Confidential computing

Confidential computing is a security and privacy-enhancing computational technique focused on protecting data in use. Confidential computing can be used in conjunction with storage and network encryption, which protect data at rest and data in transit respectively.[1][2] It is designed to address software, protocol, cryptographic, and basic physical and supply-chain attacks, although some critics have demonstrated architectural and side-channel attacks effective against the technology.[3]

The technology protects data in use by performing computations in a hardware-based trusted execution environment (TEE).[3] Confidential data is released to the TEE only once it is assessed to be trustworthy. Different types of confidential computing define the level of data isolation used, whether virtual machine, application, or function, and the technology can be deployed in on-premise data centers, edge locations, or the public cloud. It is often compared with other privacy-enhancing computational techniques such as fully homomorphic encryption, secure multi-party computation, and Trusted Computing.

Confidential computing is promoted by the Confidential Computing Consortium (CCC) industry group, whose membership includes major providers of the technology.[4]

  1. ^ Fitzgibbons, Laura. "States of Digital Data". Data Management. TechTarget. Retrieved 2023-03-12.
  2. ^ Schuster, Felix (2022-10-03). "Constellation: The First Confidential Kubernetes Distribution". The New Stack. Retrieved 2023-03-12.
  3. ^ a b Akram, Ayaz; Akella, Venkatesh; Peisert, Sean; Lowe-Power, Jason (26–27 September 2022). "SoK: Limitations of Confidential Computing via TEEs for High-Performance Compute Systems". 2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED). IEEE. pp. 121–132. doi:10.1109/SEED55351.2022.00018. ISBN 978-1-6654-8526-5. S2CID 253271359.
  4. ^ Rashid, Fahmida Y. (June 2020). "The rise of confidential computing: Big tech companies are adopting a new security model to protect data while it's in use". IEEE Spectrum. 57 (6): 8–9. doi:10.1109/MSPEC.2020.9099920. ISSN 1939-9340. S2CID 219767651.