Page 98 - Cyber Defense eMagazine September 2023
P. 98
resident virtual machines. As hardware and software solutions improve to supply mitigations in
this space, IT departments can benefit by establishing best practices and mitigations to combat
side-channel attacks.
• Physical Attacks – A Confidential Computing model emphasizes the separation of platform
administrator from user data being operated on it. But as the processing locations become more
remote, or platform administration is further subdivided, or third parties become responsible for
platform operations, protections from the individual with platform proximity are necessary.
Confidential Computing solutions combines a robust set of hardware features and a rich, vibrant software
ecosystem that is in place today and continued growth is expected. The Confidential Computing software
ecosystem includes containerized software development kits (SDKs) and shim layers or library operating
systems that allow either partial or full applications to be included within the trust boundary. It also
includes middleware that allows multiple applications to be brought together securely and orchestrated
across an infrastructure provider's network. Finally, the market needs software services for attestation of
Confidential Computing instances on a variety of devices so they can be verified at the time of use.
Unfortunately, bad actors will continue to try and exploit cloud security vulnerabilities. Implementing a
Confidential Computing ecosystem can help combat these cloud security threats, working not as a one-
off CPU feature, but as a larger infrastructure that brings secure computing to the masses. It can help
ensure the strongest protections are enacted anytime, anywhere on any computing device, reducing risks
and concerns for both suppliers and users. To learn more about Confidential Computing advances, check
out OC3 and the Confidential Computing Consortium.
About the Author
Simon Johnson is a Senior Principal Engineer and Confidential Compute
Technical Director for the SGX and TDX programs at Intel Corporation. As a
confidential computing technical evangelist, Simon engages with partner
organizations on how to deliver world-class experiences and identify and
accelerate the next generation of hardware capabilities in the confidential
computing space. Simon has been in the information security space over 25
years, previously working for the UK Government as an information security
specialist developing capabilities and advising a number of national scale
projects. He holds a bachelor’s degree in computer science from the
University of York, UK.
For more, visit the Intel Corporation company website at
https://www.intel.com/.
Cyber Defense eMagazine – September 2023 Edition 98
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.