订阅内容

This post series presents various forms of attestation for various Confidential Computing use cases. Confidential Computing is a set of technologies designed to protect data in use, for example using memory encryption. Data at rest (on disk) and data in transit (over the network) can already be protected using existing technologies. Attestation, generally speaking, is the process of proving some properties of a system. Attestation plays a central role in asserting that confidential systems are indeed confidential.

This series focuses on four primary use cases:

  1. Confidential virtual machines
  2. Confidential workloads 
  3. Confidential containers
  4. Confidential clusters

Establishing a solid chain of trust in each case uses similar, but subtly different techniques. This is an evolving field, where new techniques are continuously being developed.


LIST OF BLOGS

Confidential computing primer

May 2, 2023 - Christophe de Dinechin, David Gilbert, James Bottomley

This article is the first in a six-part series in which we present various usage models for confidential computing, a set of technologies designed to protect data in use—for example by using memory encryption—and the requirements to get the expected security and trust benefits from t​​he technology...Read full post

Attestation in confidential computing

May 4, 2023 - Christophe de Dinechin, David Gilbert, James Bottomley

This article is the second in a six-part series where we present various usage models for confidential computing, a set of technologies designed to protect data in use—for example using memory encryption—and the requirements to get the expected security and trust benefits from t​​he technology…Read full post

Confidential computing use cases

May 16, 2023 - Christophe de Dinechin, David Gilbert, James Bottomley

This article is the third in a six-part series where we present various usage models for confidential computing, a set of technologies designed to protect data in use—for example using memory encryption—and the requirements to get the expected security and trust benefits from t​​he technology…Read full post

Confidential computing: From root of trust to actual trust

June 2, 2023 - Christophe de Dinechin, David Gilbert, James Bottomley

This article is the fourth in a six-part series where we present various use cases for confidential computing—a set of technologies designed to protect data in use, like memory encryption, and what needs to be done to get the technologies’ security and trust benefits…Read full post

Confidential computing platform-specific details

June 16, 2023 - Christophe de Dinechin

Confidential Computing is a set of technologies designed to protect data in use (for example, it provides memory encryption). This article is fifth in a six-part series about various Confidential Computing usage models, and the requirements to get the expected security and trust benefits.…Read full post

Confidential computing: 5 support technologies to explore

June 22, 2023 - Christophe de Dinechin

This article is the last in a six-part series presenting various usage models for Confidential Computing, a set of technologies designed to protect data in use. In this article, I explore interesting support technologies under active development in the confidential computing community..…Read full post


Videos

Chains of trust in Confidential Computing - KVM Forum 2023 

This technology can be used in a number of ways, notably to implement Confidential Virtual Machines, Confidential Containers and Confidential Clusters. This talk explores the various chains of trust required to preserve confidentiality in each of these use cases. In each scenario, we will describe the root of trust, what is being proven, who verifies the proof, and what a successful verification allows, We will discuss techniques and technologies such as local and remote attestation, firmware-based certification, the use and possible implementations of a virtual TPM, attested TLS. We will also discuss the different requirements to attest an execution environment, a workload, a user, or a node joining a cluster. 


关于作者

按频道浏览

automation icon

自动化

有关技术、团队和环境 IT 自动化的最新信息

AI icon

人工智能

平台更新使客户可以在任何地方运行人工智能工作负载

open hybrid cloud icon

开放混合云

了解我们如何利用混合云构建更灵活的未来

security icon

安全防护

有关我们如何跨环境和技术减少风险的最新信息

edge icon

边缘计算

简化边缘运维的平台更新

Infrastructure icon

基础架构

全球领先企业 Linux 平台的最新动态

application development icon

应用领域

我们针对最严峻的应用挑战的解决方案

Original series icon

原创节目

关于企业技术领域的创客和领导者们有趣的故事