Explore the emerging field of confidential computing in this 49-minute RSA Conference talk by Mark Russinovich, Chief Technology Officer of Microsoft Azure. Delve into Trusted Execution Environments (TEEs) and their role in implementing secure data processing within untrusted or compromised systems. Learn about architectures, runtimes, compilers, and tools for creating confidential computing services using TEEs. Discover how TEEs protect encrypted code and data from malicious actors in public cloud environments. Examine topics such as cloud data threats, data protection methods, Hyper-V Virtualization Based Security, and comparisons between TEEs and other secure hardware. Explore common TEE application patterns, confidential cloud concepts, and Azure's approach to confidential computing. Gain insights into the ACC development environment, universal cloud attestation, and techniques for preventing indirect information leaks. Investigate practical applications like Confidential SQL Always Encrypted and the Coco Framework architecture for smart contract access control.
Overview
Syllabus
Intro
Cloud Data Threats
Data Protection
Trusted Execution Environments (TEES)
TEE application architecture
Hyper-V Virtualization Based Security (VBS)
TEEs compared to other secure hardware
Common TEE application patterns
Confidential cloud
Azure and confidential computing
The ACC development environment
Universal cloud attestation
Preventing indirect information leaks
Confidential SQL Always Encrypted
Coco Framework architecture
Smart contract access control (cont)
Summary
References
Taught by
RSA Conference
