Confidential Computing


News & features

News & features


Security and privacy are arguably the most significant concerns for enterprises and consumers using public cloud platforms. The Confidential Computing theme at Microsoft Research Cambridge has been conducting pioneering research in the design of systems that guarantee strong security and privacy properties to cloud users. We are also interested in new technologies and applications that security and privacy can uncover (e.g., blockchains and multi-party machine learning). Some of the areas we work on include:

  • Blockchain technology
  • Confidential AI
  • Confidential data analytics
  • Secure hardware design
  • Side-channel resilience
  • Software security and memory safety
  • Verified security and cryptography

Two announcements related to work done by the Confidential Computing team were made at Microsoft Ignite 2020. Mark Russinovich, CTO of Azure, announced the Microsoft Azure Confidential Ledger (watch from 1:13:48). Vikas Bhatia, Head of Product, Azure Confidential Computing, announced the Azure Confidential Cloud (watch from 17:45) and the new open source release of an Open Enclave port of the ONNX inference server with data encryption and attestation capabilities to enable confidential inference on Azure Confidential Computing.

Confidential Computing is the next big shift in cloud computing, extending the baseline security guarantees of data encryption at rest and in transit, to hardware-enforced cryptographic protection of data while in use, i.e., during computation. This article on Toward Confidential Cloud Computing discusses the changes required across the hardware and software stack for a modern cloud computing environment to support this shift and some of the new services that it will enable.


Confidential AI graphic

Confidential AI

Our goal is to make Azure the most trustworthy cloud platform for AI. The platform we envisage offers confidentiality and integrity against privileged attackers including attacks on the code, data and hardware supply chains, performance close to that offered by GPUs, and programmability of state-of-the-art ML frameworks.

Confidential Consortium Framework graphic showing three offices sharing data securely

Confidential Consortium Framework (CCF)

The Confidential Consortium Framework (CCF), a joint project with Azure Engineering, is an open-source framework for building a new category of secure, highly available, and performant applications that focus on multi-party compute and data.

illustration showing containers in a cloud

Enabling Confidential Containers With SGX-LKL

By enabling confidential containers through the SGX-LKL project, we aim to provide a solution for deploying existing workloads with strong confidential computing guarantees in hardware-based trusted execution environments, thereby allowing customers to deploy these workloads onto public clouds without trusting their cloud provider.

Photo of Portmeirion, Wales


Project Portmeirion aims to explore hardware-software co-design for security in the Azure general-purpose compute stack. We are working with major CPU vendors and academic collaborators to design new security features at both the architectural and microarchitectural level.

hand holding credit card with laptop

Project Everest

Everest aims to build usable, high-performance, formally-verified software for core security components, such as libraries for standard cryptographic algorithms (AES-GCM, SHA2, ECDSA, P256, …) and secure communications protocols (TLS and QUIC). Using a novel mechanized verification toolchain based on F*, we prove their safety, correctness, security, and side-channel resilience. This project is in collaboration with INRIA Paris, Carnegie Mellon University, and the universities of Edinburgh and Aalto.

Photo of Verona in Italy

Project Verona

Project Verona is a research project being run by Microsoft Research with academic collaborators at Imperial College London. We are exploring research around language and runtime design for safe scalable memory management and compartmentalisation.


Our research in Confidential Computing involves collaborations with partners in- and outside Microsoft. As regards external collaboration, we have deep roots in the academic research ecosystem and engage in collaborations with top research groups around the world.

Microsoft Security Response Center

We collaborate closely with the Microsoft Security Response Center (MSRC) on multiple topics, including exploit mitigations, safe systems programming languages, CPU security, secure hardware design, and AI security.

PhD collaborations in EMEA

Aalto University

“SMVRF: Secure Messaging Verifiably Realized in F*”

Primary Supervisor: Chris Brzuska

MSR Supervisor: Antoine Delignat-Lavaud

Imperial College London

“Regions and Types for the Secure Foundations of Cloud-First, Confidential Computing”

Primary Supervisor: Sophia Drossopoulou

MSR Supervisor: Antoine Delignat-Lavaud

Technical University of Vienna (TU Wien)

“Bit-level Accurate Reasoning and Interpolation”

Primary Supervisor: Georg Weissenbacher

MSR Supervisor: Christoph Wintersteiger

University of Edinburgh

“Improving the usability of TLS APIs”

Primary Supervisor: Kami Vaniea

MSR Supervisor: Antoine Delignat-Lavaud

“Speicher: A Secure Storage System using Shielded Execution”

Primary Supervisor: Pramod Bhatotia

MSR Supervisor: Kapil Vaswani

University of York

“Lightweight Concurrency Modelling”

Primary Supervisor: Mike Dodds

MSR Supervisor: Matthew Parkinson

Uppsala University

“Quantifiably Secure Architectures “

Primary Supervisor: Stefanos Kaxiras

MSR Supervisor: Boris Köpf

Find out more about the PhD Scholarship Programme in EMEA.

INRIA graphic

Inria Joint Centre

The Inria Joint Centre was founded in 2004 by Inria (the French National Research Institute for Computer Science and Applied Mathematics), Microsoft Corporation, and Microsoft Research Cambridge. The Centre’s objective is to pursue fundamental, long-term research in Computer Science with a particular emphasis on formal methods and machine learning and some of their key applications.


Swiss Joint Research Centre

Established in 2008, the Swiss Joint Research Center (Swiss JRC) is a collaborative research engagement between Microsoft Research and the two universities that make up the Swiss Federal Institutes of Technology: ETH Zurich and EPFL. The Centre’s objective is to pursue fundamental, long-term research in Computer Science with a particular emphasis on systems, security, and AI.

Center for Digital Trust logo


Housed at EPFL in Lausanne (Switzerland), the Center for Digital Trust brings together founding partners including Microsoft Research, laboratories, civil society, and policy actors to collaborate, share insight, and to gain early access to trust-building technologies, building on state-of-the-art research at EPFL and beyond.

University of College London (UCL) logo

University College London (UCL)

We are partner of the EPSRC Centre for Doctoral Training in Cybersecurity at UCL which trains cohorts of highly skilled experts drawn from across the spectrum of engineering and social sciences, able to become the next generation of UK leaders in industry and government, public policy, and scientific research.