New Cross-Industry Effort to Advance Computational Trust and Security for Next-Generation Cloud and Edge Computing
The Linux Foundation | 21 August 2019
Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent will collaborate on open source technologies and standards that accelerate the adoption of confidential computing
SAN DIEGO, Calif., Open Source Summit, August 21, 2019 – The Linux Foundation today announced the intent to form the Confidential Computing Consortium, a community dedicated to defining and accelerating the adoption of confidential computing. Companies committed to this work include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.
Across industries computing is moving to span multiple environments, from on premises to public cloud to edge. As companies move these workloads to different environments, they need protection controls for sensitive IP and workload data and are increasingly seeking greater assurances and more transparency of these controls. Current approaches in cloud computing address data at rest and in transit but encrypting data in use is considered the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data. Confidential computing will enable encrypted data to be processed in memory without exposing it to the rest of the system and reduce exposure for sensitive data and provide greater control and transparency for users.
“The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open source technologies,” said Jim Zemlin, executive director at The Linux Foundation. “The Confidential Computing Consortium is a leading indicator of what’s to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use.”
The Confidential Computing Consortium will bring together hardware vendors, cloud providers, developers, open source experts and academics to accelerate the confidential computing market; influence technical and regulatory standards; and build open source tools that provide the right environment for TEE development. The organization will also anchor industry outreach and education initiatives.
Participants plan to make several open source project contributions to the Confidential Computing Consortium, including:
- Intel® Software Guard Extensions (Intel® SGX) Software Development Kit, designed to help application developers protect select code and data from disclosure or modification at the hardware layer using protected enclaves.
- Microsoft Open Enclave SDK, an open source framework that allows developers to build Trusted Execution Environment (TEE) applications using a single enclaving abstraction. Developers can build applications once that run across multiple TEE architectures.
- Red Hat Enarx, a project providing hardware independence for securing applications using TEEs.
The proposed structure for the Consortium includes a Governing Board, a Technical Advisory Council and separate technical oversight for each technical project. It is intended to host a variety of technical open source projects and open specifications to support confidential computing. Confidential Computing Consortium will be funded through membership dues. For more information and to contribute to the project, please visit: https://confidentialcomputing.io
“Confidential computing provides new capabilities for cloud customers to reduce trusted computing base in cloud environments and protect their data during runtime. Alibaba launched Alibaba Encrypted Computing technology powered by Intel SGX in Sep 2017 and has provided commercial cloud servers with SGX capability to our customers since April 2018. We are very excited to join CCC and work with the community to build a better confidential computing ecosystem,” said Xiaoning Li, chief security architect, Alibaba Cloud.
“Arm’s vision for the next-generation infrastructure requires complete edge-to-cloud security for protecting and managing the data across a trillion connected devices,” said Richard Grisenthwaite, senior vice president, chief architect and fellow, Architecture and Technology Group, Arm. “Arm is already very involved in helping to develop the Confidential Compute Consortium’s charter, and we see our participation and the new Open Enclave SDK as a critical collaboration with the rest of the industry in making TEE’s easy to deploy.”
“The formation of Confidential Computing Consortium under Linux Foundation is an important step towards the future of technologies across cloud computing, blockchain and security. It will help to create the global technical standards of confidential computing and promote its business use at the enterprise level in different industries,” said Fei Song, head of product committee, AI Cloud, Baidu.
“To help users make the best choice for how to protect their workloads, they need to be met with a common language and understanding around confidential computing. As the open source community introduces new projects like Asylo and OpenEnclave SDK, and hardware vendors introduce new CPU features that change how we think about protecting programs, operating systems, and virtual machines, groups like the Confidential Computing Consortium will help companies and users understand its benefits and apply these new security capabilities to their needs,” said Royal Hansen, vice president, Security, Google.
“IBM was one of the earliest companies to champion open source, and now aligned with Red Hat we are excited for the future. One of the emerging areas of interest to our IBM Cloud and Systems clients is Trusted Execution Environments (TEEs). Combined with new open software projects like Enarx and OpenEnclave SDK, they hold the promise of making future workloads as secure as possible in the next chapter of cloud. IBM has a history of leadership in secure computing, and we are proud to join the Confidential Computing Consortium to help it fulfill its promise of spanning multiple hardware architectures and cloud platforms, to protect tomorrow’s applications and data,” said Todd Moore, vice president, Open Technology and Developer Advocacy, IBM.
“Software developed through this consortium is critical to accelerating confidential computing practices built with open source technology and Intel SGX,” said Imad Sousou, corporate vice president and general manager, System Software Products at Intel. “Combining the Intel SGX SDK with Microsoft’s Open Enclave SDK will help simplify secure enclave development and drive deployment across operating environments.”
“The Open Enclave SDK is already a popular tool for developers working on Trusted Execution Environments, one of the most promising areas for protecting data in use,” said Mark Russinovich, chief technical officer, Microsoft. “We hope this contribution to the Consortium can put the tools in even more developers’ hands and accelerate the development and adoption of applications that will improve trust and security across cloud and edge computing.”
“Security is consistently top of mind for our customers, and, really, for all of us, as security incidents and data breaches make the headlines. While hardware support for security continues to advance, creating secure computing environments can still be challenging,” said Chris Wright, senior vice president and Chief Technology Officer at Red Hat. “We are developing the Enarx project to help developers deploy applications into computing environments which support higher levels of security and confidentiality and intend to bring it to the Confidential Computing Consortium. We look forward to collaborating with the broader industry and the Confidential Computing Consortium to help make confidential computing the norm.”
“As the leading telecom and ICT provider in Switzerland, we adhere to the highest security standards. Something that is particularly important given the increasing relevance of security for our customers in the wake of new technologies such as 5G and critical IoT or cloud applications. It is a privilege that we, as a Swiss company, are able to join forces with internationally leading technology companies to launch the Confidential Computing Consortium and are thus helping to define standards, frameworks and tools for securing data in the cloud,” said Christoph Aeschlimann, CTO & CIO, Swisscom.
“Confidential computing offers CPU-based hardware technology to protect cloud users’ data in use, which we believe will become a basic capability for cloud provider in future,” said Wei Li, vice president of Tencent Security, the head of Cloud Security.
About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation projects like Linux, Kubernetes, Node.js and more are considered critical to the development of the world’s most important infrastructure. Its development methodology leverages established best practices and addresses the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.