In the first part of this blog series, we discussed the run-time (in)security challenge, which can leave your code and data vulnerable to attacks by both the privileged system software of the public cloud infrastructure, as well as its administrators. We also introduced the concept of trusted execution environments and confidential computing, (CC), as a paradigm to address this challenge. CC takes a pragmatic approach: it considers the execution environment bootstrapped by the cloud’s system software to be untrustworthy, and proposes to run your security-sensitive workloads in an isolated trusted execution environment (TEE) instead. The TEE’s security guarantees are rooted in the deep hardware layers of the platform; security claims can be remotely verified.
But how does confidential computing work? To understand TEEs and CC in more detail, we need to understand isolation and remote attestation.
In order to be able to reason about TEEs and confidential computing, there are…
