Computing on secret data is challenging with today’s cloud service provider (CSP) offerings. CSP have full visibility into their client’s workloads and data while run in a VM or container and shielding against other tenants. On the contrary, confidential computing (CC) techniques (e.g., Intel Software Guard Extension (SGX)) offer a reverse sandbox. These techniques shield the workload and data from accesses by the underlying system software (e.g., OS or VMM) and hardware attacks. Thus, preventing CSPs from accessing secrets. In addition, CC provides remote attestation to verify the integrity of applications.
Projects in this space focus on popular cloud deployment scenarios and automate the process to deploy applications in confidential compute enclaves.