Skip to content

Welcome to SCONE Platform

Support OpenVino toolkit (2020-24-02)

We support OpenVino to run AI inference applications inside Intel SGX enclaves.

Provide a performance monitoring tool (TEEMon) for SGX-based applications (2020-02-02)

We develop TEEMon - a real-time performance monitoring and analysis tool for Intel SGX-based applications. We integrate TEEMon with Kubernetes to monitor the performance of an application in production which runs inside more than 6000 distributed SGX enclaves.

Support for most major AI Frameworks and GPU support (2019-11-02)

SCONE supports not only TensorFlow and TensorFlow Lite inside SGX enclaves but also most other frameworks like PyTorch and Scikit-Learn etc. You can use in combinations with GPUs if your objective is to protect your models / Python code. Send us an email to learn more.

SCONE support all current versions of Python (2019-11-02)

We support running all newer versions of Python inside of enclaves like Python 3.7.5 (sconecuratedimages/python:3.7-alpine). Attestation and secret provisioning is performed transparently by SCONE, i.e., no source code changes are required. Send us an email to learn more.

Upgraded to Rust 1.38.0 (2019-10-22)

We now support Rust 1.38.0.

Encrypted Python Code and Input (2019-07-24)

SCONE also supports encrypted Python code, i.e., the code is only decrypted inside of the enclave after being correctly attested. Learn how our Configuration & Attestation Service (CAS) cannot only be used to secure arguments and environment variables but also to encrypt Python programs and input files.

Executive Summary

The SCONE platform facilitates always encrypted execution: one can run services and applications such that neither the data nor the code is ever accessible in clear text - not even for root users. Only the application code itself can access the unencrypted data and code. SCONE simplifies the task of encrypting the input, executing the service/application in encrypted memory on an untrusted host, transparently encrypting the output and shipping the output back to the client.

SCONE Workflow

SCONE helps to ensure that data, communications, code and the main memory is always encrypted. To do so, SCONE needs to verify (i.e., attest) that the expected application code is running in a trusted execution environment on a potentially untrusted host. Read our secure remote execution tutorial to see how to perform an encrypted remote execution in a single step. In this way, one can even execute encrypted code. We show how to execute encrypted Python scripts in the context of blender.

SCONE Workflow

SCONE can help you to encrypt your input and output data on your local computer. The keys are managed with the help of SCONE CAS (Configuration and Attestation Service). SCONE CAS itself runs, of course, inside an enclave. It can either run on the client side or on a remote host. It can even be operated by an untrusted entity and still be trusted by CAS clients.


SCONE supports multiple stakeholders that do not necessarily trust each other. SCONE supports users, service providers, application providers, data providers and infrastructure providers. They can all work together and SCONE can ensuring that each party can protect its own intellectual property. Some of the services, like SCONE CAS, can be actually operated by not necessarily trusted stakeholders since clients can verify that the services are in the correct state.

SCONE Stakeholders

©, November 2019. Questions or Suggestions?