In conjunction with Confidential Computing Summit 2023, VMware has announced that it is joining forces with AMD, Samsung, and members of the RISC-V Keystone community to simplify the development and operations of confidential computing applications. These industry and community leaders will work together to ease the transition to practical confidential computing by collaborating on and contributing to the open-source Certifier Framework for Confidential Computing project.
Ecosystem Support Builds for Certifier Framework for Confidential Computing
To help democratise confidential computing, VMware researched, developed and open sourced the developer-focused Certifier Framework for Confidential Computing project. By standardising on an easy-to-use, platform-independent API for creating and operating confidential computing applications, AMD, Samsung and VMware aim to address a significant barrier to the adoption of confidential computing.
Confidential computing is based on an emerging processor concept called a “trusted execution environment” that maintains the confidentiality and integrity of programs and data even when workloads are deployed in the cloud or infrastructure (such as the edge) that may be operated by others. Uniform security protections based on confidential computing are expected to be increasingly important in the context of multi-cloud deployments. Also, in the context of emerging workloads like machine learning, confidential computing can play a special role in protecting the intellectual property and proprietary data related to the foundation models and code, proprietary model derivatives, and private training data. Although confidential computing is an enormous advancement for security and privacy, like many hardware features, it will not be widely adopted until it becomes easier to develop applications in the new paradigm.
The Certifier Framework vastly simplifies the development of more secure cloud workloads, secret-keeping services, and privacy-preserving applications including an emerging class of machine learning and “data economy” workloads that are based on sensitive data and models aggregated from multiple sources. The framework provides platform-independent support for specifying and enforcing trust policies that can better secure workloads across on-prem and third-party infrastructure, including the telco edge, multi-cloud environments, and sovereign clouds. By collectively advancing and contributing to the open-source Certifier Framework, the companies and community members aim to effectively standardise on a set of developer APIs that will benefit the entire industry by accelerating the adoption of confidential computing as it becomes available in the x86, Arm, and RISC-V ecosystems.
“Confidential Computing has the potential to secure workloads no matter where they run including in multi-cloud and edge settings,” said Kit Colbert, CTO, VMware. “The challenge has been to help customers adopt and implement the standard with ease. The collective efforts of the growing ecosystem of contributors to Certifier Framework will help bring those benefits to bear to ISVs, enterprise customers, and Sovereign Cloud providers—enabling them to use this emerging technology more easily and effectively.”
Supporting Quotes
“AMD is a pioneer of advanced hardware-based security features such as AMD Infinity Guard, with built-in capabilities like Secure Encrypted Virtualisation (SEV), in our EPYC data center processors,” said Raghu Nambiar, corporate vice president, Data Center Ecosystems and Solutions, AMD. “Collaborating with industry partners, like VMware, is critical for accelerating adoption of confidential computing and securing workloads in the cloud. No matter the size or technical sophistication of an organisation, or where a workload is deployed, the Certifier Framework will help more customers realise the benefits of confidential computing.”
“Samsung is committed to extending confidential computing to endpoints through their Islet interface to the Arm CCA architecture,” said Yong Ho Hwang, VP and Head of Security & Privacy Team at Samsung Electronics. “We are pleased to be supporter of the Certifier Framework and share the common goal of accelerating the adoption of confidential computing through a developer-friendly API for confidential computing trust management.”
“Keystone brings the benefits of open source to the confidential computing hardware community,” said Krste Asanovic, Professor, Computer Science Division, EECS Department, University of California, Berkeley. “We are pleased to leverage the Certifier Framework to help confidential computing developers maintain choice over platform selection as our capabilities evolve.”
