Microsoft has invested in confidential computing for many years, so I’m excited to announce that Microsoft will join industry partners to create the Confidential Computing Consortium, a new organization that will be hosted at The Linux Foundation. The Confidential Computing Consortium will be dedicated to defining and accelerating the adoption of confidential computing.
Confidential computing technologies offer the opportunity for organizations to collaborate on their data sets without giving access to that data, to gain shared insights and to innovate for the common good. The Consortium, which will include other founding members Alibaba, ARM, Baidu, Google Cloud, IBM, Intel, Red Hat, Swisscom and Tencent, is the organization where the industry can come together to collaborate on open source technology and frameworks to support these new confidential computing scenarios.
As computing moves from on-premises to the public cloud and the edge, protecting data becomes more complex. There are three types of possible data exposure to protect against. One is data at rest and another data in transit. While there’s always room to improve and innovate, the industry has built technologies and standards to address these scenarios. The third possible exposure – or as I like to think of it, the critical ‘third leg of the stool’ – is data in use. Protecting data while in use is called confidential computing.
Protecting data in use means data is provably not visible in unencrypted form during computation except to the code authorized to access it. That can mean that it’s not even accessible to public cloud service providers or edge device vendors. This capability enables new solutions where data is private all the way from the edge to the public cloud. Some of the scenarios confidential computing can unlock include:
- Training multi-party dataset machine learning models or executing analytics on multi-party datasets, which can allow customers to collaborate to obtain more accurate models or deeper insights without giving other parties access to their data.
- Enabling confidential query processing in database engines within secure enclaves, which removes the need to trust database operators.
- Empowering multiple parties to leverage technologies like the Confidential Consortium Framework, which delivers confidentiality and high transaction throughput for distributed databases and ledgers.
- Protecting sensitive data at the edge, such as proprietary machine learning models and machine learning model execution, customer information, and billing/warranty logs.
Simply put, confidential computing capabilities, like the ability to collaborate on shared data without giving those collaborating access to that data, has the power to enable organizations to unlock the full potential of combined data sets. Future applications will generate more powerful understanding of industries’ telemetry, more capable machine learning models, and a new level of protection for all workloads.
However, enabling these new scenarios requires new attestation and key management services, and for applications to take advantage of those services and confidential computing hardware. There are multiple implementations of confidential hardware, but each has its own SDK. This leads to complexity for developers, inhibits application portability, and slows development of confidential applications.
This is where the Confidential Computing Consortium comes in, with its mission of creating technology, taxonomy, and cross-platform development tools for confidential computing. This will allow application and systems developers to create software that can be deployed across different public clouds and Trusted Execution Environment (TEE) architectures. The organization will also anchor industry outreach and education initiatives.
Microsoft will be contributing the Open Enclave SDK to the Confidential Computing Consortium to develop a broader industry collaboration and ensure a truly open development approach. Other founding members, Intel and Red Hat will be contributing Intel® SGX and Red Hat Enarx to the new group.
The Open Enclave SDK is targeted at creating a single unified enclave abstraction for developers to build TEE-based applications. It creates a pluggable, common way to create redistributable trusted applications securing data in use. The SDK originated inside Microsoft and was published on GitHub over a year ago under an open source license.
The Open Enclave SDK, which supports both Linux and Windows hosts and has been used and validated by multiple open source projects, was designed to:
- Make it easy to write and debug code that runs inside TEEs.
- Allow the development of code that’s portable between TEEs, starting with Intel® SGX and ARM TrustZone.
- Provide a flexible plugin model to support different runtimes and cryptographic libraries.
- Enable the development of auditable enclave code that works on both Linux and Windows.
- Have a high degree of compatibility with existing code.
We want to thank the Linux Foundation and all our industry partners for coming together to advance confidential computing. These technologies offer the promise to protect data and enable collaboration to make the world more secure and unlock multiparty innovations. Personally, I’m looking forward to seeing what we can all do together.
Let us know what you’d like to see from the Confidential Computing Consortium in the comments.