📃
Confidential Computing 101
HomeTechnologyTry CC!
  • Welcome
  • Confidential Computing
    • What is Confidential Computing
    • What problems Confidential Computing solves
      • Bare Metal
      • Docker
      • Kubernetes
      • Knative
    • Why Confidential Computing
    • How Confidential Computing works
      • Memory Encryption
      • Workload Attestation
      • Confidential Boot
      • Sealing / Binding
      • Secret Provisioning
    • Technology Overview
    • Cloud Service Providers
  • Technology in depth
    • Intel SGX
      • Getting Started
        • Bare Metal Server Installation
        • Enclave Development Environment
        • Intel SGX SDK Setup
      • Technology
        • 🎭Features
        • 💂Threat Model
        • 🆚Versions
        • 🟦Concepts
          • 🏦Memory Encryption
          • 👮Local and Remote Attestation
          • 🖼️DCAP-Attestation Framework
          • 🔑Secret Key Provisioning
      • enclaive Development Kit
        • 🏢Architecture
        • 🌪️Workflow
        • 🌍Tutorials
          • Azure DCdsv3, DCsv2, or DCsv3 Setup
          • Redis in cK8s
          • MongoDB in cK8s
          • K8s + HashiCorp Vault on Azure DCsv3
      • Vault Remote Attestation Plug-In
        • 🏃‍♂️Initialization
        • 👮Attestation
        • ⚙️Configuration
    • Intel TDX
      • Getting Started
        • Azure
        • AWS
        • GCP
      • Technology
        • History
          • VT
          • TME/MKTME
          • SGX
        • Features
        • Threat Model
        • Concepts
          • Architecture
            • TDX Module
          • Memory Encryption
            • Confidentiality and Integrity
            • Keys and Key Management
          • TD Partitioning
          • DCAP-Attestation
            • Overview
            • Platform Registration
            • Attestation Report
    • AMD SEV
      • Getting Started
        • Azure
        • AWS
        • GCP
      • Technology
        • History
        • Threat Model
        • SME Concepts
          • Use Models
        • SEV-SNP Concepts
          • Features
            • Integrity Threats
            • Reverse Map Table
            • Page Validation
            • Page States
            • Virtual Machine Privilege Levels
            • Interrupt/Exception Protection
            • Trusted Platform Information
            • TCB Versioning
            • VM Launch & Attestation
            • VM Migration
            • Side Channels
          • Use Cases
          • Architecture
            • Encrypted Memory
            • Key Management
          • Software Implications
    • ARM CC
      • Technology
        • Introduction
        • Threat Model
        • Design
        • Comparison
    • Attestation Methods
      • Raw Attestation
      • Raw Attestation with Secure-Boot
      • Raw Attestation with a vTPM
        • AMD Secure VM Service Module and vTPMs
      • Raw Attestation with paravirtualized TPM
  • Resources
    • Youtube
    • Github
    • Products
Powered by GitBook
On this page
  • Robust Security Protections
  • Reliable Privacy Protections
  • Zero-Trust Infrastructure
  • Easy to Deploy
  • Comply with Regulations

Was this helpful?

  1. Confidential Computing

Why Confidential Computing

Cloud computing allows organizations of all sizes to achieve cost savings. Through the implementation of confidential computing, sensitive information remains protected throughout its entire life cycle, from leaving a company's premises to entering the cloud infrastructure.

Confidential cloud computing ensures end-to-end protection, minimizes reliance on processors and their vendors, and reduces the level of trust required in the software stack. As a result, even if adversaries attempt to intercept network transmission, access disk storage, or infiltrate main memory, they cannot access the data as they are all encrypted.

While the advantages of using our solution can vary across different platforms, it's important to highlight the following key benefits in general:

Robust Security Protections

Even in the face of compromised BIOS, Virtual Machine Manager (VMM), OS, and drivers, Hardware secure enclave can still protect your application against:

  • Kernel-space exploits

  • Malicious insider attacks

  • Accidental privilege misuse

  • UEFI firmware exploits

  • Other root attacks attempt to infiltrate and corrupt the network and system.

The enhanced security and reduced attack surface make it harder for adversaries to exploit vulnerabilities.

Reliable Privacy Protections

  • The code within the enclave remains secure and inaccessible even if an attacker gains full execution control over the platform.

  • The memory protections provided by hardware secure enclave thwart memory bus snooping, memory tampering, and cold-boot attacks on data stored in RAM.

  • The confidentiality and integrity of data, program code, and protocol messages are never compromised or de-anonymized.

Zero-Trust Infrastructure

  • The trusted computing base of the parent application is minimized to the smallest possible footprint.

  • Migrating to a (public) cloud environment while maintaining the trust and security of the own on-premise infrastructure.

Easy to Deploy

  • In any hosting environment, irrespective of geographical location and platform.

  • Out-of-the-box deployment support. One small step for a developer, one giant leap for a zero-trust infrastructure.

Comply with Regulations

Last updated 1 year ago

Was this helpful?

Privacy export regulation, such as .

/, processing user data (data in use) in the cloud.

Better (Technical and Organizational Measures).

Schrems-II
GDPR
CCPA
TOMs