Abstract
In confidential computing (CC), the program and the data are expected to be provided by the same user. However, there has been a rapid rise in the number of workloads where the program and the data come from distinct users wanting to maintain confidentiality from each other. This disclosure describes techniques to create trusted execution enclaves (TEE) within dual-confidential computing (DCC) hardware. In DCC-TEE, the program is encrypted using a key controlled by the program owner. The user data is encrypted using a key controlled by the user. The encrypted program and the encrypted user data are both sent to the enclave, where the program can access user data in plaintext but is prevented from sending user data outside the enclave. The program can only send back encrypted data to the user with the key owned by the user. The program and the data are thus isolated from each other.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Glisse, Jerome, "A Trusted Execution Enclave within Dual-Confidential Computing Hardware", Technical Disclosure Commons, (August 01, 2023)
https://www.tdcommons.org/dpubs_series/6101