Confidential computing
Confidential computing is a recent development that aims to use cryptography and hardware-level security features to ensure data is always protected. Data can be in one of three states: at rest, in transit, or in use. Data at rest is typically located in files on a storage device. Data in transit refers to data traveling over some type of communication medium. Data in use is being actively operated on by a processor and resides in the processor’s main memory.
Confidential computing aims to ensure a comprehensive level of protection for data in all three of these possible states. Traditional security mechanisms focus on one state at a time, such as encrypting data on disk or while transferring information to and from a website. These approaches neglect the necessity to provide the same level of protection to data in use.
Securing data in use requires support from processor hardware to isolate applications from each other and to ensure the protection...
