resident virtual machines. As hardware and software solutions improve to supply mitigations in
                   this space, IT departments can benefit by establishing best practices and mitigations to combat
                   side-channel attacks.



               •  Physical  Attacks  –  A  Confidential  Computing  model  emphasizes  the  separation  of  platform
                   administrator from user data being operated on it. But as the processing locations become more
                   remote, or platform administration is further subdivided, or third parties become responsible for
                   platform operations, protections from the individual with platform proximity are necessary.



            Confidential Computing solutions combines a robust set of hardware features and a rich, vibrant software
            ecosystem that is in place today and continued growth is expected. The Confidential Computing software
            ecosystem includes containerized software development kits (SDKs) and shim layers or library operating
            systems  that  allow  either  partial  or  full  applications  to  be  included  within  the  trust  boundary.  It  also
            includes middleware that allows multiple applications to be brought together securely and orchestrated
            across an infrastructure provider's network. Finally, the market needs software services for attestation of
            Confidential Computing instances on a variety of devices so they can be verified at the time of use.
            Unfortunately, bad actors will continue to try and exploit cloud security vulnerabilities. Implementing a
            Confidential Computing ecosystem can help combat these cloud security threats, working not as a one-
            off CPU feature, but as a larger infrastructure that brings secure computing to the masses. It can help
            ensure the strongest protections are enacted anytime, anywhere on any computing device, reducing risks
            and concerns for both suppliers and users. To learn more about Confidential Computing advances, check
            out OC3 and the Confidential Computing Consortium.



            About the Author

            Simon  Johnson  is  a  Senior  Principal  Engineer  and  Confidential  Compute
            Technical Director for the SGX and TDX programs at Intel Corporation. As a
            confidential  computing  technical  evangelist,  Simon  engages  with  partner
            organizations  on  how  to  deliver  world-class  experiences  and  identify  and
            accelerate  the  next  generation  of  hardware  capabilities  in  the  confidential
            computing space. Simon has been in the information security space over 25
            years, previously working for the UK Government as an information security
            specialist  developing  capabilities  and  advising  a  number  of  national  scale
            projects.  He  holds  a  bachelor’s  degree  in  computer  science  from  the
            University of York, UK.

            For   more,    visit   the   Intel   Corporation   company    website   at
            https://www.intel.com/.







            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          98
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.