Iscriviti al feed

This post series presents various forms of attestation for various Confidential Computing use cases. Confidential Computing is a set of technologies designed to protect data in use, for example using memory encryption. Data at rest (on disk) and data in transit (over the network) can already be protected using existing technologies. Attestation, generally speaking, is the process of proving some properties of a system. Attestation plays a central role in asserting that confidential systems are indeed confidential.

This series focuses on four primary use cases:

  1. Confidential virtual machines
  2. Confidential workloads 
  3. Confidential containers
  4. Confidential clusters

Establishing a solid chain of trust in each case uses similar, but subtly different techniques. This is an evolving field, where new techniques are continuously being developed.


LIST OF BLOGS

Confidential computing primer

May 2, 2023 - Christophe de Dinechin, David Gilbert, James Bottomley

This article is the first in a six-part series in which we present various usage models for confidential computing, a set of technologies designed to protect data in use—for example by using memory encryption—and the requirements to get the expected security and trust benefits from t​​he technology...Read full post

Attestation in confidential computing

May 4, 2023 - Christophe de Dinechin, David Gilbert, James Bottomley

This article is the second in a six-part series where we present various usage models for confidential computing, a set of technologies designed to protect data in use—for example using memory encryption—and the requirements to get the expected security and trust benefits from t​​he technology…Read full post

Confidential computing use cases

May 16, 2023 - Christophe de Dinechin, David Gilbert, James Bottomley

This article is the third in a six-part series where we present various usage models for confidential computing, a set of technologies designed to protect data in use—for example using memory encryption—and the requirements to get the expected security and trust benefits from t​​he technology…Read full post

Confidential computing: From root of trust to actual trust

June 2, 2023 - Christophe de Dinechin, David Gilbert, James Bottomley

This article is the fourth in a six-part series where we present various use cases for confidential computing—a set of technologies designed to protect data in use, like memory encryption, and what needs to be done to get the technologies’ security and trust benefits…Read full post

Confidential computing platform-specific details

June 16, 2023 - Christophe de Dinechin

Confidential Computing is a set of technologies designed to protect data in use (for example, it provides memory encryption). This article is fifth in a six-part series about various Confidential Computing usage models, and the requirements to get the expected security and trust benefits.…Read full post

Confidential computing: 5 support technologies to explore

June 22, 2023 - Christophe de Dinechin

This article is the last in a six-part series presenting various usage models for Confidential Computing, a set of technologies designed to protect data in use. In this article, I explore interesting support technologies under active development in the confidential computing community..…Read full post


Videos

Chains of trust in Confidential Computing - KVM Forum 2023 

This technology can be used in a number of ways, notably to implement Confidential Virtual Machines, Confidential Containers and Confidential Clusters. This talk explores the various chains of trust required to preserve confidentiality in each of these use cases. In each scenario, we will describe the root of trust, what is being proven, who verifies the proof, and what a successful verification allows, We will discuss techniques and technologies such as local and remote attestation, firmware-based certification, the use and possible implementations of a virtual TPM, attested TLS. We will also discuss the different requirements to attest an execution environment, a workload, a user, or a node joining a cluster. 


Sull'autore

UI_Icon-Red_Hat-Close-A-Black-RGB

Ricerca per canale

automation icon

Automazione

Novità sull'automazione IT di tecnologie, team e ambienti

AI icon

Intelligenza artificiale

Aggiornamenti sulle piattaforme che consentono alle aziende di eseguire carichi di lavoro IA ovunque

open hybrid cloud icon

Hybrid cloud open source

Scopri come affrontare il futuro in modo più agile grazie al cloud ibrido

security icon

Sicurezza

Le ultime novità sulle nostre soluzioni per ridurre i rischi nelle tecnologie e negli ambienti

edge icon

Edge computing

Aggiornamenti sulle piattaforme che semplificano l'operatività edge

Infrastructure icon

Infrastruttura

Le ultime novità sulla piattaforma Linux aziendale leader a livello mondiale

application development icon

Applicazioni

Approfondimenti sulle nostre soluzioni alle sfide applicative più difficili

Original series icon

Serie originali

Raccontiamo le interessanti storie di leader e creatori di tecnologie pensate per le aziende