Security and privacy are arguably the most significant concerns for enterprises and consumers using public cloud platforms. The Confidential Computing theme at Microsoft Research Cambridge has been conducting pioneering research in the design of systems that guarantee strong security and privacy properties to cloud users. We are also interested in new technologies and applications that security and privacy can uncover (e.g., blockchains and multi-party machine learning). Some of the areas we work on include:

  • Blockchain technology
  • Confidential AI
  • Confidential data analytics
  • Secure hardware design
  • Side-channel resilience
  • Software security and memory safety
  • Verified security and cryptography

Two announcements related to work done by the Confidential Computing team were made at Microsoft Ignite 2020. Mark Russinovich, CTO of Azure, announced the Microsoft Azure Confidential Ledger (watch from 1:13:48). Vikas Bhatia, Head of Product, Azure Confidential Computing, announced the Azure Confidential Cloud (watch from 17:45) and the new open source release of an Open Enclave port of the ONNX inference server with data encryption and attestation capabilities to enable confidential inference on Azure Confidential Computing.

Confidential Computing is the next big shift in cloud computing, extending the baseline security guarantees of data encryption at rest and in transit, to hardware-enforced cryptographic protection of data while in use, i.e., during computation. This article on Toward Confidential Cloud Computing discusses the changes required across the hardware and software stack for a modern cloud computing environment to support this shift and some of the new services that it will enable.

Projects

Confidential AI graphic

Confidential AI

Our goal is to make Azure the most trustworthy cloud platform for AI. The platform we envisage offers confidentiality and integrity against privileged attackers including attacks on the code, data and hardware supply chains, performance close to that offered by GPUs, and programmability of state-of-the-art ML frameworks.

Confidential Consortium Framework graphic showing three offices sharing data securely

Confidential Consortium Framework (CCF)

The Confidential Consortium Framework (CCF), a joint project with Azure Engineering, is an open-source framework for building a new category of secure, highly available, and performant applications that focus on multi-party compute and data.

illustration showing containers in a cloud

Enabling Confidential Containers With SGX-LKL

By enabling confidential containers through the SGX-LKL project, we aim to provide a solution for deploying existing workloads with strong confidential computing guarantees in hardware-based trusted execution environments, thereby allowing customers to deploy these workloads onto public clouds without trusting their cloud provider.

Photo of Portmeirion, Wales

Portmeirion

Project Portmeirion aims to explore hardware-software co-design for security in the Azure general-purpose compute stack. We are working with major CPU vendors and academic collaborators to design new security features at both the architectural and microarchitectural level.

hand holding credit card with laptop

Project Everest

Everest aims to build usable, high-performance, formally-verified software for core security components, such as libraries for standard cryptographic algorithms (AES-GCM, SHA2, ECDSA, P256, …) and secure communications protocols (TLS and QUIC). Using a novel mechanized verification toolchain based on F*, we prove their safety, correctness, security, and side-channel resilience. This project is in collaboration with INRIA Paris, Carnegie Mellon University, and the universities of Edinburgh and Aalto.

Photo of Verona in Italy

Project Verona

Project Verona is a research project being run by Microsoft Research with academic collaborators at Imperial College London. We are exploring research around language and runtime design for safe scalable memory management and compartmentalisation.

People

People

Portrait of Edward Ashton

Edward Ashton

RSDE II Contractor

Portrait of Amaury Chamayou

Amaury Chamayou

Senior Research Software Development Engineer

Portrait of David Chisnall

David Chisnall

Principal Researcher

Portrait of Sylvan Clebsch

Sylvan Clebsch

Principal Research Software Development Engineer

Portrait of Manuel Costa

Manuel Costa

Partner Research Manager

Portrait of Antoine Delignat-Lavaud

Antoine Delignat-Lavaud

Principal Researcher

Portrait of Nathaniel Filardo

Nathaniel Filardo

Senior Researcher

Portrait of Cédric Fournet

Cédric Fournet

Senior Principal Research Manager

Portrait of Renato Golin

Renato Golin

Senior Research Software Engineer

Portrait of Istvan Haller

Istvan Haller

Senior Research Software Development Engineer

Portrait of Marios Kogias

Marios Kogias

Researcher

Portrait of Boris Köpf

Boris Köpf

Principal Researcher

Portrait of Clare Morgan

Clare Morgan

EMEA Program Manager, MSR Outreach

Portrait of Robert Norton-Wright

Robert Norton-Wright

Senior Researcher

Portrait of Matthew Parkinson

Matthew Parkinson

Principal Researcher

Portrait of Andrew Paverd

Andrew Paverd

Senior Researcher

Portrait of Peter Pietzuch

Peter Pietzuch

Visiting Researcher

Portrait of Maik Riechert

Maik Riechert

SR RSDE

Portrait of Scarlet Schwiderski-Grosche

Scarlet Schwiderski-Grosche

Director

Portrait of Alex Shamis

Alex Shamis

Senior Research Software Development Engineer

Portrait of Shruti Tople

Shruti Tople

Senior Researcher

Portrait of Kapil Vaswani

Kapil Vaswani

Principal Researcher

Portrait of Stavros Volos

Stavros Volos

Senior Researcher

Portrait of Christoph M. Wintersteiger

Christoph M. Wintersteiger

Research Software Development Engineer

Portrait of Joanne Woodage

Joanne Woodage

Senior Researcher

Portrait of Santiago Zanella-Béguelin

Santiago Zanella-Béguelin

Principal Researcher