New Cross-Industry Effort to Advance Computational Trust and Security for Next-Generation Cloud and Edge Computing

Ali짯baba, Arm, Bai짯du, Goog짯le Cloud, IBM, Intel, Micro짯soft, Red Hat, Swiss짯com and Ten짯cent will col짯la짯bo짯ra짯te on open source tech짯no짯lo짯gies and stan짯dards that acce짯le짯ra짯te the adop짯ti짯on of con짯fi짯den짯ti짯al computing

SAN DIEGO, Calif., Open Source Sum짯mit, August 21, 2019  The Linux Foun짯da짯ti짯on today announ짯ced the intent to form the Con짯fi짯den짯ti짯al Com짯pu짯ting Con짯sor짯ti짯um, a com짯mu짯ni짯ty dedi짯ca짯ted to defi짯ning and acce짯le짯ra짯ting the adop짯ti짯on of con짯fi짯den짯ti짯al com짯pu짯ting. Com짯pa짯nies com짯mit짯ted to this work include Ali짯baba, Arm, Bai짯du, Goog짯le Cloud, IBM, Intel, Micro짯soft, Red Hat, Swiss짯com and Tencent.

Across indus짯tries com짯pu짯ting is moving to span mul짯ti짯ple envi짯ron짯ments, from on pre짯mi짯ses to  public cloud to edge. As com짯pa짯nies move the짯se workloads to dif짯fe짯rent envi짯ron짯ments, they need pro짯tec짯tion con짯trols for sen짯si짯ti짯ve IP and workload data and are incre짯asing짯ly see짯king grea짯ter assu짯ran짯ces and more trans짯pa짯ren짯cy of the짯se con짯trols. Cur짯rent approa짯ches in cloud com짯pu짯ting address data at rest and in tran짯sit but encryp짯ting data in use is con짯side짯red the third and pos짯si짯bly most chal짯len짯ging step to pro짯vi짯ding a ful짯ly encrypt짯ed life짯cy짯cle for sen짯si짯ti짯ve data. Con짯fi짯den짯ti짯al com짯pu짯ting will enable encrypt짯ed data to be pro짯ces짯sed in memo짯ry wit짯hout expo짯sing it to the rest of the sys짯tem and redu짯ce expo짯sure for sen짯si짯ti짯ve data and pro짯vi짯de grea짯ter con짯trol and trans짯pa짯ren짯cy for users.

The ear짯liest work on tech짯no짯lo짯gies that have the abili짯ty to trans짯form an indus짯try is often done in col짯la짯bo짯ra짯ti짯on across the indus짯try and with open source tech짯no짯lo짯gies, said Jim Zem짯lin, exe짯cu짯ti짯ve direc짯tor at The Linux Foun짯da짯ti짯on. 쏷he Con짯fi짯den짯ti짯al Com짯pu짯ting Con짯sor짯ti짯um is a lea짯ding indi짯ca짯tor of what셲 to come for secu짯ri짯ty in com짯pu짯ting and will help defi짯ne and build open tech짯no짯lo짯gies to sup짯port this trust infra짯struc짯tu짯re for data in use.

The Con짯fi짯den짯ti짯al Com짯pu짯ting Con짯sor짯ti짯um will bring tog짯e짯ther hard짯ware ven짯dors, cloud pro짯vi짯ders, deve짯lo짯pers, open source experts and aca짯de짯mics to acce짯le짯ra짯te the con짯fi짯den짯ti짯al com짯pu짯ting mar짯ket; influence tech짯ni짯cal and regu짯la짯to짯ry stan짯dards; and build open source tools that pro짯vi짯de the right envi짯ron짯ment for TEE deve짯lo짯p짯ment. The orga짯niza짯ti짯on will also anchor indus짯try out짯reach and edu짯ca짯ti짯on initiatives.

Par짯ti짯ci짯pan짯ts plan to make seve짯ral open source pro짯ject con짯tri짯bu짯ti짯ons to the Con짯fi짯den짯ti짯al Com짯pu짯ting Con짯sor짯ti짯um, including:

  • Intel짰 Soft짯ware Guard Exten짯si짯ons (Intel짰 SGX) Soft짯ware Deve짯lo짯p짯ment Kit, desi짯gned to help appli짯ca짯ti짯on deve짯lo짯pers pro짯tect sel짯ect code and data from dis짯clo짯sure or modi짯fi짯ca짯ti짯on at the hard짯ware lay짯er using pro짯tec짯ted enclaves.
  • Micro짯soft Open Encla짯ve SDK, an open source frame짯work that allows deve짯lo짯pers to build Trus짯ted Exe짯cu짯ti짯on Envi짯ron짯ment (TEE) appli짯ca짯ti짯ons using a sin짯gle encla짯ving abs짯trac짯tion. Deve짯lo짯pers can build appli짯ca짯ti짯ons once that run across mul짯ti짯ple TEE architectures.
  • Red Hat Enarx, a pro짯ject pro짯vi짯ding hard짯ware inde짯pen짯dence for secu짯ring appli짯ca짯ti짯ons using TEEs.

The pro짯po짯sed struc짯tu짯re for the Con짯sor짯ti짯um includes a Gover짯ning Board, a Tech짯ni짯cal Advi짯so짯ry Coun짯cil and sepa짯ra짯te tech짯ni짯cal over짯sight for each tech짯ni짯cal pro짯ject. It is inten짯ded to host a varie짯ty of tech짯ni짯cal open source pro짯jects and open spe짯ci짯fi짯ca짯ti짯ons to sup짯port con짯fi짯den짯ti짯al com짯pu짯ting. Con짯fi짯den짯ti짯al Com짯pu짯ting Con짯sor짯ti짯um will be fun짯ded through mem짯ber짯ship dues. For more infor짯ma짯ti짯on and to con짯tri짯bu짯te to the pro짯ject, plea짯se visit: https://confidentialcomputing.io

Sup짯port짯ing Quotes

Ali짯baba
쏞on짯fi짯den짯ti짯al com짯pu짯ting pro짯vi짯des new capa짯bi짯li짯ties for cloud cus짯to짯mers to redu짯ce trus짯ted com짯pu짯ting base in cloud envi짯ron짯ments and pro짯tect their data during run짯time. Ali짯baba laun짯ched Ali짯baba Encrypt짯ed Com짯pu짯ting tech짯no짯lo짯gy powered by Intel SGX in Sep 2017 and has pro짯vi짯ded com짯mer짯cial cloud ser짯vers with SGX capa짯bi짯li짯ty to our cus짯to짯mers sin짯ce April 2018. We are very exci짯ted to join CCC and work with the com짯mu짯ni짯ty to build a bet짯ter con짯fi짯den짯ti짯al com짯pu짯ting eco짯sys짯tem, said Xiao짯ning Li, chief secu짯ri짯ty archi짯tect, Ali짯baba Cloud.

Arm
쏛rm셲 visi짯on for the next-gene짯ra짯ti짯on infra짯struc짯tu짯re requi짯res com짯ple짯te edge-to-cloud secu짯ri짯ty for pro짯tec짯ting and mana짯ging the data across a tril짯li짯on con짯nec짯ted devices, said Richard Gri짯sen짯thwai짯te, seni짯or vice pre짯si짯dent, chief archi짯tect and fel짯low, Archi짯tec짯tu짯re and Tech짯no짯lo짯gy Group, Arm. 쏛rm is alre짯a짯dy very invol짯ved in hel짯ping to deve짯lop the Con짯fi짯den짯ti짯al Com짯pu짯te Consortium셲 char짯ter, and we see our par짯ti짯ci짯pa짯ti짯on and the new Open Encla짯ve SDK as a cri짯ti짯cal col짯la짯bo짯ra짯ti짯on with the rest of the indus짯try in making TEE셲 easy to deploy.

Bai짯du
쏷he for짯ma짯ti짯on of Con짯fi짯den짯ti짯al Com짯pu짯ting Con짯sor짯ti짯um under Linux Foun짯da짯ti짯on is an important step towards the future of tech짯no짯lo짯gies across cloud com짯pu짯ting, block짯chain and secu짯ri짯ty. It will help to crea짯te the glo짯bal tech짯ni짯cal stan짯dards of con짯fi짯den짯ti짯al com짯pu짯ting and pro짯mo짯te its busi짯ness use at the enter짯pri짯se level in dif짯fe짯rent indus짯tries, said Fei Song, head of pro짯duct com짯mit짯tee, AI Cloud, Baidu.

Goog짯le
쏷o help users make the best choice for how to pro짯tect their workloads, they need to be met with a com짯mon lan짯guage and under짯stan짯ding around con짯fi짯den짯ti짯al com짯pu짯ting. As the open source com짯mu짯ni짯ty intro짯du짯ces new pro짯jects like Asylo and Open짯En짯cla짯ve SDK, and hard짯ware ven짯dors intro짯du짯ce new CPU fea짯tures that chan짯ge how we think about pro짯tec짯ting pro짯grams, ope짯ra짯ting sys짯tems, and vir짯tu짯al machi짯nes, groups like the Con짯fi짯den짯ti짯al Com짯pu짯ting Con짯sor짯ti짯um will help com짯pa짯nies and users under짯stand its bene짯fits and app짯ly the짯se new secu짯ri짯ty capa짯bi짯li짯ties to their needs, said Roy짯al Han짯sen, vice pre짯si짯dent, Secu짯ri짯ty, Google.

IBM
IBM was one of the ear짯liest com짯pa짯nies to cham짯pi짯on open source, and now ali짯gned with Red Hat we are exci짯ted for the future. One of the emer짯ging are짯as of inte짯rest to our IBM Cloud and Sys짯tems cli짯ents is Trus짯ted Exe짯cu짯ti짯on Envi짯ron짯ments (TEEs). Com짯bi짯ned with new open soft짯ware pro짯jects like Enarx and Open짯En짯cla짯ve SDK, they hold the pro짯mi짯se of making future workloads as secu짯re as pos짯si짯ble in the next chap짯ter of cloud. IBM has a histo짯ry of lea짯der짯ship in secu짯re com짯pu짯ting, and we are proud to join the Con짯fi짯den짯ti짯al Com짯pu짯ting Con짯sor짯ti짯um to help it ful짯fill its pro짯mi짯se of span짯ning mul짯ti짯ple hard짯ware archi짯tec짯tures and cloud plat짯forms, to pro짯tect tomorrow셲 appli짯ca짯ti짯ons and data, said Todd Moo짯re, vice pre짯si짯dent, Open Tech짯no짯lo짯gy and Deve짯lo짯per Advo짯ca짯cy, IBM.

Intel
쏶oft짯ware deve짯lo짯ped through this con짯sor짯ti짯um is cri짯ti짯cal to acce짯le짯ra짯ting con짯fi짯den짯ti짯al com짯pu짯ting prac짯ti짯ces built with open source tech짯no짯lo짯gy and Intel SGX, said Imad Sou짯s짯ou, cor짯po짯ra짯te vice pre짯si짯dent and gene짯ral mana짯ger, Sys짯tem Soft짯ware Pro짯ducts at Intel. 쏞om짯bi짯ning the Intel SGX SDK with Microsoft셲 Open Encla짯ve SDK will help sim짯pli짯fy secu짯re encla짯ve deve짯lo짯p짯ment and dri짯ve deploy짯ment across ope짯ra짯ting environments.

Micro짯soft
쏷he Open Encla짯ve SDK is alre짯a짯dy a popu짯lar tool for deve짯lo짯pers working on Trus짯ted Exe짯cu짯ti짯on Envi짯ron짯ments, one of the most pro짯mi짯sing are짯as for pro짯tec짯ting data in use, said Mark Rus짯si짯no짯vich, chief tech짯ni짯cal offi짯cer, Micro짯soft. 쏻e hope this con짯tri짯bu짯ti짯on to the Con짯sor짯ti짯um can put the tools in even more deve짯lo짯pers hands and acce짯le짯ra짯te the deve짯lo짯p짯ment and adop짯ti짯on of appli짯ca짯ti짯ons that will impro짯ve trust and secu짯ri짯ty across cloud and edge computing.

Red Hat
쏶ecu짯ri짯ty is con짯sis짯t짯ent짯ly top of mind for our cus짯to짯mers, and, real짯ly, for all of us, as secu짯ri짯ty inci짯dents and data brea짯ches make the head짯lines. While hard짯ware sup짯port for secu짯ri짯ty con짯ti짯nues to advan짯ce, crea짯ting secu짯re com짯pu짯ting envi짯ron짯ments can still be chal짯len짯ging, said Chris Wright, seni짯or vice pre짯si짯dent and Chief Tech짯no짯lo짯gy Offi짯cer at Red Hat. 쏻e are deve짯lo짯ping the Enarx pro짯ject to help deve짯lo짯pers deploy appli짯ca짯ti짯ons into com짯pu짯ting envi짯ron짯ments which sup짯port hig짯her levels of secu짯ri짯ty and con짯fi짯den짯tia짯li짯ty and intend to bring it to the Con짯fi짯den짯ti짯al Com짯pu짯ting Con짯sor짯ti짯um. We look for짯ward to col짯la짯bo짯ra짯ting with the broa짯der indus짯try and the Con짯fi짯den짯ti짯al Com짯pu짯ting Con짯sor짯ti짯um to help make con짯fi짯den짯ti짯al com짯pu짯ting the norm.

Swiss짯com
쏛s the lea짯ding tele짯com and ICT pro짯vi짯der in Switz짯er짯land, we adhe짯re to the hig짯hest secu짯ri짯ty stan짯dards. Some짯thing that is par짯ti짯cu짯lar짯ly important given the incre짯asing rele짯van짯ce of secu짯ri짯ty for our cus짯to짯mers in the wake of new tech짯no짯lo짯gies such as 5G and cri짯ti짯cal IoT or cloud appli짯ca짯ti짯ons. It is a pri짯vi짯le짯ge that we, as a Swiss com짯pa짯ny, are able to join forces with inter짯na짯tio짯nal짯ly lea짯ding tech짯no짯lo짯gy com짯pa짯nies to launch the Con짯fi짯den짯ti짯al Com짯pu짯ting Con짯sor짯ti짯um and are thus hel짯ping to defi짯ne stan짯dards, frame짯works and tools for secu짯ring data in the cloud, said Chris짯toph Aeschli짯mann, CTO & CIO, Swisscom.

Ten짯cent
쏞on짯fi짯den짯ti짯al com짯pu짯ting offers CPU-based hard짯ware tech짯no짯lo짯gy to pro짯tect cloud users data in use, which we belie짯ve will beco짯me a basic capa짯bi짯li짯ty for cloud pro짯vi짯der in future, said Wei Li, vice pre짯si짯dent of Ten짯cent Secu짯ri짯ty, the head of Cloud Security.

About the Linux Foundation
Foun짯ded in 2000, the Linux Foun짯da짯ti짯on is sup짯port짯ed by more than 1,000 mem짯bers and is the world셲 lea짯ding home for col짯la짯bo짯ra짯ti짯on on open source soft짯ware, open stan짯dards, open data, and open hard짯ware. Linux Foun짯da짯ti짯on pro짯jects like Linux, Kuber짯netes, Node.js and more are con짯side짯red cri짯ti짯cal to the deve짯lo짯p짯ment of the world셲 most important infra짯struc짯tu짯re. Its deve짯lo짯p짯ment metho짯do짯lo짯gy lever짯a짯ges estab짯lished best prac짯ti짯ces and addres짯ses the needs of con짯tri짯bu짯tors, users and solu짯ti짯on pro짯vi짯ders to crea짯te sus짯tainable models for open col짯la짯bo짯ra짯ti짯on. For more infor짯ma짯ti짯on, plea짯se visit us at linuxfoundation.org.

###

The Linux Foun짯da짯ti짯on has regis짯tered trade짯marks and uses trade짯marks. For a list of trade짯marks of The Linux Foun짯da짯ti짯on, plea짯se see our trade짯mark usa짯ge page: https://www.linuxfoundation.org/trademark-usage. Linux is a regis짯tered trade짯mark of Linus Torvalds.