Newsletter

Welcome to the March 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.

New Members

Canonical

Canonical joined the CCC in the prior month, and now they’ve published a blog post:

https://canonical.com/blog/canonical-joins-the-confidential-computing-consortium

Suse

Suse has recently joined the CCC and they have also published a blog post:

https://www.suse.com/c/suse-joins-the-confidential-computing-consortium/

Customers and partners rely on SUSE to deliver a secure, open source platform that fully protects data regardless of its state.  Confidential Computing safeguards data in use without impacting business-critical workloads.  Joining the Confidential Computing Consortium enables SUSE to collaborate with open source leaders to advance these security technologies for our customers.

Recent Events

FOSS Backstage

The Confidential Computing Consortium participated at FOSS Backstage that took place in Berlin on March 13-14. CCC Outreach Chair Nick Vidal gave a talk about combining open source supply chain technologies like SBOMs and Sigstore with Confidential Computing. The presentation was very much inspired by the SLSA security framework, where the major threats are highlighted in each stage of the supply chain. Interestingly enough, currently SLSA does not cover much of the last mile of the supply chain, when the application/workload is actually deployed, and this is where Confidential Computing can play an important role. The video recording is available here:

https://program.foss-backstage.de/fossback23/talk/ZMCST7/

OC3

On March 15th , for the third year in a row, the Open Confidential Computing Conference (OC3) brought the confidential computing community together to discuss latest developments, use cases, and projects. The event was hosted by Edgeless Systems, and proudly sponsored by the Confidential Computing Consortium, amongst others. There were 29 sessions with 37 expert speakers from Intel, Microsoft, NVIDIA, IBM, AMD, Suse and many more. 1227 people registered across industries from all over the world. The recordings are available on Edgeless Systems YouTube channel on demand.

You can find Ben Fischer keynote on behalf of the CCC here:

A CTO panel with Greg Lavender, Mark Russinovich, Mark Papermaster and Ian Buck is available here:

Webinar: 

Dan Middleton, CCC TAC Chair and principal engineer at Intel, and Dave Thaler, former CCC TAC Chair and software architect at Microsoft, shared their work with Confidential Computing and their efforts to further this technology via the Confidential Computing Consortium. Learn about confidential computing, the problems it solves, and how you can get involved:

https://openatintel.podbean.com/e/confidential-computing/

Upcoming Events

Confidential Computing Summit

The Confidential Computing Consortium is a co-organizer of the Confidential Computing Summit. The event will take place in San Francisco on the 29th of June. The Confidential Computing Summit brings together experts, innovators, cloud providers, software and hardware providers, and user organizations from all industries to accelerate key initiatives in confidential computing. Call for Speakers are open.

Women in Confidential Computing

In March we celebrated International Women’s month. We have several women who are leading the way and advancing Confidential Computing, among which:

• Raluca Ada Popa: Raluca is an associate professor of computer science at UC Berkeley. She is interested in security, systems, and applied cryptography. Raluca developed practical systems that protect data confidentiality by computing over encrypted data, as well as designed new encryption schemes that underlie these systems. Some of her systems have been adopted into or inspired systems such as SEEED of SAP AG, Microsoft SQL Server’s Always Encrypted Service, and others. Raluca received her PhD in computer science as well as her two BS degrees, in computer science and in mathematics, from MIT. She is the recipient of an Intel Early Career Faculty Honor award, George M. Sprowls Award for best MIT CS doctoral thesis, a Google PhD Fellowship, a Johnson award for best CS Masters of Engineering thesis from MIT, and a CRA Outstanding undergraduate award from the ACM.
• Mona Vij: Mona is a Principal Engineer and Cloud and Data Center Security Research Manager at Intel Labs, where she focuses on Scalable Confidential Computing for end-to-end Cloud to Edge security. Mona received her Master’s degree in Computer Science from University of Delhi, India. Mona leads the research engagements on Trusted execution with a number of universities. Her research has been featured in journals and conferences including USNIX OSDI, USENIX ATC and ACM ASPLOS, among others. Mona’s research interests primarily include trusted computing, virtualization, device drivers and operating systems.
• Nelly Porter: Nelly is a lead of the Confidential Computing in Google with over 10 years’ experience in platform security, virtsec, PKI, crypto, authentication, and authorization field. She is working on multiple areas in Google, from root of trust, Titan, to the Shielded and Confidential Computing, has 25 patents and defensive publications. Prior to working at Google, Porter spent some time working in Microsoft in the virtualization and security space, HP Labs advancing clustering story, and Scientix (Israel) as a firmware and kernel driver eng. She has two sons, both are in the CS field, one of them is working for Google.
• Lily Sturmann: Lily is a senior software engineer at Red Hat in the Office of the CTO in Emerging Technologies. She has primarily worked on security projects related to remote attestation, confidential computing, and securing the software supply chain.
• Ijlal Loutfi: Ijlal is a security product manager at Canonical, the publishers of Ubuntu. She’s a post-doctoral researcher at the Norwegian University of Science of Technology, working with Professor Bian Yang. Her PhD was on trusted computing, trusted execution environments and online user authentication. Research interests include: Online identity management, namely self-sovereign identities; Applied cryptography, namely, proxy re-encryption; and Verifiable Remote Computation.
• Mary Beth Chalk: Mary is the Co-founder & Chief Commercial Officer at BeeKeeperAI, Inc. has over 25 years of healthcare innovation experience improving outcomes through data-informed decision making, services, and processes.  Her early work with health systems was grounded in statistical process control enabling healthcare executives to discern the signal from the noise of their data.  As COO of a mental health organization, she created and implemented a system of predictive algorithms to improve the effectiveness of psychotherapy treatment.  Mary Beth was also the co-founder of a chronic disease self-management platform that combined monitoring device data with algorithm-driven digital behavioral coaching to improve health engagement and outcomes.  Her current work is focused on the development of healthcare AI from the perspective of the data owner and the algorithm owner including issues such as data access and intellectual property.
• Ellison Anne Williams: Anne is the Founder and CEO of Enveil, the pioneering data security startup protecting Data in Use. She has more than a decade of experience spearheading avant-garde efforts in the areas of large scale analytics, information security and privacy, computer network exploitation, and network modeling at the National Security Agency and the Johns Hopkins University Applied Physics Laboratory. In addition to her leadership experience, she is accomplished in the fields of distributed computing and algorithms, cryptographic applications, graph theory, combinatorics, machine learning, and data mining and holds a Ph.D. in Mathematics (Algebraic Combinatorics), a M.S. in Mathematics (Set Theoretic Topology), and a M.S. in Computer Science (Machine Learning).
• Sandrine Murcia: Sandrine is the CEO and co-founder of Cosmian, The Personal Data Network. Powered by peer-to-peer and blockchain technologies, Cosmian is the reference for personal data control & access, while favoring sustainable economic models for publishers and brands. Sandrine began her career in 1995 at Procter & Gamble. In 1999, thrilled by the emerging potential of the Internet, she switched gears and joined Microsoft’s MSN consumer division. In 2004, Sandrine joined Google and exercised responsibilities as Southern Europe Marketing Director. Sandrine holds a BA in Biotechnologies from INSA Lyon and a HEC Paris Master in Entrepreneurship. Sandrine is a 2004 Kellogg School of Management MBA graduate.

CCC and FHE

Dan Middleton, CCC TAC Chair, and Rosario Cammarota, Chief Scientist | Privacy-Enhanced Computing Research, Intel Corp., published a special blog post comparing Confidential Computing and Homomorphic Encryption. The blog post is available here:

Confidential Computing and Homomorphic Encryption

Wikipedia

The Wikipedia article for Confidential Computing is now under the “Drafts” section, awaiting for one of the Wikipedia maintainers to review and publish it. The article was led by Mike Ferron-Jones under the guidance of Wikipedia consultant Jake Orlowitz with the help of multiple CCC members. The article is available here:

https://en.wikipedia.org/wiki/Draft:Confidential_computing

Thanks,

The Confidential Computing Consortium

Welcome to the February 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium. This newsletter is also available on our website.

Recent Events

FOSDEM

The Confidential Computing Consortium participated at the Confidential Computing devroom at FOSDEM on the 4th and 5th of February. The event was organized by Jo Van Bulck and Fritz Alder, from the University of Leuven, Belgium, and Fabiano Fidencio, from Intel. This was the fourth edition of this devroom at FOSDEM. The event was very successful. The devroom, with a capacity for 80 attendees, was mostly full throughout the day. Half of the people in the devroom have heard of Confidential Computing and many of the speakers were members of the CCC. Jo and Fritz highlighted the importance of bringing developers and academia together around Confidential Computing. There was also a social event organized by Richard Searle, Chair of the EUAC.

State of Open Con

The Confidential Computing Consortium participated at the State of Open Con in London on the 7th and 8th of February. This was the first conference of its kind being organized by OpenUK and it was located at the Queen Elizabeth II Centre, in the heart of London. Amanda Brock, the Executive Director of OpenUK, kicked off the event with a keynote. Other keynote speakers included Jimmy Wales, Founder of Wikipedia, Camille Gloster, Deputy National Cyber Director from the White House, and Eric Brewer, VP Infrastructure & Google Fellow. The CCC had a booth where Nick Vidal, the CCC Outreach Chair, was joined by Liz Moy (Evervault). There was good engagement at the booth, with the presentation of demo use cases that resonated with attendees. Stephen Walli, the CCC Chair, was also present and gave a talk entitled “What do we mean by Open Governance?” Mike Bursell, co-founder of the Enarx project, gave an entertaining talk on ConfidentialComputing.

CCC Webinar: Confidential Computing in Financial Services

The last CCC webinar that happened this month of February is already available online. Featured speakers include Bessie Chu (Cape Privacy), Gavin Uhma (Cape Privacy), Mark F. Novak (JP Morgan Chase), and Richard Searle (Fortanix).

Upcoming Events

OC3

The Confidential Computing Consortium is a sponsor of the Open Confidential Computing Conference (OC3). The online conference will take place on the 15th of March. Registration is free. Stephen Walli, Chair of the CCC, will give one of the keynotes. The main keynote “Industry Perspectives: the impact and future of confidential computing” features Ian Buck, VP of Hyperscale and HPC at NVIDIA, Mark Papermaster, CTO & EVP at AMD, Mark Russinovich, CTO at Microsoft Azure, and Greg Lavender, CTO of Intel.

Confidential Computing Summit

The Confidential Computing Consortium is a co-organizer of the Confidential Computing Summit. The event will take place in San Francisco on the 29th of June. The Confidential Computing Summit brings together experts, innovators, cloud providers, software and hardware providers, and user organizations from all industries to accelerate key initiatives in confidential computing. Call for Speakers are open.

White Papers & Reports

The National Cybersecurity Center of Excellence (NCCoE) has released a draft report, NIST Interagency Report (NISTIR) 8320D, Hardware Enabled Security: Hardware-Based Confidential Computing, for public comment. The public comment period for this draft is open through April 10, 2023. Abstract from the report: In today’s cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the first layer for any layered security approach and provides the initial protections to help ensure that higher-layer security controls can be trusted. This report explains hardware-enabled security techniques and technologies that can improve platform security and data protection for cloud data centers and edge computing.

Technical Advisory Committee

As part of 2023 goals, the TAC is looking to increase the impact of the CCC in the ecosystem:

• Cross-project Integration event for discussion.
• Portfolio growth and maturity, hosting projects that are adopted by the community. Look into new projects from member companies and academic research.
• Cross-org and Cross-SIG coordination.
• Outbound education and DCI revisit.

– Dan Middleton, TAC Chair (2023)

Outreach Committee

The CCC Outreach Committee has brought in Jake Orlowitz (WikiBlueprint) as the Wikipedia consultant with the goal of facilitating the creation of a top-quality Wikipedia article on Confidential Computing on English Wikipedia using an efficient participatory approach. As a result of this collaborative participation, Mike Ferron-Jones (Intel) has shared a Wikipedia article draft.

The CCC Outreach Committee has also brought Noah Lehman (Linux Foundation) as a social media consultant with the goal of facilitating the creation of top-quality posts on Twitter and LinkedIn. In collaboration with CCC members, he’ll create up to 8 on-demand social posts per month (this includes social posts promoting ad-hoc announcements, events, news and initiatives) and up to 4 on-demand social posts per month shared on Linux Foundation social media. Noah has shared the Social Media plan with the CCC.

Kate George (Intel) has volunteered to help with the CCC Event Strategy. She highlighted 5 event objectives: 1. Raise awareness of Confidential Computing & Open-source projects under the foundation, and participating companies; 2. Accelerate the adoption of Confidential Computing; 3. Present panels, talks, and demo cases to targeted audiences – security, health care, financial services, and government. (Consider compliance piece too); 4. Recruit new members or projects; and 5. Foster collaboration and open-source. Kate and Nick Vidal have shared the Event Strategy slides and List of Events.

– Nick Vidal, Outreach Chair (2023)

ProjectsEnarxThe Enarx project is looking for a custodian, as Profian had to close its doors. Both Profian and Red Hat have invested heavily on the development of Enarx, which has reached a good stable release with a number of key components to establish the foundations for a comprehensive Confidential Computing solution. The Linux Foundation is providing full support to the project.
GramineGramine version 1.4 has been released, with important new features, including support for EDMM (Enclave Dynamic Memory Management), and performance improvements. Key milestones for 2023 include support communication with hardware accelerators (GPUs), support dynamic thread creation/destruction, support additional runtimes and workloads, integration with confidential container deployments (Kata containers, enclave-CC), interoperate with RA-TLS (standardization), support additional TEE backends (Intel TDX), and explore coarse-grained partitioning for certain I/O bound applications (DPDK).
KeystoneKeystone aims to enable TEE on (almost) all RISC-V processors. It’s very popular in academia, gaining 133 yearly citations (+28% YoY), however in the past year four students from UCB working on Keystone have graduated and left the project. Key milestones for 2023 include better application support (dynamic library), parity with industry standards, increase dev board accessibility, and work closely with the RISC-V AP-TEE working group. 

Thanks,

The Confidential Computing Consortium

Welcome to the January 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium. This newsletter is also available on our website.

Introduction

The start of the new year is the perfect opportunity to reflect about the year that has passed and what we have accomplished collectively in 2022. It has been a pivotal year for the CCC in many regards. Please check the updates from the Technical Advisory Committee, the Outreach Committee, the CCC projects, and the Special Interest Groups.

New Members

Cape Privacy and Canonical joined the Confidential Computing Consortium.

Cape Privacy is a confidential computing platform to easily run serverless functions on encrypted data. Cape empowers developers to build secure applications which protect the underlying data and code from the cloud.

Canonical is committed to enabling Ubuntu users to leverage the strong run-time confidentiality and integrity guarantees that confidential computing provides. The mission of the Confidential Computing Consortium of driving cross-industry open source software, standards and tools greatly resonates with us and we are really excited to have joined its members.

Upcoming Events

FOSDEM

The Confidential Computing Consortium will be participating at the Confidential Computing devroom at FOSDEM. A social event is being sponsored by the CCC on the 4th of February.

State of Open Con

The Confidential Computing Consortium will have a table at the State of Open Con, a conference being organized by OpenUK in London on the 7-8th of February.

CCC Webinar: Confidential Computing in Financial Services

The next CCC webinar will happen on February 16 at 8:00 am PT. Featured speakers include Bessie Chu (Cape Privacy), Gavin Uhma (Cape Privacy), Mark F. Novak (JP Morgan Chase), and Richard Searle (Fortanix).

White Papers & Reports

The Confidential Computing Consortium has published the Common Terminology for Confidential Computing. As more companies and open source projects begin to use similar terms to describe similar paradigms that build upon hardware-based, attested Trusted Execution Environments (TEEs), it will be increasingly important that vendors use consistent terminology that describes the ways in which these new capabilities are applied within different functional domains.

Technical Advisory Committee

It was a busy year for the Technical Advisory Council (TAC). We had a number of goals for the year across the spectrum of maturing our projects to collaborating with other open organizations to acting on our diversity & inclusion plans. Attestation was a pronounced theme for the year. We revised the definition of Confidential Computing to include attestation as an essential element. The TAC approved the Veraison project which focuses on building blocks for attestation verification. We created the Attestation SIG last year and throughout 2022, it found its legs and created a good deal of content. You can browse our meeting recordings and presentations for a series of talks on Secure Channels and Attestation Formats. An outcome of this sharing led to two additional initiatives. CCC projects Gramine, Occlum, and Open Enclave SDK all rely on separate implementations of “Remote Attestation TLS.” The independent implementations were not interoperable. The Attestation SIG helped uncover and resolve variations arriving at a proposal to harmonize the implementations of those projects. Contributors to the SIG are also creating an Attested TLS proof of concept based on a similar design. We look forward to attestation of TEEs becoming a fundamental part of communications as Confidential Computing becomes pervasive.

Harmonization was not unique to the Attestation SIG. The TAC also engaged with a variety of organizations looking for opportunities for collaboration and coordination. We hosted speakers from RISC-V, MPC Alliance, IETF, TCG, CDCC, TrustedComputing.org, HomomorphicEncryption.org, PCI SIG WG, and the OCP Security SIG. In fact, most of our TAC meetings host a Tech Talk and our meetings have become a place for learning a variety of security related technical topics. As an open collaborative community, everyone is welcome to join our meetings or view the recordings. We hope to see you in one in 2023.

The TAC also had direct collateral outputs. In addition to revising our primary whitepaper, we also generated a new whitepaper which is going through the final layout. That paper focuses on terminology to give greater clarity to the different ways Confidential Computing artifacts can be packaged and what that should imply to a consumer. We were also able to collectively form a response to the OSTP’s request for comments on Privacy Enhancing Technologies (PETs).

This government interaction suggested a broader need for similar discourse. The TAC subsequently approved the creation of a Governance, Risk, and Compliance SIG. This newly chartered SIG already has representation from representatives from Meta, Microsoft, Intel, NVidia, Arm, CSA, JPMorgan Chase, Anjuna and others.

Of course, as an open source organization, our main focus is on open source projects. This year the TAC provided projects with additional resources. Our focus on diversity and inclusion took a few forms. Each of the projects were introduced to D&I training specifically for open source provided by the Linux Foundation. We made Outreachy internships available and Veracruz and Enarx piloted this membership program for the rest of the CCC. As the year progressed we created other resources for projects – increasing funding for CI, creating conference travel funding for projects, and making additional security tooling available.

All in all it has been a very productive year for the Technical Advisory Council, our SIGs, and our projects. We have a number of ambitious goals coming together for 2023 and will communicate those in a future blog.

– Dan Middleton, TAC Chair (2023)

Outreach Committee

2022 was a year of two halves. While the effects of COVID restrictions were still being felt in the first half of the year, things really turned around in the summer, and by the end of the year life was back to pre-COVID levels in most regions of the world. The outreach committee had to be nimble and adapt to the changing circumstances. In some ways, some of the impetus was to lay the foundation to hit the ground running again in 2023.

The committee implemented multiple important initiatives during this time including:

• For the second year in a row, CCC sponsored the OC3 Summit, a virtual Open Confidential Computing Conference held in early 2022.
• Building brand awareness and visibility in industry events like RSA. We were able to negotiate a co-marketing arrangement at no cost, whereby RSA promoted the CCC on their website, and in promotions, and CCC did the same for RSA. We’ll have a similar arrangement with RSA in 2023 as well.
• Expanding our presence to Latin America, participating at Roadsec 2022 in Sao Paulo, the biggest hacker festival in Latin America. 
• After a hiatus due to COVID, CCC had a presence at Black Hat USA, in Las Vegas. This included a meeting room where we received visitors wanting to learn and/or get engaged with CCC. In addition we also got exposure in some of the member booths at the show, by way of presentations, CCC handouts etc.
• We were also able to get brand visibility at the Crypto & Privacy Village at DEF CON 2022.
• Rekindled industry analyst interactions including recent briefing with ABI Research, and communications with Gartner, Forrester, IDC, 451 Research, OMDIA, Nemertes and other Tier 2/3 analyst firms
• Secured a speaking spot for the consortium in the Keynote segment of the upcoming OC3 event in March 2023
• Signed up a consultant to greatly increase our social media activities starting Jan 2023
• Shortlisted a consultant to help guide the committee to get Confidential Computing on Wikipedia
• Made good progress on content refresh of our website, with the updates scheduled to be rolled out in March 2023

The committee is very excited about the foundation that has been laid, and we are looking forward to a highly successful 2023!

– Ravi Sharma, Outreach Chair (2022)

ProjectsPlease find updates from the CCC projects below:

• Enarx
• Gramine
• Occlum
• Open Enclave
• Veracruz
• Veraison

Special Interest Groups
Please find updates from the SIGs below:

• Attestation SIG
• Governance, Risk and Compliance SIG

Thanks,

The Confidential Computing Consortium