Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Google IBM Intel Microsoft Red Hat Software IT

Intel, Google, Microsoft, and Others Launch Confidential Computing Consortium for Data Security (venturebeat.com) 44

Major tech companies including Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft, and Red Hat today announced intent to form the Confidential Computing Consortium to improve security for data in use. From a report: Established by the Linux Foundation, the organization plans to bring together hardware vendors, developers, open source experts, and others to promote the use of confidential computing, advance common open source standards, and better protect data. "Confidential computing focuses on securing data in use. Current approaches to securing data often address data at rest (storage) and in transit (network), but encrypting data in use is possibly the most challenging step to providing a fully encrypted lifecycle for sensitive data," the Linux Foundation said today in a joint statement. "Confidential computing will enable encrypted data to be processed in memory without exposing it to the rest of the system and reduce exposure for sensitive data and provide greater control and transparency for users."

The consortium also said the group was formed because confidential computing will become more important as more enterprise organizations move between different compute environments like the public cloud, on-premises servers, or the edge. To get things started, companies made a series of open source project contributions including Intel Software Guard Extension (SGX), an SDK for code protection at the hardware layer.

This discussion has been archived. No new comments can be posted.

Intel, Google, Microsoft, and Others Launch Confidential Computing Consortium for Data Security

Comments Filter:
  • So much for keeping that confidential. Who wants to bet that the leak came out of Microsoft?
    • by divide overflow ( 599608 ) on Wednesday August 21, 2019 @04:14PM (#59110524)
      It's not a confidential "Computing Consortium," it's a "Confidential Computing" consortium." It's the computing that's confidential, not the consortium.
  • LMAO (Score:4, Insightful)

    by BeerMilkshake ( 699747 ) on Wednesday August 21, 2019 @04:27PM (#59110552)

    Talk about putting the foxes in charge of the hen house. All these sponsors have such a spotty record on privacy, and all have a revenue stream that depends on stealing and selling your personal data. So I'm sure they'll collectively sort this one out for us, sure they will.

    • Maybe that's the reason Apple is not part of that group.

      Then again, Facebook and Twitter are not part of it either, so I'm not sure what to think.

      • Maybe that's the reason Apple is not part of that group.

        Then again, Facebook and Twitter are not part of it either, so I'm not sure what to think.

        I, too, noticed that Apple isn't part of that group, thinking that spoke well of Apple.

        But you raise a good point about FB and Twit. Hmmmm.

        • Maybe Apple looked at their plans and said "That's too sketchy for us".
          Then Facebook and Twitter looked at their plans and said "That's not sketchy enough for us".

          Who knows. Certainly not us.

    • by AHuxley ( 892839 )
      Welcome back to PRISM.. But with much better buddy system security this time.
    • by AmiMoJo ( 196126 )

      You are confusing privacy and security.

      Google's security is actually pretty damn impressive. When you think about how valuable the data they have is, it must be under constant attack. In fact we know that nation states, including the US, are attacking their systems. The fact that they have managed to prevent any major leaks is impressive.

      Intel, to be fair to them, have done quite a bit too. They introduced AES acceleration instructions to mainstream CPUs, and a decent TRNG. Of course you can argue against t

  • I have been around, what is today called the Open Source Community, since the days we were connected via UUNET. I have always been a huge supporter of the collaboration of smart minds in that community to make our lives better. I am becoming quite unhappy with the current trend of Open Source software with commercial versions and community editions. It seems to me that the Linux Foundation has a strong leaning in that direction, and I am not happy about that. What are others thoughts on this?
    • by HiThere ( 15173 )

      The Linux Foundation is only indirectly supportive of Linux, it's mainly supportive of the corporations that are members of the foundation. Now that Microsoft is a "Platinum Member" it's even less supportive of Linux than it was earlier, and in it's earlier phase it drove the introduction of systemd.

    • I have observed a tendency where "the current trend of Open Source software with commercial versions and community editions" is raising indeed. So generally speaking, you seem to have observed the same thing.

      Like another poster has mentioned, "The Linux Foundation" is not Linux. There is still people who understand the stakes. Let's hope they don't give up because it is much easier and sometimes more profitable to go with the flow of illiterates who make the front page regularly for serious issues now, blat

  • "Quis custodiet ipsos custodes?"

    It was a shame they discontinued the Latin requirement in school a couple years before I attended.

    • You do. The buck has to stop somewhere, and humans being the versatile animals we are, it'll have to stop with you at some point or other.

      Or you can just cede your authority and thoughts to someone else.

  • by Myria ( 562655 ) on Wednesday August 21, 2019 @04:57PM (#59110648)

    The primary use of this stuff, just like Intel's SGX enclaves, is keeping media encrypted during playback. There are not very many other uses of it that are actually cared about.

    • by HiThere ( 15173 )

      That's plausible, but given some of the names involved I wouldn't limit it that way. Perhaps that's their initial focus, but the phraseology would allow a much wider interpretation as it became convenient. And they could claim "but we told you earlier, *see!*".

    • The Enarx project from Red Hat is designed specifically to make DRM and other kinds of malware impossible. We are a founding member of the CCC. Disclaimer: I am the tech lead on the project.
    • by AHuxley ( 892839 )
      But for what PRISM was used for?
    • by AmiMoJo ( 196126 )

      Not very useful for DRM as it has to be enabled in the BIOS first (default state must be disabled). It's not clear how it would help with DRM very much either, since for example a DRM protected video stream has to be decrypted and sent to the GPU for decoding (because 4k will crush your CPU and destroy battery life), and an attacker can always just capture the HDMI output.

      DRM isn't about perfect or even good security. It's just about making things difficult enough that people don't casually pirate media.

      SGX

  • “Confidential computing focuses on securing data in use. Current approaches to securing data often address data at rest (storage) and in transit (network), but encrypting data in use is possibly the most challenging step to providing a fully encrypted lifecycle for sensitive data,” the Linux Foundation said today in a joint statement."

    I hope their platform incorporates, or at least addresses, the concept of fully homomorphic encryption. In my mind this would be the gold standard for implementing such a "fully encrypted lifecycle".

    References:
    https://en.wikipedia.org/wiki/... [wikipedia.org]
    https://homomorphicencryption.... [homomorphi...yption.org]
    https://blog.cryptographyengin... [cryptograp...eering.com]

  • by Retired ICS ( 6159680 ) on Wednesday August 21, 2019 @06:08PM (#59110802)

    This is another boondogle that is manifestly intended to NOT do what is implied by an ordinary reading of the words. Other examples before it:

    DRM. Digital Rights Management. Which is really a system for insuring that THIRD PARTIES have rights to which they are not entitled.

    Trusted Computing. Which is not about the owner of a computer being able to trust their computing, but that THIRD PARTIES can "trust" that you, the computer owner, do not carry out "computations" contrary to the wishes of those THIRD PARTIES.

    Now we have this "Confidential Computing Consortium" created by a bunch of THIRD PARTIES who wish to exert control over data that is not theirs and in which they have no interest, other than to collect it and sell it -- and to ensure that they continue to be able to do so, contrary to the rights, wishes, and contractual obligations of the entity in possession of the data.

    Maybe I am getting cynical in my old age ... but probably not.

    • Maybe I am getting cynical in my old age ... but probably not.

      Nope you are correct, if in doubt go get a copy of nox at bignox.com all apps running on android are basically run mainframe dumb client and they watn to further encrypt and deny us basic access to our files.

      Denuvo's working on mobile "Game security" encryption

      https://www.gamesindustry.biz/... [gamesindustry.biz]

      The last 20 years has been one of the greatest thefts of software in all human history which began with the rebadging of RPG's as mmo's when EA made Ultima onlnie to get gullible public to pay monthly for a piece of so

    • You're not cynical. These mother f*ckers will NOT stop until they have it ALL. Period. The future to them is where the customer no longer even owns a computer. You will be able to buy what is, 'technically,' a computer; but, you won't be able to do ANY computing on it, at all, unless it is signed and encrypted data. Every thing people, 'rely,' on and, 'need,' will be nothing more than a client that is configured to ONLY work under the circumstances they dictate. Google has already started with their,
    • by Tom ( 822 )

      Maybe I am getting cynical in my old age ... but probably not.

      You are not getting cynical, but that fight is older than you think.

      Exactly who owns and controls computers has been an issue ever since they became available to people outside the military. There was a short "golden time" when the technology available simply didn't allow for much control. The C64 and its like were pretty much open machines, and many people at that time actually built their own computers. DOS had few controls against the user, because it was simply too primitive, but it all started there. G

  • Looks like they afraid of Meltdown and similar errors to discourage customers from their cloud services.

    Or they want run their secret workloads on our devices.

He who steps on others to reach the top has good balance.

Working...