Welcome to the August/September 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.

Confidential Computing Mini Summit

MONDAY, SEPTEMBER 18 | 13:30 – 17:00

Location: Euskalduna Bilbao
In Person Registration Cost: $10
Virtual Registration Cost: $0

Confidential Computing protects data in use by performing computation in a hardware-based, attested Trusted Execution Environment (TEE). The Confidential Computing is bringing together hardware vendors, cloud providers, and software developers to accelerate the adoption of TEEs through collaboration in open source software.

Agenda:

• 13:30 – Introductions – Paul O’Neil
• 13:40 – PETs of the world unite! Conquer the middle ground in the performance vs security spectrum – Dr. Sven Trieflinger
• 14:20 – Formal specification of attestation mechanisms in Confidential Computing – Muhammad Usama Sardar
• 15:00 – Break
• 15:15 – secGear: openEuler native confidential computing framework – Zhenyu Zheng
• 15:45 – Use case deep dive: Secure and privacy-preserving cyber threat intelligence exchange – Nicolae Paladi
• 16:15 – Securing the Unseen: Vulnerability Research in Confidential Computing– Josh Eads
• 16:45 – Wrap Up – Mike Bursell

Event Details

Date: Monday, September 18, 2023 

Time: 13:30 – 17:00 CEST

Agenda: https://osseu2023.sched.com/event/1Our5

Location: Euskalduna Conference Centre, Level 5, Room 5A, map.

Joining Sessions Virtually

All mini summit sessions will be streamed live on the Linux Foundation YouTube Channel. There will be no virtual platform for this event. For more information on how to join sessions virtually, please visit our Virtual Attendance webpage. Please note: Virtual attendees will only be able to watch the live session – there will be no speaker Q&A and no virtual attendee audio function. However, chat will be enabled on the YouTube live stream.

Session Recordings

The mini summit will be recorded and posted to the Linux Foundation YouTube channel 2 weeks after the event.

Recap of Diana Initiative

By Deirdre Cleary

The Diana Initiative (TDI) is a conference whose aim is to help those underrepresented in Information Security and this year’s event took place on August 7th at the Westin in Las Vegas. I was sponsored by Evervault to attend and give a talk entitled Spilling the TEE.

This was my first time attending and I found The Diana Initiative to be a really welcoming environment for newcomers. The day offered a mix of talks, workshops, and hands-on villages, all of which built on this year’s theme of Lead the Change. The conference is well-timed at the start of Hacker Summer Camp and leaves attendees feeling confident in themselves and their abilities as they take on the many other events the week has to offer.

As a speaker, I gave a 30-minute talk entitled Spilling the TEE. The session was aimed at those who had no previous experience with Trusted Execution Environments, but were curious to learn what they’re all about. I discussed why we need TEEs, the features they offer, the types of TEEs available today, and gave some examples of applicable use cases.

One use case we dove into a little deeper was that of rebuilding trust in period tracking apps. Post Roe v. Wade there was a lot of discussion about whether it is safe to be sharing this very personal data with apps on your phone, having little knowledge of, or control over, what the data can be used for. At TDI I explored how TEEs could be part of the solution. In combination with open sourcing, TEEs can offer users confirmation of exactly what actions are being performed on their data, thanks to attestation. I demonstrated this using Evervault’s open source project (Cages)[https://github.com/evervault/cages] to deploy a simple attestable period prediction tool on (AWS Nitro Enclaves)[https://aws.amazon.com/ec2/nitro/nitro-enclaves].

While this is not the typical example we give for TEEs, it resonated well with the attendees on the day, and goes to show that the more diverse the people involved in confidential computing, the more diverse the solutions we can build together.

Resources:

Slides

Video

Recap of DEFCON

By Nick Vidal

On Friday and Saturday August 11-12, I attended DEFCON, the largest hacker conference in the world, held across 3 different Caesars’ convention centers, with over 30,000 attendees. The conference is so big that they have to split it into what they call villages, which are still very large on their own. I spent most of my time in the following villages:

IoT Village

The CCC was sponsoring the IoT Village. This was a very well attended village, and I was surprised by the enthusiasm and knowledge of the attendees. Many arrived early in the morning, and only left the large room late in the afternoon, spending their time trying to break into IoT devices. Many thanks to the IoT Village organizers who received me, Rachael Tubbs and Sara Pickering, MS, PHR, SHRM-CP.

AI Village

The AI Village was one of the most popular ones, and was dedicated to DARPA’s AI Cyber Initiative. Thousands of hackers tried to find vulnerabilities in Large Language Models. This initiative was officially announced at the main auditorium:

DARPA Announces an AI Cyber Initiative – by Dave Weston, Vice President of Enterprise and OS Security at Microsoft; Heather Adkins, Vice President of Security Engineering at Google; Matthew Knight, Head of Security at OpenAI; Michael Sellitto, Head of Geopolitics and Security Policy at Anthropic; Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF); and Perri Adams, AixCC Program Manager at DARPA.

Policy@DEFCON

The Policy@DEFCON room was also well attended, and brought together government officials and specialists interested in safeguarding critical infrastructure, with a particular focus on open source software security. I really liked Kemba Walden’s fireside chat with Jeff Moss at the main auditorium:

Fireside Chat with the National Cyber Director Kemba Walden – by Kemba Walden, Acting National Cyber Director at the Office of the National Cyber Director, the White House; Jeff Moss, Founder of DEFCON.

Crypto & Privacy Village

The Crypto & Privacy Village is one of my favorites, and last year we gave two talks there. This time, I was only attending. I especially enjoyed the entertaining privacy talk from Anthony about how privacy laws are evolving in the U.S.:

Is 2023 the Year of Privacy: How History and States are Posed to Change Privacy? – by Anthony Hendricks

Resources:

Full Article

Thanks,
The Confidential Computing Consortium

Welcome to the June/July 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.

Confidential Computing Summit: Broad industry representation

On Thursday, 29th June 2023, the first Confidential Computing Summit was held at the Marriott Marquis in San Francisco.  Organized by Opaque Systems and the Confidential Computing Consortium, it comprised 38 sessions delivered by 44 speakers and panelists, with 244 attendees – over twice the expected number.  Although initially planned as a single track event, the number of responses to the Call for Papers was so large that the agenda was split into three tracks, with keynotes starting and ending the event.

Sessions covered a broad range of topics, from state of the industry and outlook, to deep-dive technical discussions.  One of the key themes of the Summit, however, was the application of Confidential Computing to real-life use cases, with presentations by end users as well as suppliers of Confidential Computing technologies.  The relevance of Confidential Computing to AI was a recurring topic as data and model privacy is emerging as a major concern for many users, particularly those with requirements to share data with untrusted parties whether partners or even competitors for multi-party collaboration.  Other use cases included private messaging, anti-money laundering, Edge computing, regulatory compliance, Big Data, examination security and data sovereignty.  Use cases for Confidential Computing ranged across multiple sectors, including telecommunications, banking, insurance, healthcare and AdTech. Sessions ranged from high-level commercial use case discussions to low-level technical considerations.

There was an exhibitor hall which doubled as meeting space and included booths from the CCC and Opaque Systems plus the Summit’s premier sponsors (Microsoft, Intel, VMware, Arm, Anjuna, Fortanix, Edgeless Systems, Cosmian).  The venue also had sufficient space (and seating with branded cushions!) for a busy “hallway track”.  For many attendees, the ability to meet other industry professionals in person for the first time was as valuable a reason to attend the Summit as the session – while virtual conferences can have value, the conversations held face-to-face at the conference provided opportunities for networking that would have been impossible without real-world interactions.

Videos of many of the sessions are available on the conference website: https://confidentialcomputingsummit.com/ (the agenda of sessions presented is also available).

The Confidential Computing Consortium would like to thank Opaque Systems and the program committee for their hard work in organizing this event.  Given the success of the Summit, plans are already underway for a larger instance next year.  Please keep an eye on this blog and other news outlets for information.  We look forward to seeing you there!

– Mike Bursell, Executive Director of the CCC

Upcoming Events

• The Diana Initiative, Las Vegas, August 7
• DEFCON, Las Vegas, August 10-13
• Confidential Computing Mini Summit, Bilbao, September 18
• Open Source Summit Europe, Bilbao, September 19-21
• Open Source Summit China, Shanghai, September 26-28

Thanks,
The Confidential Computing Consortium

Welcome to the May 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.

Welcome New Members!

Cryptosat is excited to join the Confidential Computing Consortium. We are working to provide a very unique trusted compute environment in space for use-cases requiring a perfect air-gap and physical isolation. We’re looking forward to contribute to the Confidential Computing technology landscape and establish fruitful partnerships with other companies in the consortium.

Confidential Computing Summit Use Case Awards

Calling all Confidential Computing experts! Today we’re launching the Confidential Computing Use Case Awards, with the chance to be recognized for the best case study across healthcare, financial services, and adtech. Use this form to tell your story.

Each case study will be evaluated by a panel of judges. Things to keep in mind:

• The case studies do not need to be deployed. We are interested in nominations that identify the real world changes that can be addressed by confidential computing.
• The use cases will be grouped in the following sectors: FinServ, Healthcare, AdTech, and Other
• The case study must answer two questions: What is the problem? How does confidential computing provide the solution?

Recent Events

Open Source Summit North America, May 10-12, Vancouver

Mike Bursell and Stephen Walli attended the conference representing the CCC. Confidential Computing talks include:

– Advancements in Confidential Computing – Vojtěch Pavlik, SUSE
– WASM + CC, Secure Your FaaS Function – Xinran Wang & Liang He, Intel
– A WASM Runtime for FaaS Protected by TEE – Sara Wang & Yongli He, Intel
– OpenFL: A Federated Learning Project to Power Your Projects – Ezequiel Lanza, Intel

Upcoming Events

Confidential Computing Summit, June 29th, San Francisco

The Confidential Computing Consortium is a co-organizer of the Confidential Computing Summit. The event will take place in San Francisco on the 29th of June. The CCC and Opaque are launching the Confidential Computing Use Case Awards, asking teams to share their most interesting use cases across healthcare, financial services, adtech, and social good, with the chance to be recognized at the summit:

Webinars

BlindAI: Secure remote ML inference with Intel SGX enclaves

Striking a balance between security, privacy, and performance is a challenge in machine learning applications. In this talk we will present BlindAI, an open-source confidential computing solution that harnesses Intel SGX enclaves to enable secure remote ML inference. Our solution effectively safeguards the confidentiality of both the model and user data while also ensuring the predictions’ integrity. We will discuss the motivation behind BlindAI, how we factored in the specificities and constraints of Intel SGX at the design stage, and share the outcome of an independent security audit of our solution.

FLOSS WEEKLY 731 – Confidential Computing

Dan Middleton, of Intel and the Confidential Computing Consortium (CCC), dives deep on the topic of confidential computing (CoCo) and many related concerns, such as Trusted Execution Environments with Doc Searls and Jonathan Bennett.

Thanks,
The Confidential Computing Consortium

Welcome to the April 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.

Welcome New Members!

Spectro Cloud has recently joined the CCC. Founded by multi-cloud management experts, Spectro Cloud aims to make cloud infrastructure boundaryless for the enterprise. It provide solutions that help enterprises run Kubernetes their way, anywhere.

A word from Mike Bursell, CCC’s new Executive Director

I’m very pleased to announce that I’ve just started a new role as part-time Executive Director for the Confidential Computing Consortium, which is a project of the The Linux Foundation. I have been involved from the very earliest days of the consortium, which was founded in 2019, and I’m delighted to be joining as an officer of the project as we move into the next phase of our growth. I look forward to working with existing and future members and helping to expand industry adoption of Confidential Computing.

For those of you who’ve been following what I’ve been up to over the years, this may not be a huge surprise, at least in terms of my involvement, which started right at the beginning of the CCC. In fact, Enarx, the open source project of which I was co-founder, was the very first project to be accepted into the CCC, and Red Hat, where I was Chief Security Architect (in the Office of the CTO) at the time, was one of the founding members. Since then, I’ve served on the Governing Board (twice, once as Red Hat’s representative as a Premier member, and once as an elected representative of the General members) acted as Treasurer, been Co-chair of the Attestation SIG and been extremely active in the Technical Advisory Council. I was instrumental in initiating the creation of the first analyst report into Confidential Computing and helped in the creation of the two technical and one general white paper published by the CCC. I’ve enjoyed working with the brilliant industry leaders who more than ably lead the CCC, many of whom I now count not only as valued colleagues but also as friends.

The position – Executive Director – however, is news. For a while, the CCC has been looking to extend its activities beyond what the current officers of the consortium can manage, given that they have full-time jobs outside the CCC. The consortium has grown to over 40 members now – 8 Premier, 35 General and 8 Associate – and with that comes both the opportunity to engage in a whole new set of activities, but also a responsibility to listen to the various voices of the membership and to ensure that the consortium’s activities are aligned with the expectations and ambitions of the members. Beyond that, as Confidential Computing becomes more pervasive, it’s time to ensure that (as far as possible), there’s a consistent, crisp and compelling set of messages going out to potential adopters of the technology, as well as academics and regulators.

I plan to be working on the issues above. I’ve only just started and there’s a lot to be doing – and the role is only part-time! – but I look forward to furthering the aims of the CCC:

“The Confidential Computing Consortium is a community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration.” – The core mission of the CCC
Wish me luck, or, even better, get in touch and get involved yourself.

Recent Events

Kubecon Europe, April 18-21, Amsterdam

– Keynote: MLOps on Highly Sensitive Data – Strict Confinement, Confidential Computing, and Tokenization Protecting Privacy – Maciej Mazur, Principal AI/ML Engineer, Canonical & Andreea Munteanu, AI/ML Product Manager, Canonical

– Confidential Containers Made Easy – Fabiano Fidencio, Intel & Jens Freimann, Red Hat

– The Next Episode in Workload Isolation: Confidential Containers – Jeremi Piotrowski, Microsoft

RSA Conference, April 24-27, San Francisco

CCC member Kate George from Intel went to RSA to raise awareness about the CCC and promote CC Summit.

– The Rise of Confidential Computing, What It Is and What it Means to You – Stephanie Domas, Intel

– Cloud Security Made for the EU: Securing Data & Applications – Dr. Norbert Pohlmann, IT Security Association Germany (TeleTrusT) (Moderator), Ulla Coester, Westphalian University of Applied Sciences Gelsenkirchen (Panelist), Nils Karn, Mitigant by Resility (Panelist), Andreas Walbrodt, enclaive (Panelist)

Upcoming Events

Open Source Summit North America, May 10-12, Vancouver

Mike Bursell will attend the event to promote the CCC. Confidential Computing talks include:

– Advancements in Confidential Computing – Vojtěch Pavlik, SUSE
– WASM + CC, Secure Your FaaS Function – Xinran Wang & Liang He, Intel
– A WASM Runtime for FaaS Protected by TEE – Sara Wang & Yongli He, Intel
– OpenFL: A Federated Learning Project to Power Your Projects – Ezequiel Lanza, Intel

Confidential Computing Summit, June 29th, San Francisco

The Confidential Computing Consortium is a co-organizer of the Confidential Computing Summit. The event will take place in San Francisco on the 29th of June. The CCC and Opaque are launching the Confidential Computing Use Case Awards, asking teams to share their most interesting use cases across healthcare, financial services, adtech, and social good, with the chance to be recognized at the summit:

Webinar

Arm Confidential Compute Architecture, May 23rd

The Arm Confidential Compute Architecture (Arm CCA) builds on top of the Armv9-A Realm Management Extension (RME) by providing a reference security architecture and open-source implementation of hypervisor-based confidential computing. This talk describes the latest open-source project developments (Trusted Firmware, Linux, KVM, EDK2) to enable Arm CCA, including current status and next steps.

CCC Blog: Why Attestation is Required for Confidential Computing?

Alec Fernandez from Microsoft clarifies why the CCC amended the definition of Confidential Computing to add attestation:

Why is Attestation Required for Confidential Computing?

Wikipedia

The Wikipedia article for Confidential Computing has now been officially published. The article was led by Mike Ferron-Jones under the guidance of Wikipedia consultant Jake Orlowitz with the help of multiple CCC members. The article is available here:

https://en.wikipedia.org/wiki/Confidential_computing

Thanks,
The Confidential Computing Consortium

Welcome to the March 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.

New Members

Canonical

Canonical joined the CCC in the prior month, and now they’ve published a blog post:

https://canonical.com/blog/canonical-joins-the-confidential-computing-consortium

Suse

Suse has recently joined the CCC and they have also published a blog post:

https://www.suse.com/c/suse-joins-the-confidential-computing-consortium/

Customers and partners rely on SUSE to deliver a secure, open source platform that fully protects data regardless of its state.  Confidential Computing safeguards data in use without impacting business-critical workloads.  Joining the Confidential Computing Consortium enables SUSE to collaborate with open source leaders to advance these security technologies for our customers.

Recent Events

FOSS Backstage

The Confidential Computing Consortium participated at FOSS Backstage that took place in Berlin on March 13-14. CCC Outreach Chair Nick Vidal gave a talk about combining open source supply chain technologies like SBOMs and Sigstore with Confidential Computing. The presentation was very much inspired by the SLSA security framework, where the major threats are highlighted in each stage of the supply chain. Interestingly enough, currently SLSA does not cover much of the last mile of the supply chain, when the application/workload is actually deployed, and this is where Confidential Computing can play an important role. The video recording is available here:

https://program.foss-backstage.de/fossback23/talk/ZMCST7/

OC3

On March 15th , for the third year in a row, the Open Confidential Computing Conference (OC3) brought the confidential computing community together to discuss latest developments, use cases, and projects. The event was hosted by Edgeless Systems, and proudly sponsored by the Confidential Computing Consortium, amongst others. There were 29 sessions with 37 expert speakers from Intel, Microsoft, NVIDIA, IBM, AMD, Suse and many more. 1227 people registered across industries from all over the world. The recordings are available on Edgeless Systems YouTube channel on demand.

You can find Ben Fischer keynote on behalf of the CCC here:

A CTO panel with Greg Lavender, Mark Russinovich, Mark Papermaster and Ian Buck is available here:

Webinar: 

Dan Middleton, CCC TAC Chair and principal engineer at Intel, and Dave Thaler, former CCC TAC Chair and software architect at Microsoft, shared their work with Confidential Computing and their efforts to further this technology via the Confidential Computing Consortium. Learn about confidential computing, the problems it solves, and how you can get involved:

https://openatintel.podbean.com/e/confidential-computing/

Upcoming Events

Confidential Computing Summit

The Confidential Computing Consortium is a co-organizer of the Confidential Computing Summit. The event will take place in San Francisco on the 29th of June. The Confidential Computing Summit brings together experts, innovators, cloud providers, software and hardware providers, and user organizations from all industries to accelerate key initiatives in confidential computing. Call for Speakers are open.

Women in Confidential Computing

In March we celebrated International Women’s month. We have several women who are leading the way and advancing Confidential Computing, among which:

• Raluca Ada Popa: Raluca is an associate professor of computer science at UC Berkeley. She is interested in security, systems, and applied cryptography. Raluca developed practical systems that protect data confidentiality by computing over encrypted data, as well as designed new encryption schemes that underlie these systems. Some of her systems have been adopted into or inspired systems such as SEEED of SAP AG, Microsoft SQL Server’s Always Encrypted Service, and others. Raluca received her PhD in computer science as well as her two BS degrees, in computer science and in mathematics, from MIT. She is the recipient of an Intel Early Career Faculty Honor award, George M. Sprowls Award for best MIT CS doctoral thesis, a Google PhD Fellowship, a Johnson award for best CS Masters of Engineering thesis from MIT, and a CRA Outstanding undergraduate award from the ACM.
• Mona Vij: Mona is a Principal Engineer and Cloud and Data Center Security Research Manager at Intel Labs, where she focuses on Scalable Confidential Computing for end-to-end Cloud to Edge security. Mona received her Master’s degree in Computer Science from University of Delhi, India. Mona leads the research engagements on Trusted execution with a number of universities. Her research has been featured in journals and conferences including USNIX OSDI, USENIX ATC and ACM ASPLOS, among others. Mona’s research interests primarily include trusted computing, virtualization, device drivers and operating systems.
• Nelly Porter: Nelly is a lead of the Confidential Computing in Google with over 10 years’ experience in platform security, virtsec, PKI, crypto, authentication, and authorization field. She is working on multiple areas in Google, from root of trust, Titan, to the Shielded and Confidential Computing, has 25 patents and defensive publications. Prior to working at Google, Porter spent some time working in Microsoft in the virtualization and security space, HP Labs advancing clustering story, and Scientix (Israel) as a firmware and kernel driver eng. She has two sons, both are in the CS field, one of them is working for Google.
• Lily Sturmann: Lily is a senior software engineer at Red Hat in the Office of the CTO in Emerging Technologies. She has primarily worked on security projects related to remote attestation, confidential computing, and securing the software supply chain.
• Ijlal Loutfi: Ijlal is a security product manager at Canonical, the publishers of Ubuntu. She’s a post-doctoral researcher at the Norwegian University of Science of Technology, working with Professor Bian Yang. Her PhD was on trusted computing, trusted execution environments and online user authentication. Research interests include: Online identity management, namely self-sovereign identities; Applied cryptography, namely, proxy re-encryption; and Verifiable Remote Computation.
• Mary Beth Chalk: Mary is the Co-founder & Chief Commercial Officer at BeeKeeperAI, Inc. has over 25 years of healthcare innovation experience improving outcomes through data-informed decision making, services, and processes.  Her early work with health systems was grounded in statistical process control enabling healthcare executives to discern the signal from the noise of their data.  As COO of a mental health organization, she created and implemented a system of predictive algorithms to improve the effectiveness of psychotherapy treatment.  Mary Beth was also the co-founder of a chronic disease self-management platform that combined monitoring device data with algorithm-driven digital behavioral coaching to improve health engagement and outcomes.  Her current work is focused on the development of healthcare AI from the perspective of the data owner and the algorithm owner including issues such as data access and intellectual property.
• Ellison Anne Williams: Anne is the Founder and CEO of Enveil, the pioneering data security startup protecting Data in Use. She has more than a decade of experience spearheading avant-garde efforts in the areas of large scale analytics, information security and privacy, computer network exploitation, and network modeling at the National Security Agency and the Johns Hopkins University Applied Physics Laboratory. In addition to her leadership experience, she is accomplished in the fields of distributed computing and algorithms, cryptographic applications, graph theory, combinatorics, machine learning, and data mining and holds a Ph.D. in Mathematics (Algebraic Combinatorics), a M.S. in Mathematics (Set Theoretic Topology), and a M.S. in Computer Science (Machine Learning).
• Sandrine Murcia: Sandrine is the CEO and co-founder of Cosmian, The Personal Data Network. Powered by peer-to-peer and blockchain technologies, Cosmian is the reference for personal data control & access, while favoring sustainable economic models for publishers and brands. Sandrine began her career in 1995 at Procter & Gamble. In 1999, thrilled by the emerging potential of the Internet, she switched gears and joined Microsoft’s MSN consumer division. In 2004, Sandrine joined Google and exercised responsibilities as Southern Europe Marketing Director. Sandrine holds a BA in Biotechnologies from INSA Lyon and a HEC Paris Master in Entrepreneurship. Sandrine is a 2004 Kellogg School of Management MBA graduate.

CCC and FHE

Dan Middleton, CCC TAC Chair, and Rosario Cammarota, Chief Scientist | Privacy-Enhanced Computing Research, Intel Corp., published a special blog post comparing Confidential Computing and Homomorphic Encryption. The blog post is available here:

Confidential Computing and Homomorphic Encryption

Wikipedia

The Wikipedia article for Confidential Computing is now under the “Drafts” section, awaiting for one of the Wikipedia maintainers to review and publish it. The article was led by Mike Ferron-Jones under the guidance of Wikipedia consultant Jake Orlowitz with the help of multiple CCC members. The article is available here:

https://en.wikipedia.org/wiki/Draft:Confidential_computing

Thanks,

The Confidential Computing Consortium

Welcome to the February 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium. This newsletter is also available on our website.

Recent Events

FOSDEM

The Confidential Computing Consortium participated at the Confidential Computing devroom at FOSDEM on the 4th and 5th of February. The event was organized by Jo Van Bulck and Fritz Alder, from the University of Leuven, Belgium, and Fabiano Fidencio, from Intel. This was the fourth edition of this devroom at FOSDEM. The event was very successful. The devroom, with a capacity for 80 attendees, was mostly full throughout the day. Half of the people in the devroom have heard of Confidential Computing and many of the speakers were members of the CCC. Jo and Fritz highlighted the importance of bringing developers and academia together around Confidential Computing. There was also a social event organized by Richard Searle, Chair of the EUAC.

State of Open Con

The Confidential Computing Consortium participated at the State of Open Con in London on the 7th and 8th of February. This was the first conference of its kind being organized by OpenUK and it was located at the Queen Elizabeth II Centre, in the heart of London. Amanda Brock, the Executive Director of OpenUK, kicked off the event with a keynote. Other keynote speakers included Jimmy Wales, Founder of Wikipedia, Camille Gloster, Deputy National Cyber Director from the White House, and Eric Brewer, VP Infrastructure & Google Fellow. The CCC had a booth where Nick Vidal, the CCC Outreach Chair, was joined by Liz Moy (Evervault). There was good engagement at the booth, with the presentation of demo use cases that resonated with attendees. Stephen Walli, the CCC Chair, was also present and gave a talk entitled “What do we mean by Open Governance?” Mike Bursell, co-founder of the Enarx project, gave an entertaining talk on ConfidentialComputing.

CCC Webinar: Confidential Computing in Financial Services

The last CCC webinar that happened this month of February is already available online. Featured speakers include Bessie Chu (Cape Privacy), Gavin Uhma (Cape Privacy), Mark F. Novak (JP Morgan Chase), and Richard Searle (Fortanix).

Upcoming Events

OC3

The Confidential Computing Consortium is a sponsor of the Open Confidential Computing Conference (OC3). The online conference will take place on the 15th of March. Registration is free. Stephen Walli, Chair of the CCC, will give one of the keynotes. The main keynote “Industry Perspectives: the impact and future of confidential computing” features Ian Buck, VP of Hyperscale and HPC at NVIDIA, Mark Papermaster, CTO & EVP at AMD, Mark Russinovich, CTO at Microsoft Azure, and Greg Lavender, CTO of Intel.

Confidential Computing Summit

The Confidential Computing Consortium is a co-organizer of the Confidential Computing Summit. The event will take place in San Francisco on the 29th of June. The Confidential Computing Summit brings together experts, innovators, cloud providers, software and hardware providers, and user organizations from all industries to accelerate key initiatives in confidential computing. Call for Speakers are open.

White Papers & Reports

The National Cybersecurity Center of Excellence (NCCoE) has released a draft report, NIST Interagency Report (NISTIR) 8320D, Hardware Enabled Security: Hardware-Based Confidential Computing, for public comment. The public comment period for this draft is open through April 10, 2023. Abstract from the report: In today’s cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the first layer for any layered security approach and provides the initial protections to help ensure that higher-layer security controls can be trusted. This report explains hardware-enabled security techniques and technologies that can improve platform security and data protection for cloud data centers and edge computing.

Technical Advisory Committee

As part of 2023 goals, the TAC is looking to increase the impact of the CCC in the ecosystem:

• Cross-project Integration event for discussion.
• Portfolio growth and maturity, hosting projects that are adopted by the community. Look into new projects from member companies and academic research.
• Cross-org and Cross-SIG coordination.
• Outbound education and DCI revisit.

– Dan Middleton, TAC Chair (2023)

Outreach Committee

The CCC Outreach Committee has brought in Jake Orlowitz (WikiBlueprint) as the Wikipedia consultant with the goal of facilitating the creation of a top-quality Wikipedia article on Confidential Computing on English Wikipedia using an efficient participatory approach. As a result of this collaborative participation, Mike Ferron-Jones (Intel) has shared a Wikipedia article draft.

The CCC Outreach Committee has also brought Noah Lehman (Linux Foundation) as a social media consultant with the goal of facilitating the creation of top-quality posts on Twitter and LinkedIn. In collaboration with CCC members, he’ll create up to 8 on-demand social posts per month (this includes social posts promoting ad-hoc announcements, events, news and initiatives) and up to 4 on-demand social posts per month shared on Linux Foundation social media. Noah has shared the Social Media plan with the CCC.

Kate George (Intel) has volunteered to help with the CCC Event Strategy. She highlighted 5 event objectives: 1. Raise awareness of Confidential Computing & Open-source projects under the foundation, and participating companies; 2. Accelerate the adoption of Confidential Computing; 3. Present panels, talks, and demo cases to targeted audiences – security, health care, financial services, and government. (Consider compliance piece too); 4. Recruit new members or projects; and 5. Foster collaboration and open-source. Kate and Nick Vidal have shared the Event Strategy slides and List of Events.

– Nick Vidal, Outreach Chair (2023)

ProjectsEnarxThe Enarx project is looking for a custodian, as Profian had to close its doors. Both Profian and Red Hat have invested heavily on the development of Enarx, which has reached a good stable release with a number of key components to establish the foundations for a comprehensive Confidential Computing solution. The Linux Foundation is providing full support to the project.
GramineGramine version 1.4 has been released, with important new features, including support for EDMM (Enclave Dynamic Memory Management), and performance improvements. Key milestones for 2023 include support communication with hardware accelerators (GPUs), support dynamic thread creation/destruction, support additional runtimes and workloads, integration with confidential container deployments (Kata containers, enclave-CC), interoperate with RA-TLS (standardization), support additional TEE backends (Intel TDX), and explore coarse-grained partitioning for certain I/O bound applications (DPDK).
KeystoneKeystone aims to enable TEE on (almost) all RISC-V processors. It’s very popular in academia, gaining 133 yearly citations (+28% YoY), however in the past year four students from UCB working on Keystone have graduated and left the project. Key milestones for 2023 include better application support (dynamic library), parity with industry standards, increase dev board accessibility, and work closely with the RISC-V AP-TEE working group. 

Thanks,

The Confidential Computing Consortium

Welcome to the January 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium. This newsletter is also available on our website.

Introduction

The start of the new year is the perfect opportunity to reflect about the year that has passed and what we have accomplished collectively in 2022. It has been a pivotal year for the CCC in many regards. Please check the updates from the Technical Advisory Committee, the Outreach Committee, the CCC projects, and the Special Interest Groups.

New Members

Cape Privacy and Canonical joined the Confidential Computing Consortium.

Cape Privacy is a confidential computing platform to easily run serverless functions on encrypted data. Cape empowers developers to build secure applications which protect the underlying data and code from the cloud.

Canonical is committed to enabling Ubuntu users to leverage the strong run-time confidentiality and integrity guarantees that confidential computing provides. The mission of the Confidential Computing Consortium of driving cross-industry open source software, standards and tools greatly resonates with us and we are really excited to have joined its members.

Upcoming Events

FOSDEM

The Confidential Computing Consortium will be participating at the Confidential Computing devroom at FOSDEM. A social event is being sponsored by the CCC on the 4th of February.

State of Open Con

The Confidential Computing Consortium will have a table at the State of Open Con, a conference being organized by OpenUK in London on the 7-8th of February.

CCC Webinar: Confidential Computing in Financial Services

The next CCC webinar will happen on February 16 at 8:00 am PT. Featured speakers include Bessie Chu (Cape Privacy), Gavin Uhma (Cape Privacy), Mark F. Novak (JP Morgan Chase), and Richard Searle (Fortanix).

White Papers & Reports

The Confidential Computing Consortium has published the Common Terminology for Confidential Computing. As more companies and open source projects begin to use similar terms to describe similar paradigms that build upon hardware-based, attested Trusted Execution Environments (TEEs), it will be increasingly important that vendors use consistent terminology that describes the ways in which these new capabilities are applied within different functional domains.

Technical Advisory Committee

It was a busy year for the Technical Advisory Council (TAC). We had a number of goals for the year across the spectrum of maturing our projects to collaborating with other open organizations to acting on our diversity & inclusion plans. Attestation was a pronounced theme for the year. We revised the definition of Confidential Computing to include attestation as an essential element. The TAC approved the Veraison project which focuses on building blocks for attestation verification. We created the Attestation SIG last year and throughout 2022, it found its legs and created a good deal of content. You can browse our meeting recordings and presentations for a series of talks on Secure Channels and Attestation Formats. An outcome of this sharing led to two additional initiatives. CCC projects Gramine, Occlum, and Open Enclave SDK all rely on separate implementations of “Remote Attestation TLS.” The independent implementations were not interoperable. The Attestation SIG helped uncover and resolve variations arriving at a proposal to harmonize the implementations of those projects. Contributors to the SIG are also creating an Attested TLS proof of concept based on a similar design. We look forward to attestation of TEEs becoming a fundamental part of communications as Confidential Computing becomes pervasive.

Harmonization was not unique to the Attestation SIG. The TAC also engaged with a variety of organizations looking for opportunities for collaboration and coordination. We hosted speakers from RISC-V, MPC Alliance, IETF, TCG, CDCC, TrustedComputing.org, HomomorphicEncryption.org, PCI SIG WG, and the OCP Security SIG. In fact, most of our TAC meetings host a Tech Talk and our meetings have become a place for learning a variety of security related technical topics. As an open collaborative community, everyone is welcome to join our meetings or view the recordings. We hope to see you in one in 2023.

The TAC also had direct collateral outputs. In addition to revising our primary whitepaper, we also generated a new whitepaper which is going through the final layout. That paper focuses on terminology to give greater clarity to the different ways Confidential Computing artifacts can be packaged and what that should imply to a consumer. We were also able to collectively form a response to the OSTP’s request for comments on Privacy Enhancing Technologies (PETs).

This government interaction suggested a broader need for similar discourse. The TAC subsequently approved the creation of a Governance, Risk, and Compliance SIG. This newly chartered SIG already has representation from representatives from Meta, Microsoft, Intel, NVidia, Arm, CSA, JPMorgan Chase, Anjuna and others.

Of course, as an open source organization, our main focus is on open source projects. This year the TAC provided projects with additional resources. Our focus on diversity and inclusion took a few forms. Each of the projects were introduced to D&I training specifically for open source provided by the Linux Foundation. We made Outreachy internships available and Veracruz and Enarx piloted this membership program for the rest of the CCC. As the year progressed we created other resources for projects – increasing funding for CI, creating conference travel funding for projects, and making additional security tooling available.

All in all it has been a very productive year for the Technical Advisory Council, our SIGs, and our projects. We have a number of ambitious goals coming together for 2023 and will communicate those in a future blog.

– Dan Middleton, TAC Chair (2023)

Outreach Committee

2022 was a year of two halves. While the effects of COVID restrictions were still being felt in the first half of the year, things really turned around in the summer, and by the end of the year life was back to pre-COVID levels in most regions of the world. The outreach committee had to be nimble and adapt to the changing circumstances. In some ways, some of the impetus was to lay the foundation to hit the ground running again in 2023.

The committee implemented multiple important initiatives during this time including:

• For the second year in a row, CCC sponsored the OC3 Summit, a virtual Open Confidential Computing Conference held in early 2022.
• Building brand awareness and visibility in industry events like RSA. We were able to negotiate a co-marketing arrangement at no cost, whereby RSA promoted the CCC on their website, and in promotions, and CCC did the same for RSA. We’ll have a similar arrangement with RSA in 2023 as well.
• Expanding our presence to Latin America, participating at Roadsec 2022 in Sao Paulo, the biggest hacker festival in Latin America. 
• After a hiatus due to COVID, CCC had a presence at Black Hat USA, in Las Vegas. This included a meeting room where we received visitors wanting to learn and/or get engaged with CCC. In addition we also got exposure in some of the member booths at the show, by way of presentations, CCC handouts etc.
• We were also able to get brand visibility at the Crypto & Privacy Village at DEF CON 2022.
• Rekindled industry analyst interactions including recent briefing with ABI Research, and communications with Gartner, Forrester, IDC, 451 Research, OMDIA, Nemertes and other Tier 2/3 analyst firms
• Secured a speaking spot for the consortium in the Keynote segment of the upcoming OC3 event in March 2023
• Signed up a consultant to greatly increase our social media activities starting Jan 2023
• Shortlisted a consultant to help guide the committee to get Confidential Computing on Wikipedia
• Made good progress on content refresh of our website, with the updates scheduled to be rolled out in March 2023

The committee is very excited about the foundation that has been laid, and we are looking forward to a highly successful 2023!

– Ravi Sharma, Outreach Chair (2022)

ProjectsPlease find updates from the CCC projects below:

• Enarx
• Gramine
• Occlum
• Open Enclave
• Veracruz
• Veraison

Special Interest Groups
Please find updates from the SIGs below:

• Attestation SIG
• Governance, Risk and Compliance SIG

Thanks,

The Confidential Computing Consortium