Confidential Computing

Full Title or Meme

The Confidential Computing Consortium is a community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration.

Context

Confidential Computing is but one way to create Layered Security.

Solutions

• Microsoft announces Azure Confidential Computing by Vikas Bhatia
• 2024-07-01 Process Isolation described in Privacy in EUDI by Denis Roio

Postres

Transforming PostgreSQL into a Confidential Database with Confidential Computing^[1]

Turning PostgreSQL into a confidential database means ensuring that **data remains protected even while it's being processed**—not just at rest or in transit. This is where **Confidential Computing** comes in, using **Trusted Execution Environments (TEEs)** to isolate and encrypt data during runtime.

Key Approaches

1. **Azure Confidential Computing (ACC) for PostgreSQL**

- Uses **hardware-based TEEs** (e.g., AMD SEV-SNP or Intel TDX) to isolate memory during query execution. - Data is encrypted at rest, in transit, and **in use**, shielding it from OS, hypervisor, and cloud admins. - Available via **confidential VM SKUs** in Azure Database for PostgreSQL.

1. . **Fortanix Confidential Computing Manager (CCM) on AWS Nitro**

- Deploys PostgreSQL inside **Nitro Enclaves**, which isolate workloads from the host OS. - Fortanix CCM manages enclave lifecycle, attestation, and secure image deployment. - Enables secure query execution and encrypted data handling in AWS environments.

Implementation Highlights

Benefits

• End-to-end encryption**: Data is protected throughout its lifecycle.
• Remote attestation**: Verifies enclave integrity before processing sensitive data.
• Regulatory alignment**: Supports compliance with HIPAA, GDPR, and other data protection laws.

References

• Web site
• https://www.linkedin.com/company/confidential-computing/
• Confidential Computing Consortium Governance Documents