Several of the world's best-known computer hardware and software have formed the Confidential Computing Consortium that aims to provide a fully encrypted life-cycle for encrypted data, to protect confidential user information.
Said to be the most challenging step when it comes to providing full data security, the CCC aims to provide the tools for encrypting data in use, that is in-memory, so that it can be processed without exposure to the rest of the system.
The Linux Foundation will host the CCC project, which has so far had commitments from ARM, Baidu, Google Cloud, Intel, Microsoft, Red Hat, Swisscom and Tencent.
Apple is conspiciously missing from the consortium, despite using both Intel hardware and inhouse designed ARM-based processors.
Of the first set of commitments, Intel will release its Software Guard Extensions (SGX) software development kit as open source through the CCC.
SGX uses enclaves, or hardware protected environments in which trusted applications can run, which allows developers to ensure code and data won't be leaked or modified.
Microsoft in turn will provide its Open Enclave SDK for building and signing Trusted Execution Environment (TEE) apps, which the company started trialling as part of its Azure confidental computing effort in 2017.
Red Hat meanwhile is making the Enarx platform abstraction tool for TEEs used for creating and executing private, fungible and serverless applications available for the CCC.
As for now, only 64-bit Windows and Linux operating systems on Intel x86 architecture processors and ARM AARCH-64 hardware are supported, under the liberal MIT License.
Intel's SGX has been analysed by security researchers, with now-patched vulnerabiltiies found in the technology that could allow malware to hide in the enclaves.
Nevertheless, while acknowledging the possibility of the technology being used for "nefarious purposes, the CCC says there are best practices to secure enclaves, and the project will be a place to educate developers on new threat models and how to protect against them.
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
