New Cross-Industry Effort to Advance Computational Trust and Security for Next-Generation Cloud and Edge Computing

Ali­ba­ba, Arm, Bai­du, Goog­le Cloud, IBM, Intel, Micro­soft, Red Hat, Swiss­com and Ten­cent will col­la­bo­ra­te on open source tech­no­lo­gies and stan­dards that acce­le­ra­te the adop­ti­on of con­fi­den­ti­al com­pu­ting

SAN DIEGO, Calif., Open Source Sum­mit, August 21, 2019 – The Linux Foun­da­ti­on today announ­ced the intent to form the Con­fi­den­ti­al Com­pu­ting Con­sor­ti­um, a com­mu­ni­ty dedi­ca­ted to defi­ning and acce­le­ra­ting the adop­ti­on of con­fi­den­ti­al com­pu­ting. Com­pa­nies com­mit­ted to this work inclu­de Ali­ba­ba, Arm, Bai­du, Goog­le Cloud, IBM, Intel, Micro­soft, Red Hat, Swiss­com and Ten­cent.

Across indus­tries com­pu­ting is moving to span mul­ti­ple envi­ron­ments, from on pre­mi­ses to  public cloud to edge. As com­pa­nies move the­se workloads to dif­fe­rent envi­ron­ments, they need pro­tec­tion con­trols for sen­si­ti­ve IP and workload data and are increa­singly see­king grea­ter assuran­ces and more trans­pa­ren­cy of the­se con­trols. Cur­rent approa­ches in cloud com­pu­ting address data at rest and in tran­sit but encryp­t­ing data in use is con­si­de­red the third and pos­si­b­ly most chal­len­ging step to pro­vi­ding a ful­ly encryp­ted lifecy­cle for sen­si­ti­ve data. Con­fi­den­ti­al com­pu­ting will enab­le encryp­ted data to be pro­ces­sed in memo­ry wit­hout expo­sing it to the rest of the sys­tem and redu­ce expo­sure for sen­si­ti­ve data and pro­vi­de grea­ter con­trol and trans­pa­ren­cy for users.

The ear­liest work on tech­no­lo­gies that have the abi­li­ty to trans­form an indus­try is often done in col­la­bo­ra­ti­on across the indus­try and with open source tech­no­lo­gies,” said Jim Zem­lin, exe­cu­ti­ve direc­tor at The Linux Foun­da­ti­on. “The Con­fi­den­ti­al Com­pu­ting Con­sor­ti­um is a lea­ding indi­ca­tor of what’s to come for secu­ri­ty in com­pu­ting and will help defi­ne and build open tech­no­lo­gies to sup­port this trust infra­st­ruc­tu­re for data in use.”

The Con­fi­den­ti­al Com­pu­ting Con­sor­ti­um will bring tog­e­ther hard­ware ven­dors, cloud pro­vi­ders, deve­lo­pers, open source experts and aca­de­mics to acce­le­ra­te the con­fi­den­ti­al com­pu­ting mar­ket; influ­ence tech­ni­cal and regu­lato­ry stan­dards; and build open source tools that pro­vi­de the right envi­ron­ment for TEE deve­lop­ment. The orga­ni­za­ti­on will also anchor indus­try out­re­ach and edu­ca­ti­on initia­ti­ves.

Par­ti­ci­pants plan to make several open source pro­ject con­tri­bu­ti­ons to the Con­fi­den­ti­al Com­pu­ting Con­sor­ti­um, inclu­ding:

  • Intel® Soft­ware Guard Exten­si­ons (Intel® SGX) Soft­ware Deve­lop­ment Kit, desi­gned to help app­li­ca­ti­on deve­lo­pers pro­tect select code and data from dis­clo­sure or modi­fi­ca­ti­on at the hard­ware lay­er using pro­tec­ted encla­ves.
  • Micro­soft Open Encla­ve SDK, an open source frame­work that allows deve­lo­pers to build Trusted Exe­cu­ti­on Envi­ron­ment (TEE) app­li­ca­ti­ons using a sin­gle encla­ving abs­trac­tion. Deve­lo­pers can build app­li­ca­ti­ons once that run across mul­ti­ple TEE archi­tec­tures.
  • Red Hat Enarx, a pro­ject pro­vi­ding hard­ware inde­pen­dence for secu­ring app­li­ca­ti­ons using TEEs.

The pro­po­sed struc­tu­re for the Con­sor­ti­um inclu­des a Gover­ning Board, a Tech­ni­cal Advi­so­ry Coun­cil and sepa­ra­te tech­ni­cal over­sight for each tech­ni­cal pro­ject. It is inten­ded to host a varie­ty of tech­ni­cal open source pro­jec­ts and open spe­ci­fi­ca­ti­ons to sup­port con­fi­den­ti­al com­pu­ting. Con­fi­den­ti­al Com­pu­ting Con­sor­ti­um will be fun­ded through mem­bership dues. For more infor­ma­ti­on and to con­tri­bu­te to the pro­ject, plea­se visit: https://confidentialcomputing.io

Sup­por­ting Quo­tes

Ali­ba­ba
“Con­fi­den­ti­al com­pu­ting pro­vi­des new capa­bi­li­ties for cloud custo­mers to redu­ce trusted com­pu­ting base in cloud envi­ron­ments and pro­tect their data during run­ti­me. Ali­ba­ba laun­ched Ali­ba­ba Encryp­ted Com­pu­ting tech­no­lo­gy powe­red by Intel SGX in Sep 2017 and has pro­vi­ded com­mer­ci­al cloud ser­vers with SGX capa­bi­li­ty to our custo­mers sin­ce April 2018. We are very exci­ted to join CCC and work with the com­mu­ni­ty to build a bet­ter con­fi­den­ti­al com­pu­ting eco­sys­tem,” said Xiao­ning Li, chief secu­ri­ty archi­tect, Ali­ba­ba Cloud.

Arm
“Arm’s visi­on for the next-genera­ti­on infra­st­ruc­tu­re requi­res com­ple­te edge-to-cloud secu­ri­ty for pro­tec­ting and mana­ging the data across a tril­li­on con­nec­ted devices,” said Richard Gri­sen­thwai­te, seni­or vice pre­si­dent, chief archi­tect and fel­low, Archi­tec­tu­re and Tech­no­lo­gy Group, Arm. “Arm is alrea­dy very invol­ved in hel­ping to deve­lop the Con­fi­den­ti­al Com­pu­te Consortium’s char­ter, and we see our par­ti­ci­pa­ti­on and the new Open Encla­ve SDK as a cri­ti­cal col­la­bo­ra­ti­on with the rest of the indus­try in making TEE’s easy to deploy.”

Bai­du
“The for­ma­ti­on of Con­fi­den­ti­al Com­pu­ting Con­sor­ti­um under Linux Foun­da­ti­on is an important step towards the future of tech­no­lo­gies across cloud com­pu­ting, block­chain and secu­ri­ty. It will help to crea­te the glo­bal tech­ni­cal stan­dards of con­fi­den­ti­al com­pu­ting and pro­mo­te its busi­ness use at the enter­pri­se level in dif­fe­rent indus­tries,” said Fei Song, head of pro­duct com­mit­tee, AI Cloud, Bai­du.

Goog­le
“To help users make the best choice for how to pro­tect their workloads, they need to be met with a com­mon lan­guage and under­stan­ding around con­fi­den­ti­al com­pu­ting. As the open source com­mu­ni­ty intro­du­ces new pro­jec­ts like Asylo and OpenEn­cla­ve SDK, and hard­ware ven­dors intro­du­ce new CPU fea­tures that chan­ge how we think about pro­tec­ting pro­grams, ope­ra­ting sys­tems, and vir­tu­al machi­nes, groups like the Con­fi­den­ti­al Com­pu­ting Con­sor­ti­um will help com­pa­nies and users under­stand its bene­fits and app­ly the­se new secu­ri­ty capa­bi­li­ties to their needs,” said Roy­al Han­sen, vice pre­si­dent, Secu­ri­ty, Goog­le.

IBM
IBM was one of the ear­liest com­pa­nies to cham­pi­on open source, and now ali­gned with Red Hat we are exci­ted for the future. One of the emer­ging are­as of inte­rest to our IBM Cloud and Sys­tems cli­ents is Trusted Exe­cu­ti­on Envi­ron­ments (TEEs). Com­bi­ned with new open soft­ware pro­jec­ts like Enarx and OpenEn­cla­ve SDK, they hold the pro­mi­se of making future workloads as secu­re as pos­si­ble in the next chap­ter of cloud. IBM has a histo­ry of lea­dership in secu­re com­pu­ting, and we are proud to join the Con­fi­den­ti­al Com­pu­ting Con­sor­ti­um to help it ful­fill its pro­mi­se of span­ning mul­ti­ple hard­ware archi­tec­tures and cloud plat­forms, to pro­tect tomorrow’s app­li­ca­ti­ons and data,” said Todd Moo­re, vice pre­si­dent, Open Tech­no­lo­gy and Deve­lo­per Advo­cacy, IBM.

Intel
“Soft­ware deve­lo­ped through this con­sor­ti­um is cri­ti­cal to acce­le­ra­ting con­fi­den­ti­al com­pu­ting prac­tices built with open source tech­no­lo­gy and Intel SGX,” said Imad Sou­s­ou, cor­po­ra­te vice pre­si­dent and gene­ral mana­ger, Sys­tem Soft­ware Pro­duc­ts at Intel. “Com­bi­ning the Intel SGX SDK with Microsoft’s Open Encla­ve SDK will help sim­pli­fy secu­re encla­ve deve­lop­ment and dri­ve deploy­ment across ope­ra­ting envi­ron­ments.”

Micro­soft
“The Open Encla­ve SDK is alrea­dy a popu­lar tool for deve­lo­pers working on Trusted Exe­cu­ti­on Envi­ron­ments, one of the most pro­mi­sing are­as for pro­tec­ting data in use,” said Mark Rus­si­no­vich, chief tech­ni­cal offi­cer, Micro­soft. “We hope this con­tri­bu­ti­on to the Con­sor­ti­um can put the tools in even more deve­lo­pers’ hands and acce­le­ra­te the deve­lop­ment and adop­ti­on of app­li­ca­ti­ons that will impro­ve trust and secu­ri­ty across cloud and edge com­pu­ting.”

Red Hat
“Secu­ri­ty is con­sistent­ly top of mind for our custo­mers, and, real­ly, for all of us, as secu­ri­ty inci­dents and data breaches make the head­lines. While hard­ware sup­port for secu­ri­ty con­ti­nues to advan­ce, crea­ting secu­re com­pu­ting envi­ron­ments can still be chal­len­ging,” said Chris Wright, seni­or vice pre­si­dent and Chief Tech­no­lo­gy Offi­cer at Red Hat. “We are deve­lo­ping the Enarx pro­ject to help deve­lo­pers deploy app­li­ca­ti­ons into com­pu­ting envi­ron­ments which sup­port hig­her levels of secu­ri­ty and con­fi­den­tia­li­ty and intend to bring it to the Con­fi­den­ti­al Com­pu­ting Con­sor­ti­um. We look for­ward to col­la­bo­ra­ting with the broa­der indus­try and the Con­fi­den­ti­al Com­pu­ting Con­sor­ti­um to help make con­fi­den­ti­al com­pu­ting the norm.”

Swiss­com
“As the lea­ding telecom and ICT pro­vi­der in Switz­er­land, we adhe­re to the hig­hest secu­ri­ty stan­dards. Some­thing that is par­ti­cu­lar­ly important given the increa­sing rele­van­ce of secu­ri­ty for our custo­mers in the wake of new tech­no­lo­gies such as 5G and cri­ti­cal IoT or cloud app­li­ca­ti­ons. It is a pri­vi­le­ge that we, as a Swiss com­pa­ny, are able to join forces with inter­na­tio­nal­ly lea­ding tech­no­lo­gy com­pa­nies to launch the Con­fi­den­ti­al Com­pu­ting Con­sor­ti­um and are thus hel­ping to defi­ne stan­dards, frame­works and tools for secu­ring data in the cloud,” said Chris­toph Aeschli­mann, CTO & CIO, Swiss­com.

Ten­cent
“Con­fi­den­ti­al com­pu­ting offers CPU-based hard­ware tech­no­lo­gy to pro­tect cloud users’ data in use, which we belie­ve will beco­me a basic capa­bi­li­ty for cloud pro­vi­der in future,” said Wei Li, vice pre­si­dent of Ten­cent Secu­ri­ty, the head of Cloud Secu­ri­ty.

About the Linux Foun­da­ti­on
Foun­ded in 2000, the Linux Foun­da­ti­on is sup­por­ted by more than 1,000 mem­bers and is the world’s lea­ding home for col­la­bo­ra­ti­on on open source soft­ware, open stan­dards, open data, and open hard­ware. Linux Foun­da­ti­on pro­jec­ts like Linux, Kuber­ne­tes, Node.js and more are con­si­de­red cri­ti­cal to the deve­lop­ment of the world’s most important infra­st­ruc­tu­re. Its deve­lop­ment metho­do­lo­gy lever­ages estab­lished best prac­tices and addres­ses the needs of con­tri­bu­tors, users and solu­ti­on pro­vi­ders to crea­te sustainab­le models for open col­la­bo­ra­ti­on. For more infor­ma­ti­on, plea­se visit us at linuxfoundation.org.

###

The Linux Foun­da­ti­on has regis­te­red trade­marks and uses trade­marks. For a list of trade­marks of The Linux Foun­da­ti­on, plea­se see our trade­mark usa­ge page: https://www.linuxfoundation.org/trademark-usage. Linux is a regis­te­red trade­mark of Linus Tor­valds.