VMware has announced that it is joining forces with AMD, Samsung, and members of the RISC-V Keystone community to simplify the development and operations of confidential computing applications.
These industry and community leaders will work together to ease the transition to practical confidential computing by collaborating on and contributing to the open source Certifier Framework for Confidential Computing project.
Ecosystem Support Builds for Certifier Framework for Confidential Computing
To help democratize confidential computing, VMware researched, developed and open sourced the developer-focused Certifier Framework for Confidential Computing project.
By standardizing on an easy-to-use, platform-independent API for creating and operating confidential computing applications, AMD, Samsung and VMware aim to address a significant barrier to the adoption of confidential computing.
Confidential computing is based on an emerging processor concept called a “trusted execution environment” that maintains the confidentiality and integrity of programs and data even when workloads are deployed in the cloud or infrastructure (such as the edge) that may be operated by others.
Uniform security protections based on confidential computing are expected to be increasingly important in the context of multi-cloud deployments.
Also, in the context of emerging workloads like machine learning, confidential computing can play a special role in protecting the intellectual property and proprietary data related to the foundation models and code, proprietary model derivatives, and private training data.
Although confidential computing is an enormous advancement for security and privacy, like many hardware features, it will not be widely adopted until it becomes easier to develop applications in the new paradigm.
The Certifier Framework vastly simplifies the development of more secure cloud workloads, secret-keeping services, and privacy-preserving applications including an emerging class of machine learning and “data economy” workloads that are based on sensitive data and models aggregated from multiple sources.
The framework provides platform-independent support for specifying and enforcing trust policies that can better secure workloads across on-prem and third-party infrastructure, including the telco edge, multi-cloud environments, and sovereign clouds.
By collectively advancing and contributing to the open source Certifier Framework, the companies and community members aim to effectively standardize on a set of developer APIs that will benefit the entire industry by accelerating the adoption of confidential computing as it becomes available in the x86, Arm, and RISC-V ecosystems.
“Confidential Computing has the potential to secure workloads no matter where they run including in multi-cloud and edge settings,” said Kit Colbert, CTO, VMware. “The challenge has been to help customers adopt and implement the standard with ease. The collective efforts of the growing ecosystem of contributors to Certifier Framework will help bring those benefits to bear to ISVs, enterprise customers, and Sovereign Cloud providers—enabling them to use this emerging technology more easily and effectively.”
Raghu Nambiar, Corporate VP, Data Centre Ecosystems and Solutions at AMD said that the company is a pioneer of advanced hardware-based security features such as AMD Infinity Guard, with built-in capabilities like Secure Encrypted Virtualization (SEV), in our EPYC data centre processors.
He said, “Collaborating with industry partners, like VMware, is critical for accelerating adoption of confidential computing and securing workloads in the cloud. No matter the size or technical sophistication of an organization, or where a workload is deployed, the Certifier Framework will help more customers realize the benefits of confidential computing.”
Yong Ho Hwang, VP and Head of Security & Privacy Teams at Samsung Electronics said the company was committed to extending confidential computing to endpoints through their Islet interface to the Arm CCA architecture.
“We are pleased to be supporter of the Certifier Framework and share the common goal of accelerating the adoption of confidential computing through a developer-friendly API for confidential computing trust management,” said Ho Hwang.
Krste Asanovic, Professor, Computer Science Division, EECS Department, University of California at Berkley, said Keystone brings the benefits of open source to the confidential computing hardware community.
He said, “We are pleased to leverage the Certifier Framework to help confidential computing developers maintain choice over platform selection as our capabilities evolve.”