San Francisco | June 29

The Summit for All Things Confidential Computing

For the first time, a Summit that brings together the premier technology providers, researchers, as well as existing or potential users to help organizations advance confidential computing, and data clean rooms.


The agenda will offer thought leading keynotes and 18 breakout sessions. Check back for the full agenda at the end of April after the call for speakers closes.

7:00 Registration Open
8:00 Expo Open
8:30 Auditorium Opens – Breakfast and Networking
Keynote Presentations

State of the Confidential Computing Market & Welcome*

Raluca Ada Popa, Assoc. Prof CS, UC Berkeley and co-founder Opaque Systems

Prof. Raluca Ada Popa opens the Summit and discusses the factors driving the growth of the Confidential Computing market between 2023-2029 including the rise of data privacy laws and the rise of new use cases across every industry.  Popa also highlights the recent ground-breaking innovation across every layer of the confidential computing technology stack as well as Confidential Computing’s position on the larger Privacy Enhancing Technology (PET) landscape & why confidential computing is the next frontier in data security.

The Mission of the Confidential Computing Consortium and Driving Adoption of Confidential Computing

Mike Bursell, Executive Director, Confidential Computing Consortium

Mike Bursell speaks to the shared mission of the 45+ member organizations in the Confidential Computing Consortium, the CCC’s support of new open source standards and projects relating to confidential computing such as Keystone, Veracruz, Grammine and Occlum and how the CCC helps accelerate the acceptance and adoption of confidential computing.

Confidential Computing and Zero Trust

Vikas Bhatia, Head of Product, Microsoft Azure Confidential Computing

Zero Trust is top of mind for many organizations. Confidential computing supports Zero Trust in ways that can only be accomplished by industry collaboration between chip manufacturers, software platforms, and cloud providers. Learn how this collaboration is extending zero trust to data-in-use and letting organizations assume breaches occur in all components outside a tightly controlled and attested trusted computing base.

Why Organizations Are Investing in Private Multi-Party Analytics

Ion Stoica, Professor UC Berkeley, Executive Chairman at Anyscale, Executive Chairman at Databricks, Board Member Opaque Systems

Ion Stoica, the co-founder of Databricks and Spark open source, co-founder of Anyscale and Ray open source, and co-creator for Spark-based MC2 open source for confidential computing, speaks to the criticality of confidential, private multi-party analytics and machine learning. Stoica highlights why organizations need it, the use cases that demand multi-party analytics and ML, and what’s driving the increasing urgency.

Overcoming Barriers to Confidential Computing as a Universal Platform

John Manferdelli, Office of the CTO, VMware

Confidential Computing (CC) provides simple, principled confidentiality and integrity for workloads wherever they run. Within multi-cloud infrastructures, it opens the door for a universal distributed computing solution that addresses verifiable program isolation, programs as authenticated security principals, secure key management, trust management, and the ability to prove these security properties cryptographically “over the wire” to relying parties using attestation. Yet the adoption of confidential computing has been slowed by the difficulty of writing CC-enabled programs quickly and securely, and across hardware technologies. Manferdelli will describe issues and requirements for a universal programming platform and introduce the open source “Certifier Framework for Confidential Computing” that provides a step towards overcoming development barriers.

Panel: Trending Applications and Use Cases in Confidential Computing*

Ron Perez, Fellow, Chief Security Architect, Intel Office of CTO
Nelly Porter, Head of Product, GCP Confidential Computing and Encryption
Vishal Gossain, Practice Leader, Risk Analytics and Strategy, Ernst & Young

Panelists including experts such Intel’s Chief Security Architect from Intel’s Office of the CTO, Head of Product, GCP Confidential Computing, and EY experts will discuss practical applications of confidential computing across banking, healthcare, insurance, Blockchain, AdTech, supply-chain and more. Panelists will discuss the trends and nuances across use cases, speak to examples and discuss multi-party computing, confidential AI, multi-party analytics, data clean rooms and more.

Confidential Computing as a Cornerstone for Cybersecurity Strategies and Compliance

Xochitl Monteon, Chief Privacy Officer and VP Cybersecurity Risk & Governance, Intel

With the growth of new government-driven cybersecurity strategies and continued expansion of global regulations, organizations are facing increased pressure to transform while still protecting their sensitive data. We will explore how confidential computing technology, rooted in secure clouds and hardware, is uniquely suited today to help organizations meet these new cybersecurity requirements and our vision for tomorrow’s emerging data landscape.

Trusted Execution Environments and Private Messaging

Rolfe Schmidt, Senior Researcher, Signal Messenger

Keeping metadata private is just as important as protecting message contents, and in some cases more important given the intimate details that metadata can expose. Ideally, privacy is accomplished using cryptography to ensure that sensitive data never leaves a user device, but this isn’t always feasible. Attested, confidential TEEs offer another option. This talk will look at how Signal Messenger is using them as one part of a defense-in-depth strategy to offer a fully featured app that provides metadata privacy at global scale.

What’s Driving the Heightened Demand for Secure Multi-party Analytics and AI

Rishabh Poddar, CEO & Co-founder Opaque Systems

Multi-party collaborative analytics and AI that can be performed on encrypted data unlocks use cases across banking, insurance, healthcare, adtech, manufacturing, blockchain and more. Poddar will speak about the open source foundation of MC2, an open source framework created at UC Berkeley, highlight the latest breakthroughs in multi-party analytics and machine learning and showcase practical use cases via a demonstration.

Panel: The Surging Demand for Data Clean Rooms. Why Now?

Panelists include industry experts such as Frank Badalamenti, PwC Partner focused on Cyber, Risk and Anti-Fraud technologies and Rishabh Poddar, CEO Opaque Systems.

From media and ad companies, to packaged goods, to marketeers, data clean rooms have become a necessity to ensure data privacy, protect PIIA data and enable collaboration across multiple parties on confidential data. Understand the latest technologies, hear about use cases and what’s driving the surging demand.
11:50 Break

Deploying Confidential Computing for Cloud-scale Use Cases in Modern Enterprise

Dr Jethro Beekman, Vice President of Technology and Director European Operations​​

Confidential computing has picked up steam over the past few years with software ISVs, cloud service providers and chip vendors all coming together to promote the cause. As regulatory requirements grow, it is clear confidential computing can step in as a foundational technology to strengthen the data security and privacy posture for enterprise and mid-market organizations globally. This session will look at top use-cases and emerging opportunities drawn from real-world scenarios from Fortanix and its partners. CISOs, business leaders and security architects will learn about adopting strategic architectural shifts and driving adoption across the organization.

Citadel: Side-Channel-Resistant Enclaves on an Open-Source, Speculative, Out-of-Order Processor

Srini Devadas, Webster Professor of EECS, MIT​​

Citadel is a side-channel-resistant enclave platform running on a speculative, out-of-order, multicore processor with the RISC-V ISA. We develop a new hardware mechanism to prevent enclaves from speculatively accessing shared memory, effectively protecting them from speculative attacks. Our multicore processor runs on an FPGA and boots untrusted Linux. We open-source our end-to-end hardware and software infrastructure in the hope of sparking research and development to bridge the gap between architectural proposals and deployed enclaves.

Innovation and Collaboration at Scale: How Confidential Computing Empowers Enterprises to Fully Embrace the Public Cloud

Ayal Yogev, CEO and Founder, Anjuna Security

Despite the massive benefits of cloud computing, enterprises in strategic sectors such as financial services, healthcare, defense and government remain hesitant to fully embrace the public cloud. This hesitancy effectively places a glass ceiling on the scale at which innovation and collaboration can occur. Yogev speaks to how the rapid maturation of confidential computing platforms is poised to serve as the catalyst to the next phase of cloud adoption by unlocking unprecedented data security and privacy. In his talk, Ayal will highlight real-world examples of how organizations across industries are already leveraging confidential computing, and demonstrate how doing so ultimately turns a security solution into a vehicle for increased innovation and fearless collaboration.
12:45pm LUNCH
Track 1 Track 2 Track 3
1:30-2:00 Experience the Opaque Platform for Secure Multi-party Analytics and AI

Speakers: Jay Harel, VP Products & Russell Goodwin, Customer Solutions, Opaque Systems

Use cases across banking, healthcare, AdTech, insurance, manufacturing and more that involve confidential and sensitive data require capabilities for secure inter-company and intra-company collaborative analytics on encrypted data in TEE’’s while ensuring each party is only privy to the data they own. Learn about Opaque’s unique platform for collaborative, multi-partly analytics and machine learning.

Get hands-on and experience the power and flexibility of the Opaque Platform for multi-party collaborative analytics on encrypted data in TEEs. To experience Opaque hands-on, bring your own laptop. Participants will go through a real-life scenario in small groups. Each group will form a collaborative team that serves as a ‘multi-party consortium’, and each participant will become a member of the consortium collaborating on confidential data on a realistic secure collaboration use case.

2:00-2:25 Enabling secure multi-party collaboration with Confidential Computing

Speaker: Rene Kolga, Google, Product Manager

Can we create a usable trusted execution environment that supports a trust model where the workload author, workload operator, and resource owners are separate, mutually distrusting parties? Most definitely!
GCP’s Confidential Space is a system that uses Confidential Computing to protect the workload from an untrusted workload operator, and provide code and data integrity, and data confidentiality guarantees. This unlocks multiple secure collaboration and privacy preserving analytics use cases.

Securing Secrets on Edge with SGX Enclaves

Speaker: Henry Wang, Network Platform Security, Software Engineer, Meta

• Introduction to SGX Enclaves
• Overview of FBEnclave Platform
• Production Use Case on Edge
• Deployment Challenges and Tradeoffs
• Some Performance Benchmarks

2:30-2:55 An Open Source Certifier Framework for Confidential Computing

Speakers: John Manferdelli, Office of the CTO, VMware & Ye Li, Staff Engineer, VMware

Confidential Computing is a foundational technology, but its adoption has been inhibited by the difficulty in implementing programs quickly even on a single platform.  In addition, fragmentation in the TEE platform market has prevented software portability and reuse across TEE technologies. In this session, we will discuss the Certifier Framework for Confidential Computing, an open source project offering a simple, general API and accompanying service for managing attestation in scaled CC programs. With a half dozen or so API calls, a developer can incorporate CC into their software without deep expertise in security and platform-specific TEE technologies. Furthermore, the framework also decouples trust policy from program code and supports managed deployment.  We’ll cover the programming model, trust model and support (including policy and key storage) that makes the Certifier Framework easy to use and broadly applicable.
3:00-3:25 Lowering the Barriers to Confidential Computing

Speakers:  Thomas Fossati, Principal Engineer & Marc Meunier, Director Ecosystem Development, ARM 

Providers of computing platforms are racing to deploy products that deliver on the promise of confidential computing. As with any new technology, the initial investment can be high, and pioneers face the risk of cost overrun and failure. In this presentation we explore some of the implementation choices, and the resources Arm is making available to simplify the process of building a platform that supports a “confidential by default” methodology.
3:30-3:45 Break
3:45-4:10 Building Privacy-preserving Multi-party Apps on Azure

Speaker: Vikas Bhatia, Head of Products, Microsoft Azure Confidential Computing

Learn about real-world multiparty computing scenarios enabled by Azure confidential computing, including solutions provided by Microsoft technology partners. Discover new Azure offerings that make it easier to develop privacy-preserving applications, including new confidential container offerings in Azure.
4:15-4:45 Application of confidential computing to Anti Money Laundering in Canada

Speaker: Vishal Gossain, Practice Leader, Risk Analytics and Strategy, Ernst and Young

In Canada, financial institutions face regulatory and privacy challenges in sharing information with each other on their customers to build inter-institution models to better detect money laundering. In collaboration with UC Berkeley (MC2), EY is working with the Big 5 Canadian banks and regulators to create an AML consortium to share data for inter-FI human trafficking detection models. This talk will focus on the consortium framework, technology, progress made, challenges and future outlook.

Confidential Computing in Eyecare

Speaker: Jackie Sweet, Dr Tavel Optical Group – Lead Software Engineer

How an Indiana eyecare provider is leveraging confidential computing to build a zero trust infrastructure.

4:45-5:00 Summit Closing Remarks
Speakers: Raluca Ada Popa and Ron Perez
5:00pm-7:00pm Cocktails and Networking

Accelerating the Privacy and Security of Computing, Governance, and the Latest Open Source Initiatives in Data Privacy and Confidential Computing

Speakers: Ron Perez, Governing Board Vice-Chair, Confidential Computing Consortium & Lily Sturmann, CCC and Office of the CTO Emerging Technologies, RedHat

The CCC brings together hardware providers, software solutions and cloud providers to ease and accelerate the adoption of confidential computing. Learn also how the CCC embodies open governance and open collaboration which includes driving commitments from numerous member organizations and actively supporting contributions from several open source projects such as Enarx, Keystone, Gramine, Open Enclave SDK and many more.

Pervasive Confidential Computing from Cloud-to-Edge

Speaker: Mona Vij, Principal Engineer, Intel Labs

Security and compliance solutions are not one-size-fits-all, and neither is there just one way to deliver Confidential Computing (CC).  Confidentiality and Integrity can be delivered at the application, container, or VM level, with trust verified via a range of attestation mechanisms. We’ll discuss example usages and deployments for each, and how Intel is uniquely positioned to provide this comprehensive backbone for the underlying infrastructure and services. We’ll also introduce the continued evolution of CC to encompass confidential collaboration and distributed confidential computing.

Enabling Confidential Information Retrieval for Regulatory Compliance

Speaker: Dr. Richard Searle, Vice President of Confidential Computing, Fortanix

With the continuing expansion of data protection legislation, organizations must ensure compliance with legal obligations and organizational risk and compliance policies. In this session, learn how Confidential Computing supports controlled access to data for analysts working inside and outside the organizational boundary. The session will provide a contextual overview of the business requirement for confidential information retrieval, and details of how Confidential Computing is being used to protect regulated and classified data. A flexible and scalable architecture will be demonstrated, and comparisons provided to alternative solutions to the use-case requirement. The session will provide essential insights for data analysts, compliance officers, and those seeking to enhance the value of their available data assets.


Leveraging SGX/TDX for Secure and Efficient AI at ByteDance using BigDL PPML

Speakers: Ruide Zhang, Security Software Engineer, ByteDance Inc & Jiao Wang, AI Frameworks Engineer, Intel Corporation

While we can safeguard applications and data in memory using Intel SGX (Software Guard Extensions) or TDX (Trust Domain Extensions), ensuring the security of distributed AI workloads remains a complex challenge.

In this session, we will share our experience at ByteDance in developing end-to-end secure AI workloads utilizing Jeddak Sandbox and BigDL PPML. Our solution has been deployed in production for internal customers to build trusted AI applications on large-scale datasets.

Writing Digital Exams secured by Remote Attestation and Cloud Computing

Speaker: Thore Sommer, FHNW, Keylime Maintainer

Digital exams in schools and universities are getting more and more common. This talk we take a closer look at how we, the University of Applied Sciences and Arts Northwestern Switzerland (FHNW), solved many of the related challenges with Trusted Platform Module (TPM) based remote attestation and cloud computing.
During this we discuss the solutions that we found and challenges we faced to implement it in our exam system the Cloud Assessment Management Platform (CAMPLA).

3:30-3:45 Break

Unlock the Potential of AI with Confidential Computing on NVIDIA GPUs

Speaker: Philip Rogers, VP System Software, NVIDIA

Confidential Computing has made great strides on CPUs over the last several years, especially with the advent of Confidential VMs. This has provided important guarantees for many use cases, but more is needed to run the demanding workloads of Machine Learning and Artificial Intelligence. This session will provide an overview of the software stack and deployment modes for operating the NVIDIA H100 Tensor Core GPU as part of a fully attested Confidential Computing platform to deliver the performance levels needed for ML and AI that only GPUs can provide. We will announce the availability of the NVIDIA Confidential Computing Software Stack and how it enables cloud deployments using CVMs, as well as on premise deployments using Confidential Containers and Kata. Confidential Computing is a team sport and we will discuss ongoing collaborations with Microsoft Azure and Intel to advance the Confidential Computing ecosystem.

From a No to On-the-Go! A Frontrunners Story on How We Introduced Confidential Computing in Telco

Speaker: Jonas De Troy, Domain Manager Public Cloud & Edge at Proximus

The introduction of emerging technologies is always a difficult task in larger sized companies, true for all organisations and relevant for regulated industries. We will articulate a use case to show the process from a no-go – to an on-the-go decision. We will show how technology, vision and legal/compliance need to collaborate to prove added value. As a domain manager for Public Cloud & Edge I had the opportunity to live this process from early concept to how we introduced confidentiality.


Wrapping entire Kubernetes clusters into a confidential-computing envelope with Constellation

Speaker: Felix Schuster, Edgeless Systems, CEO

Kubernetes is widely used for managing and scaling containerized workloads and is considered the most popular platform for this purpose. However, for confidential computing to become mainstream, comprehensive confidential-computing features must be brought to Kubernetes.

Collaborative Account Recovery for End-to-End Encryption Systems

Speakers: Ravi Ravikanth, VP of Engineering, PreVeil Inc. & Mike Blaguszewski, Lead Backend Engineer

In this presentation we will describe method that uses of secure enclaves to recover user keys in Preveil’s end-to-end encrypted system.

4:45-5:00 Summit Closing Remarks
Speakers: Raluca Ada Popa and Ron Perez
5:00pm-7:00pm Cocktails and Networking
1:30-2:00 Speakers from selected Call-for-Speaker Submission. Details to come.
2:00-2:25 Accelerating your digital business with Anjuna Confidential Computing Platform

Speakers: Mark Bower, VP Product & Alberto Farronata, CMO, Anjuna Security

Confidential computing is driving radical changes to how leading organizations innovate and transform their digital business. Beyond making transformation seamless and secure, it is enabling G2000 enterprises to embrace the cloud at scale powering optimized digital experiences, privacy-enhanced analytics, and new business models. This session will provide an overview of Anjuna’s platform, how it can be deployed in minutes effectively to secure enterprise workloads without disruption and how a global financial services organization is leveraging it to accelerate its cloud-first strategy.
2:30-2:55 In Trusted Components we Trust

Speaker: Suyash Gupta, UC Berkeley, Postdoctoral Scholar, Lead Architect of ResilientDB

In this talk, we present our recent work accepted at EuroSys’23. First, we analyze the design of existing Trust-BFT protocols (BFT protocols that make use of trusted components to minimize the cost of replication) and uncover three fundamental limitations that prevent practical deployments. Second, we introduce a novel suite of consensus protocols, FlexiTrust, that attempts to sidestep these issues and achieve up to 185% more throughput.

CC for AI/ML Models: A Comprehensive Security Framework for In-Use Protection, Ownership, and Data

Speaker: Jay Chetty, Cloud Security Architect, Confidential Computing, Intel

As AI/ML models increase in value and application across sectors, their protection becomes paramount. These models, which often demand substantial investment for training and optimization, face threats of tampering and theft. Furthermore, data used for inference holds significant business value and is often subject to regulations such as GDPR and HIPAA. This AI/ML Security Framework offers a protective layer to these models. It secures models at rest, during transit, and at run time, ensuring integrity, confidentiality, and control over their usage. It introduces model ‘ownership’ and the concept of model licensing, allowing developers to monitor deployment and potentially revoke a model’s use if misbehavior or critical flaws are detected. The framework applies cryptographic techniques and Intel Trusted Execution Environments (TEEs) to protect models. TEE attestation, used in licensing, is facilitated via Secure Boot and Intel Platform Trust Technology or SGX-based DCAP. The model’s protection is extended to data streams used for various AI/ML analytics and output results. Designed for AI/ML specialists with limited security expertise, this framework is delivered with a set of easy-to-use tools and is open-sourced, compatible with Linux KVM (VT-x), Intel SGX (with Gramine), and Kubernetes Containers.

3:00-3:25 Speakers: Details to come.
3:30-3:45 Break
3:45-4:10 Confidential Containers, Grow Up & Leave the Nest

Speaker: Suraj Deshmukh, Senior Software Engineer, Microsoft

Learn how to deploy confidential pods on public clouds using Cloud API Adaptor (CAA), a sub-project of the Confidential Containers project. This open-source project enables the creation of CVMs on public clouds by integrating with Kubernetes and kata-containers. In this talk, we’ll discuss the technical details of CAA, its integration with k8s,the challenges of deploying pods to k8s using this non-obvious approach, attestation on the respective hardware used to power these virtual machines, etc.

An Open, Platform-Neutral Approach to Attestation

Speaker: Paul Howard, Principal System Solutions Architect at Arm

Attestation is one of the pillars on which confidential computing rests. A compute environment needs to prove its confidential characteristics before workloads can be executed. Methods of attestation are often platform-specific, leading to fragmentation as more confidential platforms and architectures emerge. This session shows how open-source, platform-neutral, standards-based abstractions can be applied in this space, and invites the community to collaborate and invest in them.

4:15-4:45 Collaborative Confidential Computing: FHE vs sMPC vs Confidential Computing. Security Models and Real World Use Cases
Bruno Grieder, CTO & Co-Founder, Cosmian
4:45-5:00 Summit Closing Remarks
Speakers: Raluca Ada Popa and Ron Perez
5:00pm-7:00pm Cocktails and Networking