Difference between revisions of "Confidential Computing"

From MgmtWiki
Jump to: navigation, search
(Created page with "==Full Title or Meme== ==References== * [https://www.linkedin.com/company/confidential-computing/ https://www.linkedin.com/company/confidential-computing/] Category: Secur...")
 
(References)
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Full Title or Meme==
 
==Full Title or Meme==
 +
The Confidential Computing Consortium is a community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration.
 +
 +
==Context==
 +
[[Confidential Computing]] is but one way to create [[Layered Security]].
 +
 +
==Solutions==
 +
* [https://www.linkedin.com/feed/update/urn:li:share:7130618269056581632/ Microsoft announces Azure]  [[Confidential Computing]] by Vikas Bhatia
 +
* 2024-07-01 Process Isolation described in [https://news.dyne.org/privacy-in-eudi/ Privacy in EUDI] by Denis Roio
 +
===Postres===
 +
Transforming PostgreSQL into a Confidential Database with Confidential Computing<ref>Microsoft ''Azure Confidential Computing for Azure Database for PostgreSQL (Preview)'' https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-confidential-computing</ref>
 +
 +
Turning PostgreSQL into a confidential database means ensuring that **data remains protected even while it's being processed**—not just at rest or in transit. This is where **Confidential Computing** comes in, using **Trusted Execution Environments (TEEs)** to isolate and encrypt data during runtime.
 +
====Key Approaches====
 +
 +
# **Azure Confidential Computing (ACC) for PostgreSQL**
 +
- Uses **hardware-based TEEs** (e.g., AMD SEV-SNP or Intel TDX) to isolate memory during query execution.
 +
- Data is encrypted at rest, in transit, and **in use**, shielding it from OS, hypervisor, and cloud admins.
 +
- Available via **confidential VM SKUs** in Azure Database for PostgreSQL.
 +
#. **Fortanix Confidential Computing Manager (CCM) on AWS Nitro**
 +
- Deploys PostgreSQL inside **Nitro Enclaves**, which isolate workloads from the host OS.
 +
- Fortanix CCM manages enclave lifecycle, attestation, and secure image deployment.
 +
- Enables secure query execution and encrypted data handling in AWS environments.
 +
 +
====Implementation Highlights====
 +
 +
{| border="1",spacing ="2"
 +
| Platform || TEE Technology || Deployment Method || Notes
 +
|-
 +
| **Azure** || AMD SEV-SNP / Intel TDX || Confidential VMs via portal, CLI, Terraform || Limited to certain regions (e.g., UAE North)
 +
|-
 +
| **AWS** || Nitro Enclaves || Dockerized PostgreSQL inside enclave || Requires Fortanix CCM for orchestration
 +
|-
 +
|}
 +
 +
====Benefits====
 +
*End-to-end encryption**: Data is protected throughout its lifecycle.
 +
*Remote attestation**: Verifies enclave integrity before processing sensitive data.
 +
*Regulatory alignment**: Supports compliance with HIPAA, GDPR, and other data protection laws.
  
 
==References==
 
==References==
 +
<references />
 +
===Other Material===
 +
* [https://confidentialcomputing.io/ Web site]
 
* [https://www.linkedin.com/company/confidential-computing/ https://www.linkedin.com/company/confidential-computing/]
 
* [https://www.linkedin.com/company/confidential-computing/ https://www.linkedin.com/company/confidential-computing/]
 +
* [https://github.com/confidential-computing/governance Confidential Computing Consortium Governance Documents]
  
 
[[Category: Security]]
 
[[Category: Security]]

Latest revision as of 10:53, 1 August 2025

Full Title or Meme

The Confidential Computing Consortium is a community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration.

Context

Confidential Computing is but one way to create Layered Security.

Solutions

Postres

Transforming PostgreSQL into a Confidential Database with Confidential Computing[1]

Turning PostgreSQL into a confidential database means ensuring that **data remains protected even while it's being processed**—not just at rest or in transit. This is where **Confidential Computing** comes in, using **Trusted Execution Environments (TEEs)** to isolate and encrypt data during runtime.

Key Approaches

  1. **Azure Confidential Computing (ACC) for PostgreSQL**

- Uses **hardware-based TEEs** (e.g., AMD SEV-SNP or Intel TDX) to isolate memory during query execution. - Data is encrypted at rest, in transit, and **in use**, shielding it from OS, hypervisor, and cloud admins. - Available via **confidential VM SKUs** in Azure Database for PostgreSQL.

  1. . **Fortanix Confidential Computing Manager (CCM) on AWS Nitro**

- Deploys PostgreSQL inside **Nitro Enclaves**, which isolate workloads from the host OS. - Fortanix CCM manages enclave lifecycle, attestation, and secure image deployment. - Enables secure query execution and encrypted data handling in AWS environments.

Implementation Highlights

Platform TEE Technology Deployment Method Notes
**Azure** AMD SEV-SNP / Intel TDX Confidential VMs via portal, CLI, Terraform Limited to certain regions (e.g., UAE North)
**AWS** Nitro Enclaves Dockerized PostgreSQL inside enclave Requires Fortanix CCM for orchestration

Benefits

  • End-to-end encryption**: Data is protected throughout its lifecycle.
  • Remote attestation**: Verifies enclave integrity before processing sensitive data.
  • Regulatory alignment**: Supports compliance with HIPAA, GDPR, and other data protection laws.

References

  1. Microsoft Azure Confidential Computing for Azure Database for PostgreSQL (Preview) https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-confidential-computing

Other Material

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Confidential_Computing&oldid=24711"