Confidential Computing with SCONE
Confidential Computing not only provides better security, i.e., enforces the confidentiality and integrity of data, code and secrets but it also facilitates the use of new solutions and services. The main advantage of confidential computing is that it permits outsourcing services to external entities while one still keeps control of one's data, code and secrets. We explain what problems one can solve and also what new services one can offer with the help of a telenovela1 on Confidential computing with SCONE.
The main actors of our telenovela are Alice and Bob and their friend Mallory. Actually, Mallory is mainly focused on her own advantage. Hence, Alice and Bob need to be careful to ensure that they are not taken advantage of by Mallory.
Our first episode shows that reaching an agreement between entities that do not (yet) trust each other is difficult. Our protagonists solve this problem with the help of SCONE confidential computing: one can establish trust between parties with the help of SCONE's security policies.
The first issue
Like in every real relationship, Alice and Bob experience their first issue that they need to deal with. Luckily - both being technically skilled - they find a good solution for their first issue. With the help of SCONE one can achieve confidential caching and confidential edge computing in general:
Alice and Bob have lots of friends. As we learn, this can cause some issues and not all of them can be trusted. Luckily, with SCONE Confidential Computing one can delegate the management of services without giving up control:
The latest episode is centered around Mallory who spreads some lies about poor Bob. Luckily, SCONE helps to disprove these lies.
In the newest episode, we show how SCONE helps Alice and Bob to protect their teleconferences. Some modern teleconference systems record, by default, all conversations on disk, i.e., without pressing the record button. SCONE helps to protect the teleconferences from nosy cloud admins, like Mallory, who have access to the servers that run the teleconference software.
Alice and Bob provide confidential services as part of a confidential workflow consisting of multiple stages. Each service executes inside of an enclave to protect its intellectual property (IP). The IP might encompass data and code stored in files. For example, the owner of a novel AI algorithm, implemented in Python, needs to protect the implementation from clients that might run them without paying for each execution and from competitors that might want to copy the algorithm. A service might need access to some expensive AI model, which needs to be protected from reverse engineering and use without paying.
A soap opera consisting of self-contained episodes. ↩