Skip to content

Confidential Computing University

As part of our CC University, we will present a sequence of screencasts introducing confidential computing with the help of SCONE. The target audience of these screencasts are all that want to understand the concepts of confidential computing. These will be taught as part of the lectures. We will also include screencasts that focus on how to implement these concepts with the help of SCONE.


In this first video, we motivate the need for confidential computing, explain what confidential computing is, and how to achieve confidential computing with the help of Intel SGX and the SCONE platform. SGX stands for Software Guard Extension. Intel SGX is a CPU extension available on modern InTel CPUs: These CPUs have extra instructions that an application can use to protect its code and data. SCONE stands for Secure Container Environment, and it is a software platform to protect the data and code of applications.


Outsourcing the management of computing infrastructure and services to a cloud provider enables a cost and effort reduction. Often, this also reduces the time to market. The data, secrets, and code of an application can, however, be accessed by the cloud provider. This can limit which applications can be deployed to a cloud.

Confidential computing encrypts the data, code, and secrets such that even a cloud provider cannot access these items in plain text. In this way, confidential computing enables the outsourcing of applications to external providers while still keeping control over the data, the code, and all secrets.

To maintain the cost advantage of cloud usages, one needs to ensure that it is cost-effective to transform a native application into a confidential application. In this presentation, we will demonstrate that this transformation can be achieved simply and cost-effectively.

Confidential Cloud-Native Applications

In the next section, we introduce the concept of confidential cloud-native applications. While our focus is on confidentiality, we will also introduce some basic cloud-native concepts. At the end of this presentation, we show a demo of a confidential cloud-native application consisting of multiple services, written in several programming languages.

To motivate confidential computing, we first look at the advantages of cloud computing is that one can outsource the management of hardware and software components to a cloud provider and service providers. One of the potential disadvantages of cloud computing is that one needs to trust the cloud and service providers to protect the confidentiality, integrity and consistency of data, code and secrets. This prevents some companies to move their critical data and code to the cloud. With the help of confidential computing, we can protect the confidentiality, integrity and consistency of applications.

Confidential Service Meshes

Next, we introduce confidential service meshing using Intel SGX and the SCONE platform for confidential computing. With the increasing popularity of cloud-native applications, we have also seen an increase in the popularity of service meshes. A service mesh facilitates the communication between services or microservices. This service-to-service communication is often facilitated with the help of a proxy. Examples of frameworks supporting service meshes, are Istio or Spire. In general, these services use a proxy to facilitate communication. This will, however, break the end-to-end encryption of the communication channels. As we explain, these might result in some of the traffic being accessible in plain text.

In what follows, we first explain the advantages of service meshes. We introduce a confidential service mesh that ensures end-to-end encryption with mutual authentication. This implies a mutual attestation of the services. We assume that you already know about cloud-native applications and confidential computing. We recommend watching our presentation on confidential cloud-native applications to learn more about confidential cloud-native applications.

Managed Confidential Service and Multi-Stakeholder Computation

Let us look next at multi-stakeholder computations. In many applications, multiple stakeholders contribute data and code. Some stakeholders will administrate services, and other stakeholders might provide data. Traditionally, one uses role-based access control to determine who can access which resource. The entity that is in control of the role-based access control has, however, complete control over all resources. In the context of confidential applications, every stakeholder must be able to protect her intellectual property - even if another entity defines the role-based access control.

Secure Multi-Stakeholder Machine Learning

Next, we show how one can use Intel SGX and the SCONE platform for secure multi-stakeholder machine learning. The objective of this work is to provide a platform that allows multiple stakeholders to still come together and perform machine learning to unlock all the benefits of AI, even if they do not necessarily trust each other. Stakeholders could be data owners, code owners, or model owners.

Building Fail-Stop Confidential Applications

This presentation is an invited keynote to LADC2021. The talk addresses the problem of how one can build safety- and mission-critical applications that need to execute in hostile environments like edge clouds. Consider that we want to execute some critical automotive functions in the edge cloud and ensure that we can trust the results of these functions. The talk focuses on various challenges that we need to address to be able to make this happen in practice.