Security and privacy are arguably the most significant concerns for enterprises and consumers using public cloud platforms. The Confidential Computing theme at Microsoft Research Cambridge has been conducting pioneering research in the design of systems that guarantee strong security and privacy properties to cloud users. We are also interested in new technologies and applications that security and privacy can uncover (e.g., blockchains and multi-party machine learning). Some of the areas we work on include:
- Blockchain technology
- Confidential AI
- Confidential data analytics
- Secure hardware design
- Side-channel resilience
- Software security and memory safety
- Verified security and cryptography
Two announcements related to work done by the Confidential Computing team were made at Microsoft Ignite 2020. Mark Russinovich, CTO of Azure, announced the Microsoft Azure Confidential Ledger (watch from 1:13:48). Vikas Bhatia, Head of Product, Azure Confidential Computing, announced the Azure Confidential Cloud (watch from 17:45) and the new open source release of an Open Enclave port of the ONNX inference server with data encryption and attestation capabilities to enable confidential inference on Azure Confidential Computing.
Confidential Computing is the next big shift in cloud computing, extending the baseline security guarantees of data encryption at rest and in transit, to hardware-enforced cryptographic protection of data while in use, i.e., during computation. This article on Toward Confidential Cloud Computing discusses the changes required across the hardware and software stack for a modern cloud computing environment to support this shift and some of the new services that it will enable.