGENDA
We’re wrapping up a busy February with a lot of CCC engagements at industry events and various internal revamp processes.
A quick reminder of what we’re about: Confidential Computing Consortium is a community focused on open-source licensed projects securing DATA IN USE and accelerating the adoption of confidential computing through open collaboration. We welcome all members and projects to be involved and engaged. We’re all contributors to shaping the future of Confidential Computing.
Let’s go!
In February’s Issue:
Executive Director’s Corner
Outreach Activity – Your Opportunity to Get Involved
All Things Technical Community
CCC Community Content
From the Executive Director
The conference season is heating up again, and Confidential Computing is becoming more visible in all kinds of areas. We started February with a whole afternoon track (“devroom”) on Confidential Computing at the developer-led FOSDEM in Brussels, followed by a talk by Sal Kimmich at State of Open UK in London. I’m at the Rocky Mountain Cyberspace Symposium in Colorado Springs during the week of the 19th of February, and we round off the month with the Privacy-Enhancing Summit in London (see below!).
We’re also having success in having an increasing number of sessions being accepted at major conferences including the Confidential Computing Summit and RSA Conference North America. What we’d love to do is make the most of these opportunities with members of the Consortium, so if you’re attending or exhibiting at any conferences, please let us know: we always look for ways to coordinate and amplify each others’ efforts.
CCC Outreach Activities
Kicking off the year with a bang! February was full of CCC activities at industry events. You’re invited.
UpcomingEvents
PET EU (Feb 27-28): CCC is an Associate Partner for PET series. Use the discount code ‘CCC10‘ and join us in London!
[Presentation] Confidential Computing and AI: Securing Data and Driving Innovation by Simon Gallagher (Microsoft)
[Panel] Fortifying Privacy and Security: The Power of Confidential Computing Solutions with Simon Gallagher (Microsoft), Andreas Walbrodt (Enclaive), Bertrand Foing (Secretarium & Klave) moderated by Mike Bursell (CCC)
[Panel] Building an AI Toolbox: How to Utilise Regulated Data Enterprises with David Pollington (Bloc Ventures), Amir Tabakovic (Mobey Forum) moderated by Sal Kimmich (CCC)
[Roundtable] Protecting Privacy in AI and Emerging Technologies led by Sal Kimmich
[Welcome Reception Jeopardy!] Co-hosted with Partisia. Jeopardy led by Sal Kimmich
OC3 (Mar 13): Sal Kimmich speaking on “The road ahead: How confidential computing will evolve in the 2020s and beyond”
OSS NA, Seattle (Apr 16-18): Get ready for the CCC Mini-Summit.
RSA (May 6-9): All members who are exhibiting or planning to attend, LET’S COLLABORATE. CCC will have a booth and we’d like to support our members. Reach out to the Event SIG link below and let us know if you haven’t already!
CC Summit (Jun 5-6): CFP for CCC breakout sessions will be available soon. Join the Outreach Committee call to discuss more.
For any questions regarding CCC events, email Events SIG.
Got Content?
You can submit your request via the CCC Content Request Form.
The year is off to a strong start in the technical community. We are anchoring our contributions on a common view that by working together as a community we can make the world more secure with Confidential Computing than we could as individuals or individual companies. Our work is organized into three streams: Projects, Ecosystem, and Community. By the end of this year, we will be able to say:
Projects: As an open-source organization, we helped our projects grow.
We coached our projects to adopt security best practices according to OpenSSF guidance (best practices badge).
We actively mentored our projects on how to gain adoption.
We facilitated collaboration for CCC projects including with the Linux Kernel
Ecosystem: As security practitioners, we informed security and privacy compliance, standards, and research.
We identified influential compliance organizations & appropriately recommended CC in public documents.
We evolved understanding of attestation and aligned on protocols and formats.
We engaged with academia to encourage and publicize CC research and study.
Community: Our community is growing and healthy.
We encouraged our projects to take LF Inclusive Open Source training.
We have sought out and welcomed new contributors
by representing CCC at conferences
facilitating project issues and pull requests
by participating in mentorship programs such LFX Mentorship, Outreachy, and GSoC to ramp new people in our SIGs and committees
It’s a full year of work ahead of us, but with the active contributions of each of us, we’re going to accomplish each of these goals!
Searchable Glossary of Confidential Computing Terms We’re creating a glossary of the standardized terminology, and communicating with other regulatory bodies like the CSA to use this glossary as the field standard. We welcome contributions to the CCC Glossary Repository for review and discussion now. These terms will be available directly on the CCC website shortly following that process.
Introducing the New Kernel SIG
The CCC is excited to announce the development of a new Special Interest Group (SIG) focused on the Kernel.
This SIG aims to:
Facilitate dialog between Linux kernel and Confidential Computing subject matter experts:
to facilitate direction for topics that need formal collaboration,
to have an additional venue to facilitate direction for topics that are stalled on LKML, which would benefit from higher bandwidth communication,
to have a common place to record decisions and formalize the output for others to reference,
and to introduce new technical topics emerging in either domain, e.g., attestation mechanisms approaching standardization.
Learn more about the Kernel SIG and how you can contribute to its foundational goals.
We’re calling on members to involve their legal teams in our Governance, Risk Management, and Compliance (GRC) initiatives: you can join the GRC mailing list to learn more. These efforts are focused on developing Patterns for Confidential Computing that align with common regulation standards, and sector-specific regulatory obligations. Your legal team’s input will be invaluable as we strive to ensure that confidential computing technologies meet and exceed regulatory requirements.
Soon, all Linux Subfoundation Open Source Projects may be featured on the LFX Insights platform, integrated with new insights for projects from the amazing CLOMonitor. This advancement promises to provide CCC members with critical data on project documentation, cybersecurity readiness, and more. Here are just a few of the important metrics that projects will be evaluated by:
Comprehensive Documentation and Licensing Checks: Ensures projects have detailed README files and clear open-source licenses, facilitating easier adoption and compliance.
Security and Dependency Management: Offers vulnerability scanning and dependency analysis, helping projects identify and mitigate potential security risks before they become issues.
Diverse and Active Community Engagement: Measures contributor diversity and issue engagement, highlighting the project’s inclusivity and responsiveness to community feedback.
Code Health Monitoring: Tracks codebase activity, including commit frequency and issue resolution times, to gauge ongoing development and maintainability.
Project Vitality Indicators: Analyzes release frequency and adoption rates, providing insights into the project’s momentum, popularity, and impact within the open-source ecosystem.
Welcome to the New Year. We’re excited to continue to connect with you and help drive innovation. You’ll hear from us on a monthly basis (at least) for any news and insightful information.
A quick reminder of what we’re about: Confidential Computing Consortium is a community focused on open-source licensed projects securing DATA IN USE and accelerating the adoption of confidential computing through open collaboration. We welcome all members and projects to be involved and engaged. We’re all contributors to shaping the future of Confidential Computing.
Without further ado, let’s get into the content.
CCC Presence in 2023
We wrapped up a busy year of growth and lots of activities. By bringing in the new Executive Director, Mike Bursell, along with our community members’ participation, we’ve increased our presence at industry conferences significantly.
You can hear from Mike on how his first year at CCC as the ED has been and where he is looking to take on in 2024 in his blog.
Technical Community
In 2023 we focused on growing three things: our projects, ecosystem recognition, and our community. Our technical community made great strides on each of these. Our open-source project portfolio is wider and more mature. Outside of the CCC, we contributed security expertise to public documents and standards organizations. As we grew to deliver these projects and papers, we maintained our emphasis on growing a positive community where everyone is welcome, and anyone can learn and contribute.
We’ve started the year off strongly with the addition of Sal Kimmich to the CCC staff team as Technical Community Advisor. Sal has lots of experience in open source communities and security, and is already shaking up what we’re doing (in a number of excellent ways). Expect to hear lots more from Sal. Read more on Sal.
What’s New…
Newsletter: We’ll be bringing you more insightful news from all across the CCC horizon. We’re going to have a regular segment update covering TAC news, Outreach news, Member/ED news, and Project/TCA news.
Outreach SIG: Outreach has new SIGs! In 2024, we’ll be upleveling the outreach efforts across these 4 main focus areas:Events, Web Presence, Technical Documents, and Demos. Each SIG has a lead and participating members to streamline the process. Join us in our bi-weekly Outreach Meeting to participate.
New Look, New Presence: CCC Outreach brought in Linux Foundation’s Sr. Marketing PM, Jen Shelby, to make CCC’s external presence to be cohesive and organized. She’ll be working closely with our Web Presence SIG to improve our website, external publication, social, graphic design, and so much more.
Member Benefits: If you’re unclear about what you can get from participating in the CCC, check out the new benefits page on the website. We also want to encourage ecosystem growth, particularly around start-up participation. For any members, prospective members, or anyone with use cases for or interest in Confidential Computing who wants to get in touch, email Mike Bursell (ED) to see how we can help.
Upcoming Events
Take a look at our upcoming industry engagement and see where you and your team can participate.
FOSDEM (Feb 3-4): CCC is hosting a social hour to support the Confidential Computing Devroom. Email Event SIG if you want to RSVP.
State of Open Con (Feb 6-7): TCA Sal Kimmich is giving a talk.
Rocky Mountain Cyberspace Summit (Feb 19): ED Mike Bursell is attending.
PET EU (Feb 27-28): CCC is an Associate Partner and will host multiple sessions.
OC3 (Mar 13): CCC is hosting 15-min session.
OSS NA (Apr 16-18): CCC is hosting a Mini-Summit.
RSA (May 6-9): Come see us at the CCC booth. All member companies are welcome to collaborate with us.
CC Summit (Jun 5-6): CCC is co-hosting the conference.
Enclaive.io Enclaive.io cordially invites you to the public preview of the virtual Hardware Security Module (vHSM) – a breakthrough in key management for cloud environments. Leveraging advanced confidential compute and virtualization, Enclaive’s vHSMs offer unmatched scalability and flexibility, easily adapting to dynamic requirements in modern data centers. To sign up for the public preview, please contact Enclaive team
Welcome to the October/November 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.
Linux Foundation Member Summit
The Linux Member Summit is for leadership of the Linux Foundation, LF projects and major open source initiatives. This year it was held in Monterey, California, and Mike Bursell (Executive Director) and Stephen Walli (out-going Chair of the Governing Board) attended and delivered a session entitled 50+ companies, 500+ opinions: Aligning Activities with Member Priorities, discussing the history of the CCC, the challenges and opportunities presented by its diverse membership and the approaches being taken to mitigate and capitalise on them. The model of minimum-viable governance received a number of questions from the audience and engagement after the session.
A small number of governing board members also met in person for a GB meeting (with others attending virtually), and there were also discussions with existing members, potential members and other projects (Linux Foundation and others) with a possible overlap with Confidential Computing (such as the Linux Foundation’s Digital Trust project).
Privacy-Enhancing Technologies Summit
In November, the CCC was associate sponsor for the PET Summit Singapore, curating the first morning of a two day conference (agenda). Mike Bursell (Executive Director) moderated the initial session of the conference, introducing Privacy-Enhancing Technologies in general and talking to experts from a variety of backgrounds. Richard Searle of Fortanix then moderated another session, looking particularly at Confidential Computing and the impact it is having on industry today, followed by presentations by Vikas Ujjwal Kumar (Lead Architect Microsoft Technology Centre APAC, Singapore) and Ayush Batra (Regional CTO, Intel). Mike closed out the morning with a presentation about Confidential Computing and the work of the CCC.
The rest of the conference looked at various PETs, situating them strongly within a business context, and with strong representation from local agencies and organisations. Notable was the focus on the importance of focussing on the problem that PETs solve, rather than looking for solutions that a particular technology might address. The IMDA (Singapore’s technology hub and regulator) was the other major sponsor and runs “sandbox” projects to identify and solve issues with the use of PETs: they are very interested in projects from members of the CCC.
This conference was an opportunity for the CCC to execute on its strategy of expanding engagement in the Asia Pacific region and led to interest in membership and collaboration with various organisations, as well as the opportunity to meet in person with several existing members.
Welcome to the August/September 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.
Confidential Computing Mini Summit
MONDAY, SEPTEMBER 18 | 13:30 – 17:00
Location: Euskalduna Bilbao In Person Registration Cost: $10 Virtual Registration Cost: $0
Confidential Computing protects data in use by performing computation in a hardware-based, attested Trusted Execution Environment (TEE). The Confidential Computing is bringing together hardware vendors, cloud providers, and software developers to accelerate the adoption of TEEs through collaboration in open source software.
Location: Euskalduna Conference Centre, Level 5, Room 5A, map.
Joining Sessions Virtually
All mini summit sessions will be streamed live on the Linux Foundation YouTube Channel. There will be no virtual platform for this event. For more information on how to join sessions virtually, please visit our Virtual Attendance webpage. Please note: Virtual attendees will only be able to watch the live session – there will be no speaker Q&A and no virtual attendee audio function. However, chat will be enabled on the YouTube live stream.
Session Recordings
The mini summit will be recorded and posted to the Linux Foundation YouTube channel 2 weeks after the event.
Recap of Diana Initiative
By Deirdre Cleary
The Diana Initiative (TDI) is a conference whose aim is to help those underrepresented in Information Security and this year’s event took place on August 7th at the Westin in Las Vegas. I was sponsored by Evervault to attend and give a talk entitled Spilling the TEE.
This was my first time attending and I found The Diana Initiative to be a really welcoming environment for newcomers. The day offered a mix of talks, workshops, and hands-on villages, all of which built on this year’s theme of Lead the Change. The conference is well-timed at the start of Hacker Summer Camp and leaves attendees feeling confident in themselves and their abilities as they take on the many other events the week has to offer.
As a speaker, I gave a 30-minute talk entitled Spilling the TEE. The session was aimed at those who had no previous experience with Trusted Execution Environments, but were curious to learn what they’re all about. I discussed why we need TEEs, the features they offer, the types of TEEs available today, and gave some examples of applicable use cases.
One use case we dove into a little deeper was that of rebuilding trust in period tracking apps. Post Roe v. Wade there was a lot of discussion about whether it is safe to be sharing this very personal data with apps on your phone, having little knowledge of, or control over, what the data can be used for. At TDI I explored how TEEs could be part of the solution. In combination with open sourcing, TEEs can offer users confirmation of exactly what actions are being performed on their data, thanks to attestation. I demonstrated this using Evervault’s open source project (Cages)[https://github.com/evervault/cages] to deploy a simple attestable period prediction tool on (AWS Nitro Enclaves)[https://aws.amazon.com/ec2/nitro/nitro-enclaves].
While this is not the typical example we give for TEEs, it resonated well with the attendees on the day, and goes to show that the more diverse the people involved in confidential computing, the more diverse the solutions we can build together.
On Friday and Saturday August 11-12, I attended DEFCON, the largest hacker conference in the world, held across 3 different Caesars’ convention centers, with over 30,000 attendees. The conference is so big that they have to split it into what they call villages, which are still very large on their own. I spent most of my time in the following villages:
IoT Village
The CCC was sponsoring the IoT Village. This was a very well attended village, and I was surprised by the enthusiasm and knowledge of the attendees. Many arrived early in the morning, and only left the large room late in the afternoon, spending their time trying to break into IoT devices. Many thanks to the IoT Village organizers who received me, Rachael Tubbs and Sara Pickering, MS, PHR, SHRM-CP.
AI Village
The AI Village was one of the most popular ones, and was dedicated to DARPA’s AI Cyber Initiative. Thousands of hackers tried to find vulnerabilities in Large Language Models. This initiative was officially announced at the main auditorium:
DARPA Announces an AI Cyber Initiative – by Dave Weston, Vice President of Enterprise and OS Security at Microsoft; Heather Adkins, Vice President of Security Engineering at Google; Matthew Knight, Head of Security at OpenAI; Michael Sellitto, Head of Geopolitics and Security Policy at Anthropic; Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF); and Perri Adams, AixCC Program Manager at DARPA.
Policy@DEFCON
The Policy@DEFCON room was also well attended, and brought together government officials and specialists interested in safeguarding critical infrastructure, with a particular focus on open source software security. I really liked Kemba Walden’s fireside chat with Jeff Moss at the main auditorium:
Fireside Chat with the National Cyber Director Kemba Walden – by Kemba Walden, Acting National Cyber Director at the Office of the National Cyber Director, the White House; Jeff Moss, Founder of DEFCON.
Crypto & Privacy Village
The Crypto & Privacy Village is one of my favorites, and last year we gave two talks there. This time, I was only attending. I especially enjoyed the entertaining privacy talk from Anthony about how privacy laws are evolving in the U.S.:
Is 2023 the Year of Privacy: How History and States are Posed to Change Privacy? – by Anthony Hendricks
Welcome to the June/July 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.
Confidential Computing Summit: Broad industry representation
On Thursday, 29th June 2023, the first Confidential Computing Summit was held at the Marriott Marquis in San Francisco. Organized by Opaque Systems and the Confidential Computing Consortium, it comprised 38 sessions delivered by 44 speakers and panelists, with 244 attendees – over twice the expected number. Although initially planned as a single track event, the number of responses to the Call for Papers was so large that the agenda was split into three tracks, with keynotes starting and ending the event.
Sessions covered a broad range of topics, from state of the industry and outlook, to deep-dive technical discussions. One of the key themes of the Summit, however, was the application of Confidential Computing to real-life use cases, with presentations by end users as well as suppliers of Confidential Computing technologies. The relevance of Confidential Computing to AI was a recurring topic as data and model privacy is emerging as a major concern for many users, particularly those with requirements to share data with untrusted parties whether partners or even competitors for multi-party collaboration. Other use cases included private messaging, anti-money laundering, Edge computing, regulatory compliance, Big Data, examination security and data sovereignty. Use cases for Confidential Computing ranged across multiple sectors, including telecommunications, banking, insurance, healthcare and AdTech. Sessions ranged from high-level commercial use case discussions to low-level technical considerations.
There was an exhibitor hall which doubled as meeting space and included booths from the CCC and Opaque Systems plus the Summit’s premier sponsors (Microsoft, Intel, VMware, Arm, Anjuna, Fortanix, Edgeless Systems, Cosmian). The venue also had sufficient space (and seating with branded cushions!) for a busy “hallway track”. For many attendees, the ability to meet other industry professionals in person for the first time was as valuable a reason to attend the Summit as the session – while virtual conferences can have value, the conversations held face-to-face at the conference provided opportunities for networking that would have been impossible without real-world interactions.
The Confidential Computing Consortium would like to thank Opaque Systems and the program committee for their hard work in organizing this event. Given the success of the Summit, plans are already underway for a larger instance next year. Please keep an eye on this blog and other news outlets for information. We look forward to seeing you there!
Welcome to the May 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.
Welcome New Members!
Cryptosat is excited to join the Confidential Computing Consortium. We are working to provide a very unique trusted compute environment in space for use-cases requiring a perfect air-gap and physical isolation. We’re looking forward to contribute to the Confidential Computing technology landscape and establish fruitful partnerships with other companies in the consortium.
Confidential Computing Summit Use Case Awards
Calling all Confidential Computing experts! Today we’re launching the Confidential Computing Use Case Awards, with the chance to be recognized for the best case study across healthcare, financial services, and adtech. Use this form to tell your story.
Each case study will be evaluated by a panel of judges. Things to keep in mind:
The case studies do not need to be deployed. We are interested in nominations that identify the real world changes that can be addressed by confidential computing.
The use cases will be grouped in the following sectors: FinServ, Healthcare, AdTech, and Other
The case study must answer two questions: What is the problem? How does confidential computing provide the solution?
The Confidential Computing Consortium is a co-organizer of the Confidential Computing Summit. The event will take place in San Francisco on the 29th of June. The CCC and Opaque are launching the Confidential Computing Use Case Awards, asking teams to share their most interesting use cases across healthcare, financial services, adtech, and social good, with the chance to be recognized at the summit:
Striking a balance between security, privacy, and performance is a challenge in machine learning applications. In this talk we will present BlindAI, an open-source confidential computing solution that harnesses Intel SGX enclaves to enable secure remote ML inference. Our solution effectively safeguards the confidentiality of both the model and user data while also ensuring the predictions’ integrity. We will discuss the motivation behind BlindAI, how we factored in the specificities and constraints of Intel SGX at the design stage, and share the outcome of an independent security audit of our solution.
Dan Middleton, of Intel and the Confidential Computing Consortium (CCC), dives deep on the topic of confidential computing (CoCo) and many related concerns, such as Trusted Execution Environments with Doc Searls and Jonathan Bennett.
Welcome to the April 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.
Welcome New Members!
Spectro Cloud has recently joined the CCC. Founded by multi-cloud management experts, Spectro Cloud aims to make cloud infrastructure boundaryless for the enterprise. It provide solutions that help enterprises run Kubernetes their way, anywhere.
A word from Mike Bursell, CCC’s new Executive Director
I’m very pleased to announce that I’ve just started a new role as part-time Executive Director for the Confidential Computing Consortium, which is a project of the The Linux Foundation. I have been involved from the very earliest days of the consortium, which was founded in 2019, and I’m delighted to be joining as an officer of the project as we move into the next phase of our growth. I look forward to working with existing and future members and helping to expand industry adoption of Confidential Computing.
For those of you who’ve been following what I’ve been up to over the years, this may not be a huge surprise, at least in terms of my involvement, which started right at the beginning of the CCC. In fact, Enarx, the open source project of which I was co-founder, was the very first project to be accepted into the CCC, and Red Hat, where I was Chief Security Architect (in the Office of the CTO) at the time, was one of the founding members. Since then, I’ve served on the Governing Board (twice, once as Red Hat’s representative as a Premier member, and once as an elected representative of the General members) acted as Treasurer, been Co-chair of the Attestation SIG and been extremely active in the Technical Advisory Council. I was instrumental in initiating the creation of the first analyst report into Confidential Computing and helped in the creation of the two technical and one general white paper published by the CCC. I’ve enjoyed working with the brilliant industry leaders who more than ably lead the CCC, many of whom I now count not only as valued colleagues but also as friends.
The position – Executive Director – however, is news. For a while, the CCC has been looking to extend its activities beyond what the current officers of the consortium can manage, given that they have full-time jobs outside the CCC. The consortium has grown to over 40 members now – 8 Premier, 35 General and 8 Associate – and with that comes both the opportunity to engage in a whole new set of activities, but also a responsibility to listen to the various voices of the membership and to ensure that the consortium’s activities are aligned with the expectations and ambitions of the members. Beyond that, as Confidential Computing becomes more pervasive, it’s time to ensure that (as far as possible), there’s a consistent, crisp and compelling set of messages going out to potential adopters of the technology, as well as academics and regulators.
I plan to be working on the issues above. I’ve only just started and there’s a lot to be doing – and the role is only part-time! – but I look forward to furthering the aims of the CCC:
“The Confidential Computing Consortium is a community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration.” – The core mission of the CCC Wish me luck, or, even better, get in touch and get involved yourself.
– Cloud Security Made for the EU: Securing Data & Applications – Dr. Norbert Pohlmann, IT Security Association Germany (TeleTrusT) (Moderator), Ulla Coester, Westphalian University of Applied Sciences Gelsenkirchen (Panelist), Nils Karn, Mitigant by Resility (Panelist), Andreas Walbrodt, enclaive (Panelist)
Mike Bursell will attend the event to promote the CCC. Confidential Computing talks include:
– Advancements in Confidential Computing – Vojtěch Pavlik, SUSE – WASM + CC, Secure Your FaaS Function – Xinran Wang & Liang He, Intel – A WASM Runtime for FaaS Protected by TEE – Sara Wang & Yongli He, Intel – OpenFL: A Federated Learning Project to Power Your Projects – Ezequiel Lanza, Intel
The Confidential Computing Consortium is a co-organizer of the Confidential Computing Summit. The event will take place in San Francisco on the 29th of June. The CCC and Opaque are launching the Confidential Computing Use Case Awards, asking teams to share their most interesting use cases across healthcare, financial services, adtech, and social good, with the chance to be recognized at the summit:
The Arm Confidential Compute Architecture (Arm CCA) builds on top of the Armv9-A Realm Management Extension (RME) by providing a reference security architecture and open-source implementation of hypervisor-based confidential computing. This talk describes the latest open-source project developments (Trusted Firmware, Linux, KVM, EDK2) to enable Arm CCA, including current status and next steps.
CCC Blog: Why Attestation is Required for Confidential Computing?
Alec Fernandez from Microsoft clarifies why the CCC amended the definition of Confidential Computing to add attestation:
The Wikipedia article for Confidential Computing has now been officially published. The article was led by Mike Ferron-Jones under the guidance of Wikipedia consultant Jake Orlowitz with the help of multiple CCC members. The article is available here:
Welcome to the March 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.
New Members
Canonical
Canonical joined the CCC in the prior month, and now they’ve published a blog post:
Customers and partners rely on SUSE to deliver a secure, open source platform that fully protects data regardless of its state. Confidential Computing safeguards data in use without impacting business-critical workloads. Joining the Confidential Computing Consortium enables SUSE to collaborate with open source leaders to advance these security technologies for our customers.
Recent Events
FOSS Backstage
The Confidential Computing Consortium participated at FOSS Backstage that took place in Berlin on March 13-14. CCC Outreach Chair Nick Vidal gave a talk about combining open source supply chain technologies like SBOMs and Sigstore with Confidential Computing. The presentation was very much inspired by the SLSA security framework, where the major threats are highlighted in each stage of the supply chain. Interestingly enough, currently SLSA does not cover much of the last mile of the supply chain, when the application/workload is actually deployed, and this is where Confidential Computing can play an important role. The video recording is available here:
On March 15th , for the third year in a row, the Open Confidential Computing Conference (OC3) brought the confidential computing community together to discuss latest developments, use cases, and projects. The event was hosted by Edgeless Systems, and proudly sponsored by the Confidential Computing Consortium, amongst others. There were 29 sessions with 37 expert speakers from Intel, Microsoft, NVIDIA, IBM, AMD, Suse and many more. 1227 people registered across industries from all over the world. The recordings are available on Edgeless Systems YouTube channel on demand.
You can find Ben Fischer keynote on behalf of the CCC here:
A CTO panel with Greg Lavender, Mark Russinovich, Mark Papermaster and Ian Buck is available here:
Webinar:
Dan Middleton, CCC TAC Chair and principal engineer at Intel, and Dave Thaler, former CCC TAC Chair and software architect at Microsoft, shared their work with Confidential Computing and their efforts to further this technology via the Confidential Computing Consortium. Learn about confidential computing, the problems it solves, and how you can get involved:
The Confidential Computing Consortium is a co-organizer of the Confidential Computing Summit. The event will take place in San Francisco on the 29th of June. The Confidential Computing Summit brings together experts, innovators, cloud providers, software and hardware providers, and user organizations from all industries to accelerate key initiatives in confidential computing. Call for Speakers are open.
Women in Confidential Computing
In March we celebrated International Women’s month. We have several women who are leading the way and advancing Confidential Computing, among which:
Raluca Ada Popa: Raluca is an associate professor of computer science at UC Berkeley. She is interested in security, systems, and applied cryptography. Raluca developed practical systems that protect data confidentiality by computing over encrypted data, as well as designed new encryption schemes that underlie these systems. Some of her systems have been adopted into or inspired systems such as SEEED of SAP AG, Microsoft SQL Server’s Always Encrypted Service, and others. Raluca received her PhD in computer science as well as her two BS degrees, in computer science and in mathematics, from MIT. She is the recipient of an Intel Early Career Faculty Honor award, George M. Sprowls Award for best MIT CS doctoral thesis, a Google PhD Fellowship, a Johnson award for best CS Masters of Engineering thesis from MIT, and a CRA Outstanding undergraduate award from the ACM.
Mona Vij: Mona is a Principal Engineer and Cloud and Data Center Security Research Manager at Intel Labs, where she focuses on Scalable Confidential Computing for end-to-end Cloud to Edge security. Mona received her Master’s degree in Computer Science from University of Delhi, India. Mona leads the research engagements on Trusted execution with a number of universities. Her research has been featured in journals and conferences including USNIX OSDI, USENIX ATC and ACM ASPLOS, among others. Mona’s research interests primarily include trusted computing, virtualization, device drivers and operating systems.
Nelly Porter: Nelly is a lead of the Confidential Computing in Google with over 10 years’ experience in platform security, virtsec, PKI, crypto, authentication, and authorization field. She is working on multiple areas in Google, from root of trust, Titan, to the Shielded and Confidential Computing, has 25 patents and defensive publications. Prior to working at Google, Porter spent some time working in Microsoft in the virtualization and security space, HP Labs advancing clustering story, and Scientix (Israel) as a firmware and kernel driver eng. She has two sons, both are in the CS field, one of them is working for Google.
Lily Sturmann: Lily is a senior software engineer at Red Hat in the Office of the CTO in Emerging Technologies. She has primarily worked on security projects related to remote attestation, confidential computing, and securing the software supply chain.
Ijlal Loutfi: Ijlal is a security product manager at Canonical, the publishers of Ubuntu. She’s a post-doctoral researcher at the Norwegian University of Science of Technology, working with Professor Bian Yang. Her PhD was on trusted computing, trusted execution environments and online user authentication. Research interests include: Online identity management, namely self-sovereign identities; Applied cryptography, namely, proxy re-encryption; and Verifiable Remote Computation.
Mary Beth Chalk: Mary is the Co-founder & Chief Commercial Officer at BeeKeeperAI, Inc. has over 25 years of healthcare innovation experience improving outcomes through data-informed decision making, services, and processes. Her early work with health systems was grounded in statistical process control enabling healthcare executives to discern the signal from the noise of their data. As COO of a mental health organization, she created and implemented a system of predictive algorithms to improve the effectiveness of psychotherapy treatment. Mary Beth was also the co-founder of a chronic disease self-management platform that combined monitoring device data with algorithm-driven digital behavioral coaching to improve health engagement and outcomes. Her current work is focused on the development of healthcare AI from the perspective of the data owner and the algorithm owner including issues such as data access and intellectual property.
Ellison Anne Williams: Anne is the Founder and CEO of Enveil, the pioneering data security startup protecting Data in Use. She has more than a decade of experience spearheading avant-garde efforts in the areas of large scale analytics, information security and privacy, computer network exploitation, and network modeling at the National Security Agency and the Johns Hopkins University Applied Physics Laboratory. In addition to her leadership experience, she is accomplished in the fields of distributed computing and algorithms, cryptographic applications, graph theory, combinatorics, machine learning, and data mining and holds a Ph.D. in Mathematics (Algebraic Combinatorics), a M.S. in Mathematics (Set Theoretic Topology), and a M.S. in Computer Science (Machine Learning).
Sandrine Murcia: Sandrine is the CEO and co-founder of Cosmian, The Personal Data Network. Powered by peer-to-peer and blockchain technologies, Cosmian is the reference for personal data control & access, while favoring sustainable economic models for publishers and brands. Sandrine began her career in 1995 at Procter & Gamble. In 1999, thrilled by the emerging potential of the Internet, she switched gears and joined Microsoft’s MSN consumer division. In 2004, Sandrine joined Google and exercised responsibilities as Southern Europe Marketing Director. Sandrine holds a BA in Biotechnologies from INSA Lyon and a HEC Paris Master in Entrepreneurship. Sandrine is a 2004 Kellogg School of Management MBA graduate.
CCC and FHE
Dan Middleton, CCC TAC Chair, and Rosario Cammarota, Chief Scientist | Privacy-Enhanced Computing Research, Intel Corp., published a special blog post comparing Confidential Computing and Homomorphic Encryption. The blog post is available here:
The Wikipedia article for Confidential Computing is now under the “Drafts” section, awaiting for one of the Wikipedia maintainers to review and publish it. The article was led by Mike Ferron-Jones under the guidance of Wikipedia consultant Jake Orlowitz with the help of multiple CCC members. The article is available here:
-1.png?width=1120&upscale=true&name=CCC%20member%20HH%20(1280%20x%20720%20px)-1.png)
