Confidential Computing (CC) is a very exiting up-and-coming security technology, named one of the Top 10 Digital Transformation Trends for 2021 by Forbes Magazine!
In a nutshell, Confidential Computing enables the always encrypted and verifiable processing of data on potentially untrusted computer systems — could be your own computer or a machine in the cloud (for more information scroll down to our post “Why do we need Confidential Computing?” released on Nov. 24th).
While this addresses many security and privacy problems and enables exciting new data-driven business models, only few people know how to use Confidential Computing and even fewer have applied it in practice. …
Great to have you back - welcome to the final episode of our mini series! To recap, we discussed the basics of confidential computing in the first post and the basics of service meshes in the second post. Now it’s time to put the two together.
We already established that there are two main problems when it comes to using normal services meshes for confidential computing:
1. Encrypted service-to-service communication needs to terminate inside secure enclaves instead of separate sidecars. Otherwise an attacker could just tap the service-to-sidecar communication, manipulate the sidecar, etc.
2. A crucial aspect of confidential computing is verifiability. Someone needs to make sure that each service in the cluster is actually running inside secure enclaves and that it was initialized with the right parameters and code. …
Thanks for staying with us! In the previous post we discussed the question of “Why do we need confidential computing?” This time, we’ll discuss the next question on our agenda.
Ok, so what actually is a service mesh to begin with? William Morgan the CEO of Buoyant, the company behind Linkerd, one of the “big 3” services meshes, wrote a great post about the whats, the whys and the hows.
In summary, in a microservice architecture, an app is split up into (micro-)services, each fulfilling a certain task. …
Welcome everyone to the first blog post from the Edgeless Systems team!
For those who don’t know us: we are a startup focused on building top-notch open-source tools for confidential computing. We are a team of mostly engineers, based in Bochum, Germany. (Bochum, what?! Most notably, the city is home to a university which is often regarded as one of the best in cybersecurity and a highly underrated football/soccer club.)
We recently released Marblerun, the first service mesh for confidential computing. Quite possibly, you’re wondering: why do we need a service mesh for confidential computing?
Being engineers, we naturally start by decomposing the question into three sub-questions. …