The Confidential Computing Consortium brings together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards.
Confidential Computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment.
Across industries computing is moving to span multiple environments, from on premises to public cloud to edge. As companies move to these environments, they need protection controls for sensitive IP and workload data and are increasingly seeking greater assurances and more transparency of these controls. Current approaches address data at rest and in transit; confidential computing will address data in use.
A common, cross-industry way of describing the security benefits, risks, and features of confidential computing will help users make better choices for how to protect their workloads in the cloud. Of the three data states, “in use” has been less addressed because it is arguably the most complicated and difficult. This is a major change to how computation is done at the hardware level and how we structure programs, operating systems, and virtual machines. Currently confidential computing solutions are manifesting in different ways in hardware, with different CPU features and capabilities, even from the same vendor.
There is a breadth of organizations in the industry focused on problems in security from a number of perspectives (standards and protocols, education, marketing, certification, etc.). The Confidential Computing Consortium focuses specifically on open source licensed implementation work with respect to data-in-use scenarios. The organization acts as a home for such open source projects to support their growth and success, as well as a place to document and share best practices and discuss new challenges. The industry can rally behind CCC for implementation and other related orgs for standards and certification.
It establishes open source software and standards, providing tools for developers working on securing data in use.
The Confidential Computing Consortium makes it easy for developers to add secure enclave technology to their applications. Specific examples include:
- Building secure multi-party dataset machine learning models.
- Allowing confidential query processing in database engines within secure enclaves.
- Protecting sensitive data in IoT edge devices such as patient information, billing/warranty activity, and ML model execution.
Can this technology/confidential computing be used for nefarious purposes? How will the CCC protect against this?
There are research experiments that have been probing Intel-based enclave technologies. But there are also best practices for securing enclaves, and the Confidential Computing Consortium will be a place to educate developers on new threat models and best practices to protect against them.
A TEE is a Trusted Execution Environment and is key to confidential computing.