Microsoft, Google and Intel launch Confidential Computing Consortium
The new security consortium will develop standards for securing sensitive data during processing
Microsoft, Google, Intel and a number of other tech giants have formed a new industry group called the Confidential Computing Consortium (CCC).
The Consortium will work under the supervision of the Linux Foundation to create technology, taxonomies and tools to support the adoption of confidential computing, and to promote the use of trusted execution environment (TEE) applications.
The founding members of the new Consortium include Alibaba, Baidu, ARM, Google Cloud, Intel, IBM, Red Hat, Microsoft, Tencent and Swisscom.
Currently, it is a common practice to secure data when it rests in storage or is transmitted over a network. However, there is always a risk of data being stolen when it is processed. Attacks on point-of-sale systems, for example, have targetted debit and credit card information as it is decrypted for processing when a customer makes a purchase.
Confidential computing focuses on encrypting and securing data when it is in use. This term refers to hardware and software-based solutions that will enable the isolation of user data inside a computer's memory while the data is processed. The goal is to prevent the data from being exposed to the operating system, applications, or different users of a cloud server.
The TEE concept is being developed to support this initiative. TEEs are 'private' areas of a computer's memory where only some specific programmes can read/write data. Organisations joining the Consortium will work to build open source tools to create a space for the development of TEE.
Some founding members of the Consortium have already announced making open source project contributions to the new consortium.
While Microsoft offered its Open Enclave SDK to build TEE applications, Red Hat came forward with Enarx for running TEE applications.
Intel has offered its Software Guard Extensions (SGX) SDK, which is intended to help developers protect sensitive data and code from modification or disclosure at the hardware layer.
"The Open Enclave SDK is targeted at creating a single unified enclave abstraction for developers to build TEE-based applications. It creates a pluggable, common way to create redistributable trusted applications securing data in use," Mark Russinovich, CTO, Microsoft Azure, claimed in a blog post.
Jim Zemlin, executive director at the Linux Foundation commented: "The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open source technologies."
"The Confidential Computing Consortium is a leading indicator of what's to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use," Zemlin added.
The establishment of the Consortium comes as cyber attacks reach an all-time high, with governments and high-tech firms targetted by cyber espionage, while banks, businesses and even individuals are targetted for profit.
Just last month, security firm SonicWall revealed that ransomware-as-a service, cryptojacking and attacks on IoT devices were growing in number.
Earlier in June, a group of security researchers unveiled a new attack, dubbed RAMBleed, which uses Rowhammer to extract confidential data stored in a computer's memory. A number of security flaws in CPUs have been identified in recent years.
The researchers said that they successfully used this new variation of the Rowhammer attack to obtain a signing key from an OpenSSH server using normal user privileges.