This session will explain how Portal leverages confidential computing to unlock exceptional user experiences (UX) for our customers. This challenge falls into two main categories: Performance and UX flows.

On the performance side, confidential computing allows us to streamline computations that typically take a long time on the client side by moving them to the server side. Since we use confidential computing, we still ensure trustlessness in our offering through attestation. This approach has enabled us to achieve up to a 10x increase in speed in our signature generation protocols.

In today's world, how users access their data is crucial. One of the key challenges for us has been balancing the users' control over the keys to their assets while also abstracting storage away from them. For example, with a single Face ID scan, they can gain access to their keys. On top of this, we aimed to leverage the distributed trust nature of Multi-Party Computation (MPC). We discovered that a combination of confidential computing and technologies such as passkeys strikes the balance we were looking for.

This session will also delve into detail about how we optimized our computation and made the UX flows as simple as performing a Face ID scan, all by leveraging confidential computing.

In today's data-driven world, stringent data security, privacy, and sovereignty requirements often hinder the ability to harness AI's full potential. This panel will explore how confidential computing can unblock AI projects and unlock significant value for businesses. Moderated by Aaron Fulkerson, CEO of Opaque Systems, this discussion will feature insights from industry leaders who have successfully navigated these challenges.

As a part of the Canadian financial ecosystem, EY has been leading the application of Privacy Enhancing Technologies (PETs) for a) Generative AI applications for financial services and b) data consortium applications for financial services. We will discuss some use-case applications for Generative AI (such as contact center support for financial services, automated code generation, complaints handling, automated model documentation, etc.) and how EY has been leveraging PETs to ensure data privacy and security during its Gen AI applications in financial services. Technologies referenced will include Open AI, Microsoft Azure, Python, and other relevant tools. Further, we will discuss one of the first consortiums in Canada, finally moving to real-world applications in the field of anti money laundering. The technologies leveraged will include confidential computing (TEE), differential privacy, synthetic data generation, and end-to-end Gen AI evaluation (governance framework). Also included will be privacy testing framework and controls (PII sanitization, differentially private fine-tuning, privacy penetration testing), Hallucination (Retrieval relevance, response relevance, and faithfulness), performance testing (e.g. BERTscore, ROUGE), and content filtering. We will talk about practical challenges in these applications and our approach to solving them.

THE SPEAKER HAS REQUESTED THAT WE DO NOT PUBLISH THEIR SESSION VIDEO AND SLIDE DECK.

Join us for an engaging fireside chat moderated by Mark Bower, Vice President of Product at Anjuna, as he sits down with leaders from the financial services, blockchain, and security sectors to discuss their adoption and utilization of confidential computing technology.

This discussion will delve into critical questions such as the importance of security to their businesses and customers, their previous security strategies and limitations, and what drove their decision to embrace confidential computing. Learn firsthand how these leaders have simplified their business operations, accelerated innovation, and unlocked new opportunities in cutting-edge use cases, including multi-party collaboration, ML inference models, and wallet-as-a-service. Discover the unique advantages and impacts on development time and costs, as well as insights into its broader implications for like-minded companies struggling to secure their cloud-native business stacks. Don't miss this insightful discussion on securing the future of cloud computing!

Data privacy is often treated by many enterprises as a necessary yet burdensome "cost of doing business." In response to a renewed global focus on consumer data protection, multinational corporations have created new leadership roles and team structures to ensure compliance with GDPR, CCPA, and other data privacy laws. In this session, we challenge the narrative that corporate privacy programs are cost-centers that simply function to manage risk and ensure legal compliance. We illustrate how the introduction of privacy-enhancing technologies (PETs) and confidential computing can actually serve as powerful mechanisms for value creation. Drawing from examples in healthcare, finance, and public policy, we will demonstrate how investments in data privacy programs are catalysts for impactful, data-driven collaborations. In turn, we show how these data collaborations can supercharge many different business functions, like product development, marketing, and customer service.

Annually, the volume of fraudulent activities in payments continues to rise, prompting banks to ramp up their investments in prevention and compliance measures to safeguard the integrity of the financial system. Recognizing the imperative for industry-wide collaboration, Swift, as a member-driven cooperative, is spearheading efforts to mitigate the impact of fraud through innovative approaches.

In this session, Swift will showcase its groundbreaking initiative to drive industry collaboration in fraud reduction. Leveraging its unparalleled network and community data, Swift is pioneering a foundation model for anomaly detection with unprecedented accuracy and speed. Central to this endeavor is Swift's strategic integration of confidential computing, ensuring the highest standards of security and privacy in data and AI collaboration.

By partnering with key technology vendors and leading an industry pilot group comprising the world's largest banks, Swift is tackling some of the toughest challenges that have plagued the industry for decades. This collaborative effort underscores the recognition that no single entity possesses all the answers, but together, industry stakeholders can forge solutions that benefit all.

Attendees will gain invaluable insights into Swift's holistic approach to combating fraud and how confidential computing serves as a linchpin in enabling secure collaboration among industry players. Join us to discover how this work is championing a global, inclusive economy that prioritizes the interests of end customers while maintaining the highest standards of security and privacy.

In the rapidly evolving landscape of AI, businesses face significant challenges in bringing AI projects from concept to production—and ensuring data privacy and security remains a top concern. Join this session to hear about how ServiceNow is setting a new benchmark for confidential AI in the enterprise powered by the Opaque platform.

Microsoft recently announced the public preview of Confidential VMs (CVMs) with Intel TDX at the Nov 2023 MS-Ignite conference. A fundamental aspect of CVMs lies in empowering the customers to verify trustworthiness through the process of remote attestation. Customers can choose from different verifiers, such as CSP-offered services like Microsoft Azure Attestation, third-party services like Intel Trust Authority, or via security ISVs, etc. Regardless of the verifier employed, it is critical to enable seamless interoperability among these verifiers to ensure that downstream consuming services, also known as relying parties, can uniformly access and utilize the attestation results. This joint session from Microsoft and Intel will focus on our collaborative efforts in achieving interoperability, specifically with attestation result formats of TDX CVMs and the IETF draft on the TDX shared EAT profile.

When it comes to LLMs, hallucinations are a fact of life. In order to develop trustworthy AI, teams need to proactively find and fix hallucinations, at scale. This starts with evaluations.

Join Galileo's Atin Sanyal as he discusses hallucinations. He'll cover how they occur, how to monitor for hallucinations, and how teams can set up an end-to-end system for GenAI hallucination.

This session is a collaboration between AMD's SEV-SNP team, the NSA's Trusted Mechanisms research group, and Invary.

We intend to showcase the NSA's open-source Maat Measurement and Attestation Framework, which orchestrates attestations of host and guest OS boot and runtime integrity and guest memory integrity (AMD SEV-SNP).

We will thus show the benefits of aggregated attestations to confidential computing workloads, which benefit both the workload owner utilizing the guest and the host's manager.

We will demonstrate multiple use cases with varying levels of confidentiality, providing optionality to end users, for example:

1. A confidential environment with all components having integrity, as seen through a single aggregated output via MAAT.

2. An environment where the host OS lacks runtime integrity via a rootkit attack, but the guest maintains OS and memory runtime integrity. This scenario allows for a separation of response between the owner of a confidential workload and the owner of the host.

3. An environment where the guest lacks memory integrity, but the host and guest have OS integrity.

4. An environment where the guest lacks OS runtime integrity but maintains memory confidentiality.

The key takeaways are:

1. The benefits of open source frameworks like MAAT to aggregate and orchestrate multiple third-party attestations.

2. An understanding of the layered architecture of a confidential computing environment and how each, if compromised, can impact the others.

3. The importance of attestation in confidential computing.

4. Exposure to the Copland language, used for expressing attestations (as described in "Flexible Mechanisms for Remote Attestation" (DOI: 10.1145/3470535).

The Cloud Italy Strategy, created by the Department for Digital Transformation and the National Cybersecurity Agency, contains the strategic directions for the migration path towards the cloud of data and digital services of the Public Administration. The strategy responds to three main challenges: ensuring the country's technological autonomy, guaranteeing control over data, and increasing the resilience of digital services. In line with the objectives of the National Recovery and Resilience Plan, approximately 75% of Italian PAs are migrating data and IT applications towards a cloud environment. The Italian strategy is based on a highly reliable infrastructure that has the objective, in line with the Cloud Italia Strategy and the National Recovery and Resilience Plan (PNRR), to provide cloud infrastructures for the highest guarantees of reliability, resilience, scalability, interoperability and environmental sustainability. One of the objectives of the Italian strategy is to design and provide a secure infrastructure supporting this qualified cloud. One of the requirements for this infrastructure is the capability to technically enforce isolation of the cloud end-user data with respect to the infrastructure team. One of the technologies chosen to implement this isolation is the confidential computing technology applied at the level of the virtual machines. Confidential computing provides the protection of the data in the use of a VM and the capacity to verify the activation of the memory isolation and the integrity of some code running within the VMs. Based on these capacities, CYSEC designed a solution that protects the VM data in all states (at rest, in transit, and in use) and allows the detection of abnormal behaviors of the infrastructure hosting the qualified cloud. This solution includes the attestation of the launch of VMs and a regular auditing mechanism of the VMs at runtime.

CYSEC will present the high-level design of the hosted private cloud solution for the Italian administrations and will present the design of the confidential computing solution embedded within this hosted private cloud.

Over the past year, Meta has significantly increased its investments in TEE technologies, with a focus on AMD SEV-SNP Confidential VMs. We will discuss how Meta leverages CVMs to secure services, particularly the infrastructure for Lift and Shift services.

The primary class of use cases we've addressed is defense in depth. Some high-criticality services desire confidentiality and integrity guarantees provided by CVMs. For example, a Key Management Service desires higher security posterity for its keys stored in main memory. CVMs offer strong security guarantees with cheaper hardware, making them an attractive solution to secure Meta's vast number of services deployed across a global fleet.

Attestation Infra

Consider interactions where attestation is done at the application level. Attesters generate evidence, verifiers validate evidence, and encrypted channels must be established. Both attester and verifier services would need to integrate TEE-specific attestation software, which violates Lift and Shift. Even if these dependencies were abstracted into a library, it must support multiple programming languages and TEE technologies. We thought such a library would be difficult to maintain.

Instead of doing explicit remote attestation at the application layer, our solution was to do implicit remote attestation at the transport layer. CVM Services use X509 certificates that encode attested identity – which is something all Meta services can understand because we already encode regular service identities this way. We refer to this concept as Implicit RA-TLS via Attested Service Identities, which is an implementation of the RATS Passport model.

The major steps are:

1. An agent in the CVM requests a cert from a special Certificate Authority by providing attestation evidence binded with CSR.

2. The CA appraises the evidence according to some policy and mints (e.g. signs) a cert representing the Attested Service Identity.

3. The CVM Service uses this cert to interact with other entities in Meta infra. The relying party does not need to perform explicit remote attestation because it trusts the CA has attested the peer.

The main benefits of this attestation model:

Reusing TLS for establishing encrypted channels. Instead of redoing it at the application layer. The protocol ensures the X509 private key is owned by the CVM.

We reuse the concept of identities in X509 certs to allow for seamless integration with Meta's Auth framework to authenticate services (plus their attested state) and authorize access to resources.

Application code can remain agnostic to the runtime environment (e.g CVM, Container, bare metal). Service owners do not need deep technical knowledge and effort to use CVMs.

Trade-Offs

While CVMs allow for the convenience of Lift and Shift, they trade off for increased TCB. The inclusion of the kernel, OS, and entire service applications bloat the TCB, which increases attack surface area. This property is also unsuitable for use cases that care to minimize TCB.

The current deployment model requires service owners to build entire VM images, which adds significant overhead compared to containers, Meta's standard unit of deployment.

There is a noticeable latency overhead for IO-bound workloads. We may present preliminary performance benchmarks for early services that we have onboarded.

Future Work

We are exploring a deployment model that runs critical code inside a small CVM (e.g., a sidecar) alongside the main process. This will allow for relevant use cases to minimize TCB.

We are also exploring a deployment model similar to Redhat's Confidential Containers, but instead of Kubernetes, it's Meta's internal container orchestration. The main idea is for a base VM image containing the management layer that stages the container layer. This would alleviate service owners from building entire VM Images.

Confidential Computing has changed how we securely exchange information and is literally creating a safer and more secure world. Join us to learn how Confidential Computing has lowered fraud rates in competing companies, led to medical breakthroughs, disease detection and treatment, as well as breaking down data siloes within organizations to help companies drive revenue through the data they already possess.

Advances in DNA sequencing technology are expected to continue over the next decade, accompanied by continued decreases in cost. The COVID-19 pandemic clearly demonstrated the value of these technologies for infectious disease surveillance in various settings across public health, hospital systems, and government entities. However, the insights gained from genomics tools are most powerful when combined with complementary epidemiological and patient data.

Unfortunately, privacy and security challenges have hindered the combination of genomics data with relevant patient data. Confidential computing technology offers a solution to these problems by providing a secure, encrypted environment where genomics and patient data can be combined to drive insights while keeping both data and models secure. Palmona Pathogenomics has developed a platform (P3) for combining these data sets to improve the management of infectious diseases by fostering multi-party collaboration across stakeholders leveraging confidential computing.

We have implemented predictive models of pathogen properties based on genome sequences to predict antibiotic resistance and virulence risk. This information is combined with epidemiological data to uncover factors driving the spread of pathogens across regions and facilities. Insights related to patient risk based on demographic factors (age, gender, co-morbidities) are presented. Epidemiological factors such as travel history are incorporated for improved outbreak tracing. Trend analysis highlights changes in pathogens and resistance mechanisms across time and geographies.

The P3 Platform is currently used in Public Health, Medical Centers, Diagnostics, and Life Science Tools companies. This session will describe the use cases and insights offered to these customers, leveraging privacy-preserving architecture and supporting cloud, data, and AI technology.

This talk will address the intertwined issues of trust and privacy in Gen AI. We will delve into the significant privacy concerns in Gen AI, discussing the challenges of protecting user data while maintaining performance. We will also explore the importance of having a verifiable AI pipeline and how to ensure the integrity and authenticity of AI outputs across various entities.

Advancements in confidential computing by AMD and other participants in the ecosystem have been significant in the last few years. There is still more to do for securing new and wider range of use cases in multi-tenant data centers. The next evolution of confidential computing technologies aims to extend the boundaries of the trusted execution environment to trusted device I/O virtualization with TDISP, workload migration, and supply chain security. This session covers these emerging technologies, identifies next set of problems to solve in confidential computing, and calls for industry action to drive their broad adoption to achieve forward-progress in building scalable & effective confidential computing solutions for AI and general workloads.

Intel® Trust Domain Extensions (Intel® TDX) is designed to isolate Trust Domain (TD) VMs from the hypervisor and other non-TD software on the host platform to enhance confidential computing from broad range of software attacks. Federated Learning is a machine learning algorithm that allows a model to be trained across multiple decentralized nodes without explicitly exchanging local data samples. In this session, we describe the use case of running Federated Learning to train a global machine learning model collaboratively across a network of trust domains running on VMware® ESXi while keeping the sensitive data localized.

It is hard to believe, but as a 35-year-old technology, the Web is a contemporary of the Intel 80486 processor and the brick phone! Built on the even older Domain Name System (DNS), the Web delegates authority to domain administrators without any built-in security at all. So, for decades, the best we have been able to do is to bolt security on the side, resulting in cybersecurity patchworks and Whac-A-Moles.

Fast forward to today, and confidential computing (CC) brings built-in cryptographic capabilities at the chip level. In this session, we will outline how CC enables the creation of "the Mesh," a global information space like the Web, but with built-in cryptographic security for each individual person and non-person entity at internet scale.

Built on the fully automated Universal Name System (UNS) and Universal Certificate Authority (UCA), the Mesh provides global assurance of provenance, integrity, authenticity, confidentiality, reputation, and privacy for all bits within it, be they code or data. In particular, we will discuss how the Mesh enables organizations to deploy their own globally attested and verified software agents to secure everything for everyone.

The recent shift in regulatory demands, which are aimed at fostering an understanding of the systemic risks, is pushing large online platforms and search engines towards greater transparency. Some regulations require these companies to grant privileged data access to vetted researchers. However, this could potentially lead to unintentional misuse or leaks of user privacy. It is very hard, yet important, to design a platform that strives to balance transparency with robust protections to mitigate these privacy risks. This session will discuss a solution that leverages trusted execution environments (TEEs) in the cloud to balance between transparency and user privacy. We demonstrate how TEEs can provide data confidentiality and execution integrity to both data owners and data scientists. We will also discuss future opportunities and other use cases of the solution.

At Samsung Research, we are working on confidential computing technologies for end-user devices. As part of this work, we are actively involved in promoting confidential computing by contributing to our open-source project called Islet, which is a CC software platform based on Arm CCA and has recently joined the Confidential Computing Consortium (CCC) project. In addition, with the growing importance of Confidential AI, we develop the Samsung Confidential AI Framework deployed on our CC platform, Islet, to protect users, their data and AI models employed by different mobile applications. Our ongoing efforts involve exploring potential use cases occurring on the user's device, aiming at introducing distinctive enhancements to the confidential computing platform for user devices, and building upon the insights gained from these use cases.

In this session, we plan to introduce use case scenarios related to AI and gaming and demonstrate them utilizing our Islet platform.

AI Scenario:

Generative AI models, e.g. Large Language Models (LLMs), are capable of generating harmful and undesired content such as abuse, violence, self-harm, etc. Unsafe content can erode user trust and create legal issues for device and service providers. Therefore, content moderation (also known as Guardrails) is essential for safety of Generative AI applications. Current safety solutions are designed for cloud-based protection, not on-device protection.

In our scenario demonstration, we introduce how AI Guards can protect Generative AI models from jailbreak attacks. Firstly, we consider a scenario where the attacks are rendered by malicious users of different Generative AI applications, such as text summarization and Chatbots. Secondly, the adversarial AI models deployed in the applications are exploited as malicious agents.

Game Scenario:

There has been a long battle between game players and game service providers due to mutual distrust. We introduce how CC can rebuild this trust and the advantages they derive from the trust.

Firstly, by executing a game app in a trusted environment and the users gaining trustworthiness, offline gaming becomes viable, resulting in enhanced user responsiveness and uninterrupted gameplay regardless of network conditions. Secondly, users can personally confirm the transparency of the game service on their own devices, thus improving the overall service reliability. As an example, we will demonstrate this by running a simple Randombox program on our Islet platform.

In this talk, we'll highlight some of the newest key features and capabilities of the next generation of the the Opaque Confidential AI platform, enabled by confidential computing. Join us for a hands-on tour to see how we've built on confidential computing to make it accessible for all.