At the Open Source Summit in San Diego, California on August 21, the Linux Foundation announced the formation of the Confidential Computing Consortium. Confidential computing is an approach using encrypted data that enables organizations to share and collaborate, while still maintaining privacy. Among the initial backers of the effort are Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.
“The context of confidential computing is that we can actually use the data encrypted while programs are working on it,” John Gossman, distinguished engineer at Microsoft, said during a keynote presentation announcing the new effort.
Initially there are three projects that are part of the Confidential Computing Consortium, with an expectation that more will be added over time. Microsoft has contributed its Open Enclave SDK, Red Hat is contributing the Enarx project for Trusted Execution Environments and Intel is contributing its Software Guard Extensions (SGX) software development kit.
Lorie Wigle, general manager, platform security product management at Intel, explained that Intel has had a capability built into some of its processors called software guard which essentially provides a hardware-based capability for protecting an area of memory.
“You can think of it as a trusted execution environment,” she said. “In that trusted execution environment, the hardware protection is there for both the data as well as the code.”
Wigle noted that as there is a move toward increasing use of artificial intelligence, people care about the privacy of data, but are also interested in protecting their own proprietary algorithms as well, since a lot of the time, that’s where the intellectual property resides.
While Inte’s SGX is a hardware level item, Microsoft’s Open Enclave SDK is designed to make it easier for users to get up and running with confidential computing. Gossman emphasized that the Open Enclave effort is all about making confidential computing accessible.
“This is middleware; it provides application portability and makes it easier to write applications that run across different devices and even into the cloud,” Gossman said.
The promise of confidential computing is already finding multiple use cases, according to Wigle. She said that, for example, collaboration is already happening with healthcare data, where sensitive data can be shared safely in a way that is helping to potentially unlock new innovations.
“We live in a world where a lot of times convenience and privacy are at tension with each other and this is a capability that has a promise of letting us have it all,” Wigle said. “However, we do need to cooperate with others to make that happen.”
Gossman explained that fundamentally what confidential computing can enable is transactions and collaboration between multiple parties that don’t necessarily entirely trust each other, yet still want to work with each other.
The overall promise of confidential computing could potentially be transformational in ways that aren’t yet known, which is one of the reasons why the Linux Foundation has helped to facilitate the creation of the new consortium.
“We're really excited about this effort,” said Jim Zemlin, executive director of the Linux Foundation. “We do think this is something that can improve security and privacy for all of us.”