Microsoft introduces new developments in a confidential computing

by ·

At the Ignite 2020 conference held this week, Microsoft introduced the latest state of Azure confidential computing, including some new features and new confidential containers. It is worth mentioning that the Occlum project open-sourced by Ant Group has been recommended.

Confidential Computing has been the focus of attention in the field of cloud security in recent years. It focuses on protecting data in use. This is usually the most challenging step in data protection. Last year, Microsoft also united with Alibaba, Google, IBM, Red Hat, Tencent, and many other technology companies to form a confidential computing alliance.

According to industry experts introduced by a trusted execution environment (Trusted Execution Environments, referred to as TEE) technology, computing enables confidential data remains strong encryption and isolation, so as to ensure the security and privacy of user data.

But even Intel SGX, the most mature cloud TEE technology at present, has additional functional limitations and compatibility issues. Developers of confidential computing face a huge obstacle such as difficulty in application development. As an open-source TEE OS, Occlum helps greatly reduce the barriers to SGX application development.

Starting in October of this year, Azure will provide support for Confidential Containers, so that developers can safely run Docker programs on Azure Kubernetes Service (AKS). Encryption is used to protect containers. Confidential containers become the fastest way to obtain container confidentiality without changing business logic.

To run existing Docker containers, applications on confidential computing nodes require an abstraction layer or SGX software to use a special CPU instruction set. The Occlum project is therefore recommended by Microsoft as open-source SGX related software.

Microsoft said that choosing to cooperate with open source software is a community-oriented approach through which confidential computing can be integrated into workloads to protect data security. It hopes that more people will participate.

Tags: