Difference between revisions of "Confidential Computing"
(→Solutions) |
(→References) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 25: | Line 25: | ||
====Implementation Highlights==== | ====Implementation Highlights==== | ||
| − | {| | + | {| border="1",spacing ="2" |
| − | | Platform || TEE Technology || Deployment Method || Notes | + | | Platform || TEE Technology || Deployment Method || Notes |
|- | |- | ||
| − | | **Azure** || AMD SEV-SNP / Intel TDX || Confidential VMs via portal, CLI, Terraform| | Limited to certain regions (e.g., UAE North) | + | | **Azure** || AMD SEV-SNP / Intel TDX || Confidential VMs via portal, CLI, Terraform || Limited to certain regions (e.g., UAE North) |
|- | |- | ||
| **AWS** || Nitro Enclaves || Dockerized PostgreSQL inside enclave || Requires Fortanix CCM for orchestration | | **AWS** || Nitro Enclaves || Dockerized PostgreSQL inside enclave || Requires Fortanix CCM for orchestration | ||
| Line 40: | Line 40: | ||
==References== | ==References== | ||
| + | <references /> | ||
| + | ===Other Material=== | ||
* [https://confidentialcomputing.io/ Web site] | * [https://confidentialcomputing.io/ Web site] | ||
* [https://www.linkedin.com/company/confidential-computing/ https://www.linkedin.com/company/confidential-computing/] | * [https://www.linkedin.com/company/confidential-computing/ https://www.linkedin.com/company/confidential-computing/] | ||
Latest revision as of 10:53, 1 August 2025
Contents
Full Title or Meme
The Confidential Computing Consortium is a community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration.
Context
Confidential Computing is but one way to create Layered Security.
Solutions
- Microsoft announces Azure Confidential Computing by Vikas Bhatia
- 2024-07-01 Process Isolation described in Privacy in EUDI by Denis Roio
Postres
Transforming PostgreSQL into a Confidential Database with Confidential Computing[1]
Turning PostgreSQL into a confidential database means ensuring that **data remains protected even while it's being processed**—not just at rest or in transit. This is where **Confidential Computing** comes in, using **Trusted Execution Environments (TEEs)** to isolate and encrypt data during runtime.
Key Approaches
- **Azure Confidential Computing (ACC) for PostgreSQL**
- Uses **hardware-based TEEs** (e.g., AMD SEV-SNP or Intel TDX) to isolate memory during query execution. - Data is encrypted at rest, in transit, and **in use**, shielding it from OS, hypervisor, and cloud admins. - Available via **confidential VM SKUs** in Azure Database for PostgreSQL.
- . **Fortanix Confidential Computing Manager (CCM) on AWS Nitro**
- Deploys PostgreSQL inside **Nitro Enclaves**, which isolate workloads from the host OS. - Fortanix CCM manages enclave lifecycle, attestation, and secure image deployment. - Enables secure query execution and encrypted data handling in AWS environments.
Implementation Highlights
| Platform | TEE Technology | Deployment Method | Notes |
| **Azure** | AMD SEV-SNP / Intel TDX | Confidential VMs via portal, CLI, Terraform | Limited to certain regions (e.g., UAE North) |
| **AWS** | Nitro Enclaves | Dockerized PostgreSQL inside enclave | Requires Fortanix CCM for orchestration |
Benefits
- End-to-end encryption**: Data is protected throughout its lifecycle.
- Remote attestation**: Verifies enclave integrity before processing sensitive data.
- Regulatory alignment**: Supports compliance with HIPAA, GDPR, and other data protection laws.
References
- ↑ Microsoft Azure Confidential Computing for Azure Database for PostgreSQL (Preview) https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-confidential-computing
