Feed abonnieren

This post series presents various forms of attestation for various Confidential Computing use cases. Confidential Computing is a set of technologies designed to protect data in use, for example using memory encryption. Data at rest (on disk) and data in transit (over the network) can already be protected using existing technologies. Attestation, generally speaking, is the process of proving some properties of a system. Attestation plays a central role in asserting that confidential systems are indeed confidential.

This series focuses on four primary use cases:

  1. Confidential virtual machines
  2. Confidential workloads 
  3. Confidential containers
  4. Confidential clusters

Establishing a solid chain of trust in each case uses similar, but subtly different techniques. This is an evolving field, where new techniques are continuously being developed.


LIST OF BLOGS

Confidential computing primer

May 2, 2023 - Christophe de Dinechin, David Gilbert, James Bottomley

This article is the first in a six-part series in which we present various usage models for confidential computing, a set of technologies designed to protect data in use—for example by using memory encryption—and the requirements to get the expected security and trust benefits from t​​he technology...Read full post

Attestation in confidential computing

May 4, 2023 - Christophe de Dinechin, David Gilbert, James Bottomley

This article is the second in a six-part series where we present various usage models for confidential computing, a set of technologies designed to protect data in use—for example using memory encryption—and the requirements to get the expected security and trust benefits from t​​he technology…Read full post

Confidential computing use cases

May 16, 2023 - Christophe de Dinechin, David Gilbert, James Bottomley

This article is the third in a six-part series where we present various usage models for confidential computing, a set of technologies designed to protect data in use—for example using memory encryption—and the requirements to get the expected security and trust benefits from t​​he technology…Read full post

Confidential computing: From root of trust to actual trust

June 2, 2023 - Christophe de Dinechin, David Gilbert, James Bottomley

This article is the fourth in a six-part series where we present various use cases for confidential computing—a set of technologies designed to protect data in use, like memory encryption, and what needs to be done to get the technologies’ security and trust benefits…Read full post

Confidential computing platform-specific details

June 16, 2023 - Christophe de Dinechin

Confidential Computing is a set of technologies designed to protect data in use (for example, it provides memory encryption). This article is fifth in a six-part series about various Confidential Computing usage models, and the requirements to get the expected security and trust benefits.…Read full post

Confidential computing: 5 support technologies to explore

June 22, 2023 - Christophe de Dinechin

This article is the last in a six-part series presenting various usage models for Confidential Computing, a set of technologies designed to protect data in use. In this article, I explore interesting support technologies under active development in the confidential computing community..…Read full post


Videos

Chains of trust in Confidential Computing - KVM Forum 2023 

This technology can be used in a number of ways, notably to implement Confidential Virtual Machines, Confidential Containers and Confidential Clusters. This talk explores the various chains of trust required to preserve confidentiality in each of these use cases. In each scenario, we will describe the root of trust, what is being proven, who verifies the proof, and what a successful verification allows, We will discuss techniques and technologies such as local and remote attestation, firmware-based certification, the use and possible implementations of a virtual TPM, attested TLS. We will also discuss the different requirements to attest an execution environment, a workload, a user, or a node joining a cluster. 


Über den Autor

Nach Thema durchsuchen

automation icon

Automatisierung

Das Neueste zum Thema IT-Automatisierung für Technologien, Teams und Umgebungen

AI icon

Künstliche Intelligenz

Erfahren Sie das Neueste von den Plattformen, die es Kunden ermöglichen, KI-Workloads beliebig auszuführen

open hybrid cloud icon

Open Hybrid Cloud

Erfahren Sie, wie wir eine flexiblere Zukunft mit Hybrid Clouds schaffen.

security icon

Sicherheit

Erfahren Sie, wie wir Risiken in verschiedenen Umgebungen und Technologien reduzieren

edge icon

Edge Computing

Erfahren Sie das Neueste von den Plattformen, die die Operations am Edge vereinfachen

Infrastructure icon

Infrastruktur

Erfahren Sie das Neueste von der weltweit führenden Linux-Plattform für Unternehmen

application development icon

Anwendungen

Entdecken Sie unsere Lösungen für komplexe Anwendungsherausforderungen

Original series icon

Original Shows

Interessantes von den Experten, die die Technologien in Unternehmen mitgestalten