You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a SCS operator, I want to have a sound understanding of whether my SCS offering with encrypt all the things can offer the same benefits that confidential computing brings to the table.
It is important to understand the use-cases for these two separate approaches.
"Encrypt all things" can traditionally only encrypt data at rest (e.g. crypto-fs) and data in transit (e.g. TLS, ssh, etc.). Code and data to be processed usually needs to enter a CPU as cleartext to be executable. This means that data at runtime is potentially compromiseable. Confidential Computing (CC) adds encryption of data at runtime and as such complements the existing measures to complete encrypted protection across the full data lifecycle.
Such additional controls can come e.g. in the form of crypto engines in the processor's memory controllers combined with appropriate key handling to form a confidential execution context in the processor called Trusted Execution Environment (in general) or Enclave (in the case of Intel's Software Guard Extensions). The combination of such TEE with business logic to integrity-check instantiated code inside the TEE (attestation) allows to complement encryption for data at rest and in transit with encryption of data at runtime.
As a SCS operator, I want to have a sound understanding of whether my SCS offering with encrypt all the things can offer the same benefits that confidential computing brings to the table.
It is important to understand the use-cases for these two separate approaches.
Epic: #39
Definition of Ready:
Definition of Done:
The text was updated successfully, but these errors were encountered: