Linux Foundation Forms the Confidential Computing Consortium to Protect Data In Use
When it comes to data security, there are two standard states where encryption is applied — at rest and in motion. When data is in use, however, it is most often left unencrypted. The Linux Foundation has assembled the Confidential Computing Consortium to define and accelerate the adoption of encrypted data in use, or “confidential computing.”
The consortium will consist of hardware vendors, cloud providers — including Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent — as well as developers and academics. The organization plans to help boost the confidential computing market, as well as weigh in on technical and regulatory standards, and develop tools open source tools for Trusted Execution Environment (TEE) development.
In addition to the numerous companies joining the consortium, several have also donated projects. Intel donated the Software Guard Extensions SDK, which works to “protect select code and data from disclosure or modification at the hardware layer using protected enclaves.” Microsoft donated the Open Enclave SDK, an open source framework that helps developers build TEE applications. And Red Hat donated Enarx, which provides a platform abstraction for TEEs. All of these work towards a common goal of making TEEs more accessible to developers — a key feature focus of the Confidential Computing Consortium, says John Gossman, a distinguished engineer at Microsoft.
“This is a pretty early technology. The chipsets themselves are still emerging and the next generation will be larger and faster, which will make building applications easier, but because it’s early, we often don’t know the best practices,” said Gossman. “It’s an instruction set, so it’s really low level. It’s not something that’s easily accessible to ordinary developers and so the Open Enclave SDK and the other code that is being contributed by the various vendors are all about making this very low level of very hard technology widely accessible to application developers in order to create an ecosystem of apps and platforms.”
For Jim Zemlin, executive director at the Linux Foundation, the only way to arrive at this sort of technological solution is for all of these different entities to come together in one place.
“Every time that you have a major initiative to advance technology as complicated as this, the industry realizes that it takes a whole ecosystem,” said Zemlin in an interview with The New Stack. “You need hardware vendors working together with software vendors working with cloud providers working with academics to accelerate something like this. For all of these folks to come together and work on it is an accomplishment in and of itself, but it’s really just getting us to the starting line.”
“The key here is that you have a broad set of stakeholders across the different components in the technical supply chain coming together. Essentially, the end goal is to enable better data security by protecting that data in use,” said Zemlin. To do that, you need to make the technology that you use to create those environments accessible, well understood, and built-in a standardized way, and that’s why it’s really important for the whole industry to come together like this.”
The consortium — a foundation by any other name — is currently working to form its various committees, which will include a governing board, a technical advisory council, and a separate technical oversight committee for each project, and projects will be available under the MIT open source license. The consortium will be funded through membership dues and will be accepting applications for members.
The Linux Foundation unveiled the new consortium at the Open Source Summit North America, held this week in San Diego.
The Linux Foundation is a sponsor of The New Stack.
Feature image by Jill Wellington from Pixabay.