Microsoft Download Center Archive

Embracing as a developer the new perspectives of Confidential Computing

  • Published:
  • Version: 1.2
  • Category: Document
  • Language: English

This series of guides aims at helping applications’ developers and architects to embrace the new perspectives opened up by Confidential Computing in Azure and on the Edge for a growing number of use cases.

  • Security is a key driver accelerating the adoption of cloud computing, but it’s also a major concern when you’re moving extremely sensitive data and IP scenarios to the public cloud. If there are ways to secure data at rest (storage) and in transit (network), you also need to protect your (most sensitive) data from threats as it’s being processed. As defined by the Confidential Computing Consortium (CCC) that brings together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards through open collaboration: “Confidential computing focuses on securing data in use. Current approaches in cloud computing address data at rest and in transit but encrypting data in use is considered the third and possibly most challenge step to providing a fully encrypted lifecycle for sensitive data. Confidential computing will enable encrypted data to be processed in memory without exposing it to the rest of the system. Confidential computing will reduce exposure for sensitive data and provide greater control and transparency for users.”Confidential Computing adds new data security capabilities using trusted execution environments (TEEs), a.k.a. enclaves, or encryption mechanisms to protect your data while in use. TEEs are hardware or software implementations that safeguard data being processed from access outside the TEE. The hardware provides a protected container by securing a portion of the processor and memory. Only authorized code is permitted to run and to access data, so code and data are protected against viewing and modification from outside of TEE. This reduces exposure for sensitive data and provides greater control and transparency for users.Announced back in September 2017, Azure Confidential Computing (ACC) protects the confidentiality and integrity of your data and code while it’s processed in the public cloud. Example use cases include confidential multiparty data sharing, fraud detection, anti-money laundering, blockchain, confidential usage analytics, intelligence analysis and confidential machine learning.Besides the initially released DC-Series virtual machines (VM), the new Generation 2 DCsv2-Series VMs are backed by the latest generation of Intel XEON E-2288G Processor with the Intel Software Guard Extensions (Intel SGX) technology. Cloud security is the cornerstone of our confidential cloud vision, which aims to remove Microsoft from the trusted computing base (TCB) of Azure. Protecting the confidentiality and the integrity of data and/or the code also increasingly applies at the Edge, with the inferencing of a trained model on some local data, which leads you to the so-called “Intelligent Edge”.In this context, the Open Enclave SDK open sourced by Microsoft in October 2018 under the MIT license drives towards a consistent API surface around enclaving abstraction, and support portability across TEE types, like Intel SGX and ARM TrustZone, and flexibility in architecture. This SDK is a contributing project of the Confidential Computing Consortium.This series of guides aims at helping applications’ developers and architects to embrace the new perspectives opened up by Confidential Computing in Azure and on the Edge for a growing number of use cases.Beside first-party services in Azure like Azure SQL Database (Always Encrypted with enclaves), you may want to develop your own TEE-based applications, build distributed multiparty applications through the use of (yet) another project open sourced by Microsoft in May 2019 under the Apache license 2.0, the Confidential Consortium Framework (CCF) , etc. To ease the learning curve, pave the path towards developing such applications, and streamline the setup of a suitable development environment and related configurations, this series of guide is intended to cope with the above topics.For that purpose, this series of guides for developers comprises:
    1. “Building and Executing Trusted Execution Environment (TEE) based applications on Azure - A starter guide for developers”,
    2. "Getting Started with the Confidential Consortium Framework (CCF) on Azure - A starter guide for developers",
    3. “Leveraging Attestations with Trusted Execution Environment (TEE) based applications on Azure - A starter guide for developers”,
    4. And eventually “Leveraging Confidential Computing with Kubernetes on Azure - A starter guide for developers”.

Files

Status: Live

This download is still available on microsoft.com. The downloads below will come directly from the Microsoft Download Center.

FileSize
Building-and-Executing-TEE-based-applications-on-Azure-(April-2020).pdf
SHA1: 57196f0675b06bf8d8690530de08829a713ddf9b
5.57 MB
Getting-started-with-the-Confidential-Consortium-Framework-on-Azure-(July-2020).pdf
SHA1: ee9db3a28302378da3b77633de2d3b1a5491fd96
1.30 MB
Leveraging-Attestations-with-TEE-based-applications-on-Azure-(July-2020).pdf
Leveraging-Confidential-Computing-with-Kubernetes-on-Azure-(July-2020).pdf
SHA1: 84f8306595e0bfe7093f1825995de031ee9d5df6
413 KB

File sizes and hashes are retrieved from the Wayback Machine’s indexes. They may not match the latest versions of files hosted on Microsoft servers.

System Requirements

Operating Systems: Linux, Windows Server 2016, Windows Server 2019

  • N/A

Installation Instructions

  • Download the PDF file(s) and open it with the PDF reader of your choices.

Related Resources