Rather than low-power or high-performanceĭevices that support specific use cases, these TEEs shield normal processes or virtual machinesĪnd can do so with relatively low overhead. Provide TEEs that are closely integrated with userspace. In recent years, a new kind of TEE has gained popularity. Additionally, high-end HSMsĬan be programmed so that arbitrary code can be compiled and executed. More keys and offering advanced physical attack detection mechanisms. In contrast, HSMs are optimized for high performance, providing secure storage for far Provide storage for only a few keys and are capable of just a small subset of cryptographic operations. To keep the cost low, TPMs are limited in scope, i.e., they TPMs are optimized for low cost, allowing them to be integrated into mainboards and act as a Store highly sensitive cryptographic keys and carry out critical cryptographic operations Technologies provide trusted environments for shielded computations. (HSMs) and Trusted Platform Modules (TPMs). Trusted Execution Environmentsįor more than a decade, Trusted Execution Environments (TEEs) have been available in commercialĬomputing hardware in the form of Hardware Security Modules While techniques to protect data in transitĪnd at rest are now commonly deployed, the third state - protecting data in use - is the new frontier.Ĭonfidential Computing aims to primarily solve the problem of protecting data in useīy introducing a hardware-enforced Trusted Execution Environment (TEE). (preventing or detecting unauthorized changes). To provide both data confidentiality (stopping unauthorized viewing) and data integrity In all of its states is more critical than ever. They provide a great motivation for the use of Confidential Computing:ĭata exists in three states: in transit, at rest, and in use. TheĬonfidential Computing Consortium (CCC) is a project community in the Linux Foundationĭefining and Enabling Confidential Computing. The Cloud-Native ecosystem, particularly Kubernetes, can benefit from the new compute paradigm.Ĭonfidential Computing is a concept that has been introduced previously in the cloud-native world. In this blog post, we will introduce the concept of Confidential Computing (CC) to improve any computing environment's security and privacy properties. Authors: Fabian Kammel (Edgeless Systems), Mikko Ylinen (Intel), Tobin Feldman-Fitzthum (IBM)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |