The Linux Foundation announced on 21 August at its Open Source Summit the intention to form the Confidential Computing Consortium, a community “dedicated to defining and accelerating the adoption of confidential computing”.
Many of the companies involved in the consortium are some of the world’s leading cloud service providers – including Google Cloud, Microsoft, Alibaba Cloud, IBM, Red Hat, Baidu, Intel, Red Hat, Swisscom, Arm and Tencent.
The consortium will bring together hardware vendors, cloud providers, developers, open source experts and academics to accelerate the confidential computing market; influence technical and regulatory standards; and build open source tools that provide the right environment for trusted execution environment (TEE) development.
Participants plan to make several open source project contributions to the Confidential Computing Consortium, including:
- Intel® Software Guard Extensions (Intel® SGX) Software Development Kit, designed to help application developers protect select code and data from disclosure or modification at the hardware layer using protected enclaves.
- Microsoft Open Enclave SDK, an open source framework that allows developers to build TEE applications using a single enclaving abstraction. Developers can build applications once that run across multiple TEE architectures.
- Red Hat Enarx, a project providing hardware independence for securing applications using TEEs.
The proposed structure for the Consortium includes a Governing Board, a Technical Advisory Council and separate technical oversight for each technical project. It is intended to host a variety of technical open source projects and open specifications to support confidential computing.
Confidential Computing Consortium will be funded through membership dues, and will anchor industry outreach and education initiatives.
“The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open source technologies,” Jim Zemlin, executive director at The Linux Foundation, said in a statement.
“The Confidential Computing Consortium is a leading indicator of what’s to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use,” he added.
“Confidential computing provides new capabilities for cloud customers to reduce trusted computing base in cloud environments and protect their data during runtime,” Xiaoning Li, chief security architect, Alibaba Cloud, said. “We are very excited to join [Confidential Computing Consortium] and work with the community to build a better confidential computing ecosystem.”
“Security is consistently top of mind for our customers, and, really, for all of us, as security incidents and data breaches make the headlines,” Chris Wright, senior vice president and Chief Technology Officer at Red Hat, added. “While hardware support for security continues to advance, creating secure computing environments can still be challenging.”
“We are developing the Enarx project to help developers deploy applications into computing environments which support higher levels of security and confidentiality and intend to bring it to the . . . Consortium,” he said. “We look forward to collaborating . . . to help make confidential computing the norm.”
“Confidential computing offers CPU-based hardware technology to protect cloud users’ data in use, which we believe will become a basic capability for cloud provider in future,” concluded Wei Li, vice president of Tencent Security, the head of Cloud Security.
For more information and to contribute to the project, visit: https://confidentialcomputing.io