Before it is processed by an application data must be encrypted in memory. This makes the data vulnerable to malicious exploits like memory dumps, root user compromises, and other harmful attacks.

Confidential computing solves this problem through the use of a hardware-based trusted execution environment, or TEE, which acts as an enclave that is secure within a CPU. The TEE is secured by embedding encryption keys. The embedded attestation mechanisms ensure that keys are accessible to authorized applications only. The TEE will stop any computation when malware or other unauthorised code attempts to gain access to the keys.

This permits sensitive data to remain in memory until an application asks the TEE to decrypt it. The data is encrypted and is accessible to the operating system (or hypervisor, which is the case of a virtual machine) and other compute stack resources as well as the cloud provider's employees.

What is the reason for confidential computing?

Protect sensitive data even when it is in useand to extend cloud computing's benefits to sensitive applications. When used together with data encryption at storage and during transport with a sole control over keys, AWS Nitro confidential computing removes the biggest obstacle in the process of moving sensitive or highly regulated data sets and application applications from an inflexible, costly on-premises IT infrastructure to modern and flexible cloud-based public cloud.

To protect intellectual property: confidential cloud isn't only for data protection. TEE can be used to safeguard business logic, machine learning algorithms, and entire applications.

Work with trusted partners to create new cloud solutions. For instance, one firm's team could combine its confidential data with another company's exclusive calculations to come up with new solutions - with neither company sharing any data or intellectual property that it doesn't wish to share.

to safeguard the data that is processed at the edge: Edge computing is a distributed computing framework that brings enterprises closer to the data sources such as IoT devices or local edge servers. When using this framework as part of distributed cloud patterns applications, the data and application at edge nodes can be protected by using confidential computing.

Confidential Computing Consortium

In 2019, a collection of CPU manufacturers, cloud providers and software companies -including Alibaba, AMD, Baidu, Fortanix, Google, IBM/Red Hat(r), Intel, Microsoft, Oracle, Swisscom, Tencent and VMware -created the Confidential Computing Consortium (CCC) (link located outside IBM), under the auspices of The Linux Foundation.

The CCC's goals are to define industry-wide standards for confidential computing as well as to support the creation of open source confidential cloud tools. Two of the Consortium's initial open-source projects, Open Enclave SDK and Red Hat Enarx, help developers create applications that can run with without modification across TEE platforms. You may get additionalinformation on confidential computing by browsing what is an AWS Nitro Enclave site.

But, many of the most widely used confidential computing technologies were developed by members businesses prior to the establishment of the Consortium. For instance, Intel SGX (Software Guard Extensions) technology, which allows TEEs on the Intel Xeon CPU platform, was available from 2016 and in the year 2018 IBM introduced confidential computing capabilities generally available with the IBM Cloud(r) Hyper Protect Virtual Servers and IBM Cloud(r) Data Shield products.

Posted by: Technology Positive at 06:42 AM | No Comments | Add Comment
Post contains 541 words, total size 4 kb.