Microsoft has been a pioneer in bringing new confidential computing technology to market. As we have been talking to customers, we have identified customer challenges with scenarios that require a combination of multi-party governance, integrity protection, and programmable confidentiality, even in the face of datacenter or host operator compromise.
To address these challenges efficiently, Microsoft Research built the Confidential Consortium Framework (CCF), an open-source framework leveraging the isolation and attestation capabilities of Trusted Execution Environments like those provided by Azure confidential computing.
The framework design decouples node provisioning and operation from network and application governance, making it possible for the solution provider to maintain the set of nodes executing the transactions, without having any access to their contents. Network governance on the other hand, for example, deciding what code to execute, is entirely driven by a consortium, is rule-based, and is programmable and auditable to all participants through an immutable verifiable history. In addition, the immutable history is produced by and resides on the network to support non-repudiation and transparency of participant transactions, through the emission of offline-verifiable receipts.
Furthermore, customers interested in the Confidential Consortium Framework have asked for help managing the infrastructure of the secure and trusted network on a trusted cloud provider. The new preview of Azure Managed Confidential Consortium Framework (i.e. Azure Managed CCF) streamlines the experience of hosting the framework in a managed environment within Azure through its entire lifecycle. Developers can continue to build and host their CCF aware applications in Javascript/TypeScript on the framework, create consortiums with multiple parties to vote on proposals, and be able to utilize programmable confidentiality in the application, while the Azure Managed CCF service will address aspects such as regional instantiation, code upgrades and disaster recovery.
Examples that customers have shared with us where an Azure managed service can be useful include:
To express your interest in the preview, please complete the sign-up form.
Resources:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.