Welcome to a secure future: VMware, AMD and Samsung are leading the industry into a new era
Companies create an open framework for confidential computing.
At the summit Confidential Computing Summit 2023 San Francisco company VMware announced a partnership with AMDSamsung and community representatives RISC-V (Antmicro, Alibaba, Western Digital, etc.) to create an open and cross-platform framework for developing and running applications that use hardware for confidential computing.
Confidential Computing is a technology that protects applications and their data from being stolen or hacked by placing them inside a secure area of memory or a Trusted Execution Environment (TEE). The technology uses hardware security mechanisms to prevent access to the memory area from anything outside it, including the host operating system and any other application code.
VMware argues that such security mechanisms can be especially important in the context of applications running in multi-cloud environments.
In addition, the concept of confidential computing offers additional features such as multi-user processing and analytics. In this scenario, multiple users submit their private data for analysis in a secure area, allowing for more extensive results than could be provided by each individual user’s data.
However, VMware notes that, like many useful hardware features, they will not be widely adopted until it becomes easier to develop applications in the new paradigm.
VMware claims that this is the goal of the framework Certifier Framework for Confidential Computingwhich provides platform-independent support for defining and enforcing trust policies to secure workloads on on-premises and third-party infrastructures, including multi-cloud environments.
VMware has announced its research efforts and development of the Certifier Framework by making its source code publicly available. Support from AMD and Samsung (which develops chips for smartphones in-house) ensures that both x86 and Arm architectures are included in the project. Also playing a key role is the Keystone project, which develops support for confidential computing on RISC-V processors.
According to VMware, the Certifier Framework consists of two parts:
- application development library (API), which allows the developer to either port an existing written application or develop a new one with minimal effort. The API supports multiple platforms for confidential computing, so there is no need to rewrite the application that uses the framework when moving to another platform.
- Certifier ServiceA consisting of multiple server applications that evaluate policy and manage trust relationships in a security domain. The goal of this service is to provide a scalable way to deploy multiple privacy computing and security policy enforcement applications.
Initiative participants demonstrated the technology at the Confidential Computing Summit, including demonstrations of universal trust management between the client and the cloud across different hardware platforms. Readers interested in the initiative can check out the framework Certifier Framework for Confidential Computing on Github .