Security and privacy are arguably the most significant concerns for enterprises and consumers using public cloud platforms. The Confidential Computing theme at Microsoft Research Cambridge has been conducting pioneering research in the design of systems that guarantee strong security and privacy properties to cloud users. We are also interested in new technologies and applications that security and privacy can uncover (e.g., blockchains and multi-party machine learning). Some of the areas we work on include:

  • Blockchain technology
  • Confidential AI
  • Confidential data analytics
  • Privacy preserving ML
  • Secure hardware design
  • Side-channel resilience
  • Software security and memory safety
  • Verified security and cryptography

Two announcements related to work done by the Confidential Computing team were made at Microsoft Ignite 2020. Mark Russinovich, CTO of Azure, announced the Microsoft Azure Confidential Ledger (watch from 1:13:48). Vikas Bhatia, Head of Product, Azure Confidential Computing, announced the Azure Confidential Cloud (watch from 17:45) and the new open-source release of an Open Enclave port of the ONNX inference server with data encryption and attestation capabilities to enable confidential inference on Azure Confidential Computing.

Confidential Computing is the next big shift in cloud computing, extending the baseline security guarantees of data encryption at rest and in transit, to hardware-enforced cryptographic protection of data while in use, i.e., during computation. This article on Toward Confidential Cloud Computing discusses the changes required across the hardware and software stack for a modern cloud computing environment to support this shift and some of the new services that it will enable.


Confidential AI graphic

Confidential AI

Our goal is to make Azure the most trustworthy cloud platform for AI. The platform we envisage offers confidentiality and integrity against privileged attackers including attacks on the code, data and hardware supply chains, performance close to that offered by GPUs, and programmability of state-of-the-art ML frameworks.

Confidential Consortium Framework graphic showing three offices sharing data securely

Confidential Consortium Framework (CCF)

The Confidential Consortium Framework (CCF), a joint project with Azure Engineering, is an open-source framework for building a new category of secure, highly available, and performant applications that focus on multi-party compute and data.

illustration showing containers in a cloud

Confidential Containers

Our aim with the confidential containers research project is to provide users with strong confidentiality and integrity guarantees for their containers so that, as HTTPS was to HTTP, their computation will be safe and secure in the public cloud.

Photo of Portmeirion, Wales


Project Portmeirion aims to explore hardware-software co-design for security in the Azure general-purpose compute stack. We are working with major CPU vendors and academic collaborators to design new security features at both the architectural and microarchitectural level.

hand holding credit card with laptop

Project Everest

Everest aims to build usable, high-performance, formally-verified software for core security components, such as libraries for standard cryptographic algorithms (AES-GCM, SHA2, ECDSA, P256, …) and secure communications protocols (TLS and QUIC). Using a novel mechanized verification toolchain based on F*, we prove their safety, correctness, security, and side-channel resilience. This project is in collaboration with INRIA Paris, Carnegie Mellon University, and the universities of Edinburgh and Aalto.

Photo of Verona in Italy

Project Verona

Project Verona is a research project being run by Microsoft Research with academic collaborators at Imperial College London. We are exploring research around language and runtime design for safe scalable memory management and compartmentalisation.