The Linux Foundation Projects

Appearance

NeoNephos Member Paper release: Confidential Computing Revisited: Usability, Market, Standpoints and Trends

Our members contribute to NeoNephos in a variety of ways. Case in point is Cyberus Technology GmbH, which has seen its paper Confidential Computing Revisited: Usability, Market, Standpoints and Trends uploaded to the open archive HAL.

The relation of this paper to NeoNephos' mission becomes more apparent, by consulting this abstract:

Confidential Computing Revisited: Usability, Market, Standpoints and Trends

Why do we present yet another report on confidential computing (CC)? We realize that publications tend to either focus on performance trade-offs, vulnerabilities or options for improving the technology, whereas concrete guidance on the ease-of-use for customers and service providers can only be found in documentation at various web sites. We also notice in our professional network that there is a wide range of experiences with CC and expectations for the technology. These span from very optimistic perspectives based on early success stories to rather negative assessments from tedious proof-of-concepts, poor performance results or lack of faith in the prospects of the technology.

To achieve a holistic view of the design space for CC, we consider publications, product documentation, product specifications, and interviews with partner organizations as input for our analysis. We particularly focus on CC rooted in virtualization, which carries the potential of widespread future adoption for many use cases in comparison to more rigid approaches. This variant of CC is a relatively recent technology introduced in the 2022 to 2023 time frame by CPUs from AMD (AMD SEV-SNP) and Intel (Intel TDX) for the x86-64 architecture. Our analysis of related work therefore especially covers publications from the last three to four years. In the spirit of the ApeiroRA project and the NeoNephos Foundation, we point out open-source frameworks in this report that complement the CPU technologies.

Major outcomes of our confidential computing (CC) analysis are: • Early market projections for CC are optimistic and consider a CAGR above 25% with the potential to reach a higher capitalization than next-generation computing markets and established markets like HPC within 10 years. Market drivers are threats posed to businesses, society, national security and public safety based on data theft/espionage and attacks against critical infrastructure, supply chains and political systems. • During our interviews with more than 40 professionals from more than 20 partner organizations, we observed more than 30 security and privacy related consortia, standards and regulations listed in this report that may serve as a catalyst for motivating the adoption of the technology for compliance now and in the future. • We group more than 10 case studies into four use-case categories to supplement these insights by describing the actual usage of CC in the field to make the incentive to apply the technology more concrete. • We highlight different aspects of the usability (OS dependencies, VM lifecycle management, attestation hurdles) and trade-offs with respect to performance, costs, security, versatility/service levels and availability associated with using and offering CC services. • Finally, we summarize optimistic, realistic and pessimistic views gathered in our interviews and derive calls-to-action. The majority of the professionals we interviewed are realists. The realist has often already gained experience with CC in proof-of-concept and pilot projects and considers CC at a medium level of technology readiness. Realists may become adopters of CC eventually and recognize the need to prepare organizations (their employers, colleagues and customers) for the deployment of the technology within the next few years.

• As a foundation, we provide a technical overview of the CC technologies, known vulnerabilities and potential improvements shown in research publications, along with complementary security topics. • In the appendix, we offer a short overview of companies active in the areas of enabling new use cases with CC and offering productivity enhancements for deploying CC.

We therefore aim to systematically collect and structure this information in our report to help readers assess value propositions, identify necessary actions, and achieve proper outcomes with confidential computing based on a clear understanding of the maturity of the technology within a defined scope.

This report is funded by SAP’s Apeiro Reference Architecture contribution to the IPCEI-CIS EU project (Important Projects of Common European Interest – Next Generation Cloud Infrastructure and Services), in which Cyberus Technology GmbH acts as development and consultation partner. SAP is committed to donating all of Apeiro to the NeoNephos Foundation hosted by the Linux Foundation Europe.

We congratulate its author Matthias Gries and Cyberus Technology GmbH for this release and hope there is more to come!

← Back To Blog
BMWE-EU Supported by logo

Funded by the European Union – NextGenerationEU.

The views and opinions expressed are solely those of the author(s) and do not necessarily reflect the views of the European Union or the European Commission. Neither the European Union nor the European Commission can be held responsible for them.

Copyright © Linux Foundation Europe.

NeoNephos is a project of Linux Foundation Europe. All rights reserved. View Policies.