Sign in

Edgeless Systems

Hey there 👋 If you’ve found you way to this blog, you’re probably aware of confidential computing and its open-source landscape. In this context, we’ll today talk about the recent support for Occlum-based workloads we added to our Marblerun framework. But before we dive into the details, let’s recap what both projects are about.

What is Occlum?

Occlum is a memory-safe, multi-process library OS for Intel SGX. In short, it is simplifying the programming of apps in secure enclaves. Those of you who have tried to transfer your existing code to enclaves know how long it can take to adapt hundreds of lines…


In this article, we are going to look at how cloud applications are built today and how the principles of Confidential Computing can be applied to them. We will also show you how easily this can be achieved by using our tools EGo and Marblerun.

When we started our development cycle some time ago, we asked ourselves one central question “How would you like to build Confidential Computing applications?”. What we found is that there is a large community called the Cloud Native Landscape, who have built a vast ecosystem of open-source tool stacks. When people develop new cloud services…


Are you interested in Confidential Computing but not sure where to start? We’re here to help. Let’s take a look at the basics of Confidential Computing, the types of problems that you can solve with it and some use cases that provide some insight into the game-changing nature of this field.

The fundamental problem can be summarized in one short sentence: computers are still not trustworthy enough. Customers do not trust companies with their data, companies do not trust the cloud, nobody trusts anyone. The underlying reason is that our compute stacks look like the one pictured — we have…


In recent years, cloud services have proven itself as indispensable in the consumer space. From personal file backups on web drives to AI-assisted smartphone applications, it is hard to imagine the current device landscape without cloud functionality.

Especially for businesses, cloud computing can unlock tremendous potential, e.g. by distributing data analyses across scalable IT infrastructure. However, companies are still reluctant to migrate to Infrastructure-as-a-service platforms due to security and flexibility concerns. …


Confidential Computing (CC) is a very exiting up-and-coming security technology, named one of the Top 10 Digital Transformation Trends for 2021 by Forbes Magazine!

In a nutshell, Confidential Computing enables the always encrypted and verifiable processing of data on potentially untrusted computer systems — could be your own computer or a machine in the cloud (for more information scroll down to our post “Why do we need Confidential Computing?” released on Nov. 24th).

While this addresses many security and privacy problems and enables exciting new data-driven business models, only few people know how to use Confidential Computing and even fewer…


Great to have you back - welcome to the final episode of our mini series! To recap, we discussed the basics of confidential computing in the first post and the basics of service meshes in the second post. Now it’s time to put the two together.

Why can’t we just use a normal service mesh for confidential computing apps?

We already established that there are two main problems when it comes to using normal services meshes for confidential computing:

1. Encrypted service-to-service communication needs to terminate inside secure enclaves instead of separate sidecars. Otherwise an attacker could just tap the service-to-sidecar communication, manipulate the sidecar, etc.

2. A crucial aspect of confidential computing…


Thanks for staying with us! In the previous post we discussed the question of “Why do we need confidential computing?” This time, we’ll discuss the next question on our agenda.

Why do we need a service mesh?

Ok, so what actually is a service mesh to begin with? William Morgan the CEO of Buoyant, the company behind Linkerd, one of the “big 3” services meshes, wrote a great post about the whats, the whys and the hows.

In summary, in a microservice architecture, an app is split up into (micro-)services, each fulfilling a certain task.


Welcome everyone to the first blog post from the Edgeless Systems team!

For those who don’t know us: we are a startup focused on building top-notch open-source tools for confidential computing. We are a team of mostly engineers, based in Bochum, Germany. (Bochum, what?! Most notably, the city is home to a university which is often regarded as one of the best in cybersecurity and a highly underrated football/soccer club.)

Hi from Edgeless HQ👋

We recently released Marblerun, the first service mesh for confidential computing. Quite possibly, you’re wondering: why do we need a service mesh for confidential computing?

Being engineers, we naturally start…

Edgeless Systems

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store