Some of the biggest names in the cloud and hardware ecosystem have agreed to join a new industry group focused on promoting safe computing practices.
Founding members include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent.
Named the Confidential Computing Consortium, this industry group’s goals will be to come up with strategies and tools to accelerate the adoption of “confidential computing.”
By confidential computing, the group is referring to hardware and software-based technical solutions for isolating user data inside a computer’s memory while it’s being processed, to avoid exposing it to other applications, the operating system, or other cloud server tenants.
The easiest way of supporting confidential computing practices is through the use of trusted execution environments (TEEs), also known as enclaves.
These are hardware and/or software-enforced private regions of a computer’s CPU memory where only certain apps can write and read data.
TEEs are often used in cloud computing, where cloud service providers use enclaves to safeguard a customer’s data while it’s being processed on cloud servers that are often shared by multiple users.
However, even the most mundane apps, such as the ones running on a laptop or smartphone, can use enclaves if they want to make sure other apps can’t access a user’s most sensitive data — e.g. password managers, browsers, mobile wallets.
Promoting the use of TEEs will be one of the Confidential Computing Consortium main objectives. Members will help achieve this by contributing open-source tools that make working with enclaves much easier, by creating regulatory standards, and by running educational campaigns among their customers and the developer community.
As part of today’s launch, Intel, Microsoft, and Red Hat announced they were contributing three open-source tools to the new consortium.
- Intel® Software Guard Extensions (Intel® SGX) Software Development Kit, designed to help application developers protect select code and data from disclosure or modification at the hardware layer using protected enclaves.
- Microsoft Open Enclave SDK, an open source framework that allows developers to build Trusted Execution Environment (TEE) applications using a single enclaving abstraction. Developers can build applications once that run across multiple TEE architectures.
- Red Hat Enarx, which provides a platform abstraction for Trusted Execution Environments (TEEs) enabling creating and running “private, fungible, serverless” applications.
All these tools have been available as open source projects for years. By contributing, ZDNet asumes they are to be transfered under the governence of this new consortium, which will have the ability to steer their development on commonly-agreed paths, rather than each one being developed individually by their original creators.
A tool missing from this line-up is Google Cloud’s Asylo. Just like the three tools above, Asylo was developed by Google Cloud engineers as an open-source framework and SDK for developing applications that run in trusted execution environments (TEEs). There was no formal announcement that Asylo will be transfered from Google Cloud’s leadership to the new consortium.
The Confidential Computing Consortium’s creation was announced today by the Linux Foundation, who will oversee its activities.
Related cybersecurity coverage: