Advanced searches left 3/3
Search only database of 8 mil and more summaries

Confidential Computing

Summarized by PlexPage
Last Updated: 02 July 2021

* If you want to update the article please login/register

General | Latest Info

Major tech companies including Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft, and Red Hat today announced their intent to form a Confidential Computing Consortium to improve Security for Data in Use. Establish by Linux Foundation, organization plans to bring together hardware vendors, developers, Open Source experts, and others to promote use of Confidential Computing, advance common Open Source standards, and better protect data. Confidential Computing focuses on securing Data in Use. Current approaches to securing data often address data at rest and in transit, but encrypting Data in Use is possibly the most challenging step to providing a fully encrypted lifecycle for sensitive data, Linux Foundation said today in a joint statement. Confidential Computing will enable encrypted data to be processed in memory without exposing it to the rest of the system and reduce exposure to sensitive data and provide greater control and transparency for users. The Consortium also says the group was formed because Confidential Computing will become more important as more enterprise organizations move between different computer environments like public Cloud, on - premises servers, or edge. To get things start, companies make a series of Open Source project contributions including Intel Software Guard Extension, SDK for code Protection at hardware layer. Microsoft contributed Open Enclave SDK for developers to build Trusted Execution Environment applications, and IBM Red Hat is sharing Enarx for running TEE applications. As enterprise customers demand more Data Security, approaches like Confidential Computing or federate learning could grow in adoption among machine learning practitioners. For example, in the Confidential Computing Challenge competition held by Google Cloud earlier this year, first place went to TF Trusted, project that brings together TensorFlow machine learning Framework, Confidential Computing, and Asylo Framework.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Confidential Computing Consortium

San FRANCISCO, Oct. 17, 2019 / PRNewswire / - Confidential Computing Consortium, Linux Foundation project and community dedicated to defining and accelerating adoption of Confidential Computing, today announced the formalization of its organization with founding premiere members Alibaba, Arm, Google Cloud, Huawei, Intel, Microsoft and Red Hat. General members include Baidu, ByteDance, decentriq, Fortanix, Kindite, Oasis Labs, Swisscom, Tencent and VMware. The intent to form a Confidential Computing Consortium was announced at the Open Source Summit in SAN Diego earlier this year. Organizations aim to address data in use, enabling encrypted data to be processed in memory without exposing it to the rest of the system, reducing exposure to sensitive data and providing greater control and transparency for users. This is among the very first industry - wide initiatives to address data in use, as current Security approaches largely focus on data at rest or data in transit. The focus of Confidential Computing Consortium is especially important as companies move more of their workloads to span multiple environments, from on premises to public Cloud and To edge. With formalization of the group, open governance structure is established and includes a Governing Board, Technical Advisory Council and separate oversight for each technical project. It is intended to host a variety of Technical Open Source projects and Open specifications to support Confidential Computing. Consortium is funded by membership dues. For more information and to contribute to the project, please visit: https: / confidentialcomputing. Io Software Guard Extensions SDK, design helps application developers protect select code and data from disclosure or modification at the hardware layer using protected enclaves in memory. Open Enclave SDK, is an Open Source framework that allows developers to build Trusted Execution Environment applications using single enclaving abstraction. Developers can build applications once that run across multiple TEE architectures. Enarx, project provides hardware independence for securing applications using TEEs. Consortium is the Bronze sponsor of Open Source Summit Europe and will be hosting three sessions, beginning with a session on how to approach Security for data in use and Birds of Feather service n on Monday, October 28 and a panel about the state of Consortium on Tuesday, October 29. Member comments about the Consortium can be found in the accompanying quote sheet: https: / www. Linuxfoundation. Org / press - release / 2019 / 10 / Confidential - Computing - Foundation - founding - member - comments / about Confidential Computing Consortium established in 2019, Confidential Computing Consortium brings together hardware vendors, Cloud providers, developers, Open Source experts and academics to accelerate the Confidential Computing market; influence Technical and regulatory standards; build Open Source tools that provide right Environment for TEE development and host industry outreach and education initiatives. Its aims are to address computational trust and security for data in use, enabling encrypted data to be processed in memory without exposing it to the rest of the system, reducing exposure to sensitive data and providing greater control and transparency for users. For more information, please visit: https: / confidentialcomputing.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Improving data confidentiality

By Richard Searle Sep 14 2020 according to Confidential Computing Consortium: Confidential Computing is protection of data in use using hardware - base Trusted Execution Environments. Trusted Execution Environment is commonly defined as an environment that provides a level of assurance of data integrity, data confidentiality, and code integrity. Hardware - base TEE uses hardware - back techniques to provide increased security guarantees for execution of code and protection of data within that environment. Because protected memory regions, or secure enclaves, established by TEE provide Encryption for data in use, they render private data invisible to Cloud providers and host operating systems. They increase the level of security for organizations that manage regulate and sensitive data by preventing unauthorized entities any access or modification of data and applications while they are in use. These unauthorized entities include anyone or thing with physical access to hardware, including system administrators, infrastructure owner,s service providers, host operating system and hypervisor, and other applications on host. Data confidentiality ensure any unauthorized entity cannot access data while it is in use within TEE. Data integrity prevents unauthorized entities outside the boundary of TEE from changing data when it is being used. Code integrity refers to the fact that code in TEE cannot be replaced or modified by unauthorized entities. Contrary to approaches that do not use hardware - base TEE, these attributes assure organizations that information is kept confidential, and that computations performed are correct, enabling organizations to fully trust the results of computations. With more attacks against storage and network devices foiled by data at rest and in transit security measures, hackers are now turning their attention to and targeting data in use. And with more data moving to the cloud, traditional network and physical perimeter security cannot fully protect organizations from such attacks. Attack patterns against Cloud - base code and data in use include insider threats, Firmware compromise, and hypervisor and container breakout.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

IBMs focus on confidential computing

The underlying concept behind Confidential Computing is to focus almost exclusively on protecting data regardless of where it resides and what technology is deployed to protect related sites. Ibm clients like Bank of America and Daimler validate the power of this approach and, in the end, this is simply a reminder that the goal is to buy a lot of security software so you can protect yourself if there is a breach. It is to ensure there is no breach in the first place, and even if there is, data remains confidential and safe. Perhaps we all should focus more on Confidential Computing because it is getting pretty crazy out there.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Vendors

Examples of vendors that participate in the Confidential Computing Consortium include Google, Microsoft, IBM, Intel, Alibaba, ARM, Red Hat, Baidu, Tencent and Swisscom. Some examples of tools these vendors offer include Microsoft's Open Enclave and Azure, as well as Google's Asylo. Microsoft has a new security model for Azure called Confidential Computing, which encrypts data in transit, at rest and while in use. Google Asylo is another application for Confidential Computing. Asylo consists of an Open source framework and software development kit that uses Secure Enclaves to process data. Asylo is provided through Google's container repository or as a Docker image that can be used on platforms that support TEE - This makes Asylo much more flexible in terms of hardware configurations. Red Hat contributed the Enarx framework, which is like a version of Open Enclave, but for Linux and public Cloud environments. Google also offers its own version of Enclave network, called Asylo, which can be used to guard against data breaches. Arm is developing a tool called ARM TrustZone, which will also support Confidential Computing.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

The Emerging: Blockchain, of course

Concepts of Confidential Computing, trust Execution Environments, enclaves are nice in principle, but lack of industry standard, despite this promise, hampers adoption of this emerging technology. Dependence on specific hardware, complexity and lack of Application Development tools to run in Confidential Computing Environments have also not helped in broader adoption. Its still too early to say which is best. Different hardware manufacturers also do necessarily work together to ensure their technologies are interoperable, making any comparison even more challenging. Not even security is 100% guarantee. With Confidential Computing turned on, data is decryptable on the chip itself but remains encrypted to everyone else, including CLOUD provider, since one not even system admin of a virtual machine, can access decryption keys stored only on the chip. All of this could make chips own Security single point of failure, though. Last year, new form of cyber attack called Plundervolt gave attackers access to sensitive data stores in Intel SGX Secure Enclave. Plundervolt web site nicely describes how little undervolting of CPU can cause a lot of problems. Amd is not immune too, and this is by design. With Secure Memory Encryption means to encrypt specific memory pages, OS kernel is not protect, as it is with Intel SGX. An Attackers could potentially compromise the kernel. Sme is designed to protect against cold - boot attacks, snooping on Memory buses and disclosure of transient data store in Memory pages. The direction that hardware development is taking offers some encouragement. Those of US who have despair of ever truly securing our Software may well be right; we need levels of defence that come into play when Software has fail. Do right, hardware - based defences can come to rescue without taking away our power to secure and control our own systems.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

IBM Cloud

As the number of Cloud Security - related breaches continues to skyrocket and more high - profile organizations higher each year, more and more companies have turned to Confidential Computing Services to keep their data safe while it's being used. For two years, IBM has been deploying Confidential Computing capabilities in IBM Cloud and Rohit Badlaney, Vice President of IBM Z Hybrid Cloud, say it is only Public Cloud with production - Ready Confidential Computing capabilities able to Protect Data, applications and processes. Badlaney explains that Data Security generally revolves around protecting data at rest, in transit, and in use. There are now well - established ways to provide protection for data at rest and data in transit, but protecting data in use has long been a problem companies have sought to solve, only turning to Confidential Computing in the last few years as a viable option. Ibm's Platform is now used in heavily regulated industries like healthcare and banking, with high profile customers like Bank of America and Daimler taking advantage of Confidential Cloud Computing capabilities. We 've had tremendous success over the last four to five years in generalizing and commercializing Confidential Computing technology into the entire family of Cloud Services, Badlaney say. Our point of view on Confidential Computing is that the Trusted Execution Environment is interesting, but you want to surround it with a set of services that also leverage the same kind of underlying hardware and software innovation in Confidential Computing. So we 've built this whole family, especially for markets like Financial Services that have been nervous about moving anything into Public Cloud. In order to deliver Confidential Computing, we believe technology providers must provide protection across the entirety of the compute lifecycle - which includes everything from build process and key management to Security of Data Services. Failure to Fully Protect any of these layers can leave the client's business process expose. He added that the whole suite of tools has been available for two years and was launched around May 2018. Ibm has not expanded Confidential Computing into the entire IBM Cloud but plans to by the middle of next year. Badlaney says it will become pretty core to our enterprise grade value proposition that underpins our Industry Cloud push. Daimler, corporation behind luxury vehicle brands like Mercedes - Benz and Maybach, needs Confidential Computing for critical workload that was being moved to Public Cloud, Badlaney explain. They wanted to make sure that we, IBM, couldn't access their data or their applications we were protecting. Most Cloud providers provide operational assurance for insider threats, so they 'll monitor logins, they 'll add a bunch of automation. The way our technology is set, we technically, even if we want to, ca go in and look at client data, Badlaney say. In Daimler's case, they need the data tier to be locked down and then we surround it with executing modules and our key protection technology that make the Daimler team the only ones with Access to Data.


Thoughts on IBM Confidential Computing

Confidential Computing is a relatively new concept that aims to tackle issues with data security. Its relatively easy to secure data at rest, as well as when data is in transit. In each of these scenarios, encryption is a try - and - true method of securing data and ensuring its integrity. The real challenge is how to secure data while it is being used with traditional methods, no matter how effective encryption algorithms may be, data must still be decrypted in order to manipulate it. As a result, this creates natural weak point in even the best of encryption and security protocols. This is a challenge that Confidential Computing strives to address. As Fahmida Rashid writes for IEEE: Confidential Computing uses hardware - base techniques to isolate data, specific functions, or entire application from operating system, hypervisor or virtual machine manager, and other privileged processes. Data is stored in a trusted execution environment, where it is impossible to view data or operations performed on it from outside, even with a debugger. Tee ensure that only authorized code can access data. If the code is altered or tampered with, TEE denies operation. In short order, many of the major Cloud providers have got behind Confidential Computing, even forming Confidential Computing Consortium to further technology.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Microsoft Azure

Value proposition for potential buyers: Microsoft has been working on Confidential Computing even longer, since 2013. Seven years in development, Azure Confidential Computing addresses that lingering weakness in data processing systems that hackers and malware coders can exploit to breach private data. Although organizations can use encryption that protects data at rest and in transit, along with a variety of other security tools and controls, those protections are stripped away when it comes time to process data and run computational tasks on it. It's this data - in - use state that often allows hackers malware to access organization's sensitive data. Azure Confidential Computing prevents this with an approach that essentially encrypts data while it's in use,


Introducing Azure confidential computing

Microsoft spends one billion dollars per year on cybersecurity and much of that goes to making Microsoft Azure the most trusted cloud platform. From strict physical datacenter security, ensuring data privacy, encrypting data at rest and in transit, novel uses of machine learning for threat detection, and use of stringent operational software development lifecycle controls, Azure represents the cutting edge of cloud security and privacy. Today, I am excited to announce that Microsoft Azure is the first cloud to offer new data security capabilities with a collection of features and services called Azure confidential computing. Put simply, confidential computing offers protection that to date has been missing from public clouds, encryption of data while in use. This means that data can be processed in cloud with assurance that it is always under customer control. The Azure team, along with Microsoft Research, Intel, Windows, and our Developer Tools group, have been working on confidential computing software and hardware technologies for over four years. The bottom of this post includes a list of Microsoft Research papers relating to confidential computing. Today we take that cutting edge one step further by now making it available to customers via the Early Access program. Data breaches are virtually daily news events, with attackers gaining access to personally identifiable information, financial data, and corporate intellectual property. While many breaches are the result of poorly configured Access control, most can be traced to data that is Access while in use, either through administrative accounts, or by leveraging compromise keys to Access encrypt data. Despite advanced cybersecurity controls and mitigations, some customers are reluctant to move their most sensitive data to cloud for fear of attacks against their data when it is in use. With confidential computing, they can move data to Azure knowing that it is safe not only at rest, but also in use from following threats: malicious insiders with administrative privilege or direct access to hardware on which it is being processed. Hackers and malware that exploit bugs in operating system, application, or hypervisor Third parties accessing it without their consent confidential computing ensures that when data is in clear, which is required for efficient processing, data is protected inside the Trusted Execution Environment, example of which is shown in the figure below. Tees ensure there is no way to view data or operations inside from outside, even with a debugger. They even ensure that only authorized code is permitted to access data. If code is altered or tamper, operations are denied and the environment disable. Tee enforces these protections throughout the execution of the code within it. With Azure confidential computing, we are developing a platform that enables developers to take advantage of different TEEs without having to change their code. Initially, we support two TEEs, Virtual Secure Mode and Intel SGX. Virtual Secure Mode is software - base TEE that is implemented by Hyper - V in Windows 10 and Windows Server 2016.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Google Cloud

Value proposition for potential buyers: Google has been developing an open - source effort called Asylo, which provides a software development framework to help integrate core concepts of Confidential Computing. The name Asylo comes from the Greek language, where the word means safe space or sanctuary. Google Cloud claims Asylo which makes Confidential Computing easier to implement. Google positions its approach as the next step in advancing trust, control and Security for the Cloud. The core element of approach is making sure data in use is protected and encrypted against potential risks from underlying malicious hardware. Additionally, Confidential Computing offers the promise of providing an additional layer of protection against malicious insiders, network vulnerabilities and compromised operating systems.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Sources

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

logo

Plex.page is an Online Knowledge, where all the summaries are written by a machine. We aim to collect all the knowledge the World Wide Web has to offer.

Partners:
Nvidia inception logo

© All rights reserved
2021 made by Algoritmi Vision Inc.

If you believe that any of the summaries on our website lead to misinformation, don't hesitate to contact us. We will immediately review it and remove the summaries if necessary.

If your domain is listed as one of the sources on any summary, you can consider participating in the "Online Knowledge" program, if you want to proceed, please follow these instructions to apply.
However, if you still want us to remove all links leading to your domain from Plex.page and never use your website as a source, please follow these instructions.