On-Demand Keynotes and Track Sessions

On-Demand Keynotes

Confidential Computing and the Solution to Privacy-Preserving Generative AI

Raluca Ada Popa, Assoc. Prof CS, UC Berkeley and co-founder Opaque Systems

Prof. Raluca Ada Popa opens the Summit and discusses the factors driving the growth of the Confidential Computing market between 2023-2029 including the rise of data privacy laws and the rise of new use cases across every industry.  Popa also highlights the recent ground-breaking innovation across every layer of the confidential computing technology stack as well as Confidential Computing’s position on the larger Privacy Enhancing Technology (PET) landscape & why confidential computing is the next frontier in data security.

The Mission of the Confidential Computing Consortium and Driving Adoption of Confidential Computing

Mike Bursell, Executive Director, Confidential Computing Consortium

Mike Bursell speaks to the shared mission of the 45+ member organizations in the Confidential Computing Consortium, the CCC’s support of new open source standards and projects relating to confidential computing such as Keystone, Veracruz, Grammine and Occlum and how the CCC helps accelerate the acceptance and adoption of confidential computing.

Confidential Computing and Zero Trust

Vikas Bhatia, Head of Product, Microsoft Azure Confidential Computing

Zero Trust is top of mind for many organizations. Confidential computing supports Zero Trust in ways that can only be accomplished by industry collaboration between chip manufacturers, software platforms, and cloud providers. Learn how this collaboration is extending zero trust to data-in-use and letting organizations assume breaches occur in all components outside a tightly controlled and attested trusted computing base.

The Urgency for Confidential Computing from Zero-Trust Data Clean Rooms to Privacy-preserving Generative AI

Rishabh Poddar, CEO & Co-founder Opaque Systems & Teresa Tung, Cloud First CTO Accenture

Protecting the confidentiality of organizational data will be discussed and demonstrated by Poddar along with a focus on privacy-preserving generative AI and details on how multiple organizations can easily and securely analyze their combined confidential data with zero trust Data Clean Rooms without sharing or revealing the underlying raw data. Accenture’s Cloud First Chief Technologist, Teresa Tung, will also share case studies on Opaque’s usage for advanced, collaborative analytics using multi-party data clean rooms.

Panel: Generative AI Security and Privacy
Location: Main Keynote Room (Golden Gate A)
Moderator: Ben Lorica, Host The Data Exchange Podcast, Past: Program Chair of Strataconf.com & TheAIconf.com & tensorflow.world
Speakers: Raluca Ada Popa, Associate Professor, CS, UC Berkeley & Co-founder Opaque Systems, Vikas Bhatia, Head of Product, Azure Confidential Computing (ACC), Phil Rogers, Compute Server Architect at NVIDIA, Professor Joseph Gonzalez, UC Berkeley

Overcoming Barriers to Confidential Computing as a Universal Platform

John Manferdelli, Office of the CTO, VMware

Confidential Computing (CC) provides simple, principled confidentiality and integrity for workloads wherever they run. Within multi-cloud infrastructures, it opens the door for a universal distributed computing solution that addresses verifiable program isolation, programs as authenticated security principals, secure key management, trust management, and the ability to prove these security properties cryptographically “over the wire” to relying parties using attestation. Yet the adoption of confidential computing has been slowed by the difficulty of writing CC-enabled programs quickly and securely, and across hardware technologies. Manferdelli will describe issues and requirements for a universal programming platform and introduce the open source “Certifier Framework for Confidential Computing” that provides a step towards overcoming development barriers.

Panel: Trending Applications and Use Cases in Confidential Computing*

Ron Perez, Fellow, Chief Security Architect, Intel Office of CTO 
Nelly Porter, Head of Product, GCP Confidential Computing and Encryption
Vishal Gossain, Practice Leader, Risk Analytics and Strategy, Ernst & Young
Andrew Brust, Moderator, Founder/CEO, Blue Badge Insights

Panelists including experts such Intel’s Chief Security Architect from Intel’s Office of the CTO, Head of Product, GCP Confidential Computing, and EY experts will discuss practical applications of confidential computing across banking, healthcare, insurance, Blockchain, AdTech, supply-chain and more. Panelists will discuss the trends and nuances across use cases, speak to examples and discuss multi-party computing, confidential AI, multi-party analytics, data clean rooms and more.

*A. Any views expressed by EY speakers are views of their own, and don’t necessarily represent the views of their employers.

 B. EY is participating under Chatham house rules.

Confidential Computing as a Cornerstone for Cybersecurity Strategies and Compliance

Xochitl Monteon, Chief Privacy Officer and VP Cybersecurity Risk & Governance, Intel

With the growth of new government-driven cybersecurity strategies and continued expansion of global regulations, organizations are facing increased pressure to transform while still protecting their sensitive data. We will explore how confidential computing technology, rooted in secure clouds and hardware, is uniquely suited today to help organizations meet these new cybersecurity requirements and our vision for tomorrow’s emerging data landscape.

Trusted Execution Environments and Private Messaging

Rolfe Schmidt, Senior Researcher, Signal Messenger

Rolfe works to bring security research into engineering practice at Signal Messenger, the world’s most widely used truly private communications app. Keeping metadata private is just as important as protecting message contents, and in some cases more important given the intimate details that metadata can expose. Ideally, privacy is accomplished using cryptography to ensure that sensitive data never leaves a user device, but this isn’t always feasible. Attested, confidential TEEs offer another option. This talk will look at how Signal Messenger is using them as one part of a defense-in-depth strategy to offer a fully featured app that provides metadata privacy at global scale.

Why Organizations Are Investing in Private Multi-Party Analytics

Ion Stoica, Professor UC Berkeley, Executive Chairman at Anyscale, Executive Chairman at Databricks, Board Member Opaque Systems

Ion Stoica, the co-founder of Databricks and Spark open source, co-founder of Anyscale and Ray open source, and co-creator for Spark-based MC2 open source for confidential computing, speaks to the criticality of confidential, private multi-party analytics and machine learning. Stoica highlights why organizations need it, the use cases that demand multi-party analytics and ML, and what’s driving the increasing urgency.

Panel: The Surging Demand for Data Clean Rooms. Why Now?

Frank Badalamenti, PwC Partner focused on Cyber, Risk and Anti-Fraud technologies, Rishabh Poddar, CEO Opaque Systems & Abhishek Chakraborty, Senior Product Manager, MiQ

From media and ad companies, to packaged goods, to marketeers, data clean rooms have become a necessity to ensure data privacy, protect PIIA data and enable collaboration across multiple parties on confidential data. Understand the latest technologies, hear about use cases and what’s driving the surging demand.

VMs are the next perimeter

Dr Jethro Beekman, VP Technology & CISO, Fortanix

Hardware manufacturers and infrastructure providers are growing an ever denser forest of confidential computing options. It can be hard to understand the inherent security improvements offered by each of these. As the constant stream of data breaches in the news shows, perimeter security as a security baseline isn’t cutting it anymore. Trying to secure VM deployments, as commonly used today, directly with confidential computing just moves the perimeter but doesn’t fundamentally change the security of data in use. In this talk, we’ll look at the pitfalls and what it takes to truly separate security and infrastructure.

Citadel: Side-Channel-Resistant Enclaves on an Open-Source, Speculative, Out-of-Order Processor

Srini Devadas, Webster Professor of EECS, MIT

Citadel is a side-channel-resistant enclave platform running on a speculative, out-of-order, multicore processor with the RISC-V ISA. We develop a new hardware mechanism to prevent enclaves from speculatively accessing shared memory, effectively protecting them from speculative attacks. Our multicore processor runs on an FPGA and boots untrusted Linux. We open-source our end-to-end hardware and software infrastructure in the hope of sparking research and development to bridge the gap between architectural proposals and deployed enclaves.

Innovation and Collaboration at Scale: How Confidential Computing Empowers Enterprises to Fully Embrace the Public Cloud

Ayal Yogev, CEO and Founder, Anjuna Security

Despite the massive benefits of cloud computing, enterprises in strategic sectors such as financial services, healthcare, defense and government remain hesitant to fully embrace the public cloud. This hesitancy effectively places a glass ceiling on the scale at which innovation and collaboration can occur. Yogev speaks to how the rapid maturation of confidential computing platforms is poised to serve as the catalyst to the next phase of cloud adoption by unlocking unprecedented data security and privacy. In his talk, Ayal will highlight real-world examples of how organizations across industries are already leveraging confidential computing, and demonstrate how doing so ultimately turns a security solution into a vehicle for increased innovation and fearless collaboration.

On-Demand Track Sessions

To access all of the sessions in a particular track, click on one of the three tracks below.

Track 1 Track 2 Track 3

Experience the Opaque Platform for Secure Multi-party Analytics and AI

Speakers: Jay Harel, VP Products & Russell Goodwin, Customer Solutions, Opaque Systems

Use cases across banking, healthcare, AdTech, insurance, manufacturing and more that involve confidential and sensitive data require capabilities for secure inter-company and intra-company collaborative analytics on encrypted data in TEE’’s while ensuring each party is only privy to the data they own. Learn about Opaque’s unique platform for collaborative, multi-partly analytics and Data Clean Room capabilities and experience it through a live demo.

Enabling secure multi-party collaboration with Confidential Computing

Speaker: Rene Kolga, Product Manager, Google

Can we create a usable trusted execution environment that supports a trust model where the workload author, workload operator, and resource owners are separate, mutually distrusting parties? Most definitely!

GCP’s Confidential Space is a system that uses Confidential Computing to protect the workload from an untrusted workload operator, and provide code and data integrity, and data confidentiality guarantees. This unlocks multiple secure collaboration and privacy preserving analytics use cases.

Securing Secrets on Edge with SGX Enclaves

Speaker: Henry Wang, Network Platform Security, Software Engineer, Meta

• Introduction to SGX Enclaves
• Overview of FBEnclave Platform
• Production Use Case on Edge
• Deployment Challenges and Tradeoffs
• Some Performance Benchmarks

An Open Source Certifier Framework for Confidential Computing

Speakers: John Manferdelli, Office of the CTO, VMware & Ye Li, Staff Engineer, VMware

Confidential Computing is a foundational technology, but its adoption has been inhibited by the difficulty in implementing programs quickly even on a single platform.  In addition, fragmentation in the TEE platform market has prevented software portability and reuse across TEE technologies. In this session, we will discuss the Certifier Framework for Confidential Computing, an open source project offering a simple, general API and accompanying service for managing attestation in scaled CC programs. With a half dozen or so API calls, a developer can incorporate CC into their software without deep expertise in security and platform-specific TEE technologies. Furthermore, the framework also decouples trust policy from program code and supports managed deployment.  We’ll cover the programming model, trust model and support (including policy and key storage) that makes the Certifier Framework easy to use and broadly applicable.

Lowering the Barriers to Confidential Computing

Speakers:  Thomas Fossati, Principal Engineer & Marc Meunier, Director Ecosystem Development, ARM 

Providers of computing platforms are racing to deploy products that deliver on the promise of confidential computing. As with any new technology, the initial investment can be high, and pioneers face the risk of cost overrun and failure. In this presentation we explore some of the implementation choices, and the resources Arm is making available to simplify the process of building a platform that supports a “confidential by default” methodology.

Building Privacy-preserving Multi-party Apps on Azure

Speaker: Graham Bury, Product Management, Azure Confidential Computing (ACC)

Learn about real-world multiparty computing scenarios enabled by Azure confidential computing, including solutions provided by Microsoft technology partners. Discover new Azure offerings that make it easier to develop privacy-preserving applications, including new confidential container offerings in Azure.

Application of confidential computing to Anti Money Laundering in Canada*

Speaker: Vishal Gossain, Practice Leader, Risk Analytics and Strategy, Ernst and Young

In Canada, financial institutions face regulatory and privacy challenges in sharing information with each other on their customers to build inter-institution models to better detect money laundering. In collaboration with UC Berkeley (MC2), EY is working with the Big 5 Canadian banks and regulators to create an AML consortium to share data for inter-FI human trafficking detection models. This talk will focus on the consortium framework, technology, progress made, challenges and future outlook.

*1. Any views expressed by speakers are views of their own, and don’t necessarily represent the views of their employers. 

 2. EY is participating under Chatham house rules.

Confidential Computing in Eyecare

Speaker: Jackie Sweet, Lead Software Engineer, Dr. Tavel Optical Group

How an Indiana eyecare provider is leveraging confidential computing to build a zero trust infrastructure.

Accelerating Confidential Computing Adoption: CCC’s Open Source Project Highlights

Speaker: Lily Sturmann, CCC and Office of the CTO Emerging Technologies, RedHat

The CCC brings together hardware providers, software solutions and cloud providers to ease and accelerate the adoption of confidential computing. Learn also how the CCC embodies open governance and open collaboration which includes driving commitments from numerous member organizations and actively supporting contributions from several open source projects such as Enarx, Keystone, Gramine, Open Enclave SDK and many more.

Pervasive Confidential Computing from Cloud-to-Edge

Speaker: Mona Vij, Principal Engineer, Intel Labs

Security and compliance solutions are not one-size-fits-all, and neither is there just one way to deliver Confidential Computing (CC).  Confidentiality and Integrity can be delivered at the application, container, or VM level, with trust verified via a range of attestation mechanisms. We’ll discuss example usages and deployments for each, and how Intel is uniquely positioned to provide this comprehensive backbone for the underlying infrastructure and services. We’ll also introduce the continued evolution of CC to encompass confidential collaboration and distributed confidential computing.

Enabling Confidential Information Retrieval for Regulatory Compliance

Speaker: Dr. Richard Searle, Vice President of Confidential Computing, Fortanix

With the continuing expansion of data protection legislation, organizations must ensure compliance with legal obligations and organizational risk and compliance policies. In this session, learn how Confidential Computing supports controlled access to data for analysts working inside and outside the organizational boundary. The session will provide a contextual overview of the business requirement for confidential information retrieval, and details of how Confidential Computing is being used to protect regulated and classified data. A flexible and scalable architecture will be demonstrated, and comparisons provided to alternative solutions to the use-case requirement. The session will provide essential insights for data analysts, compliance officers, and those seeking to enhance the value of their available data assets.

Leveraging SGX/TDX for Secure and Efficient AI at ByteDance using BigDL PPML

Speakers: Ruide Zhang, Security Software Engineer, ByteDance Inc & Jiao Wang, AI Frameworks Engineer, Intel Corporation

While we can safeguard applications and data in memory using Intel SGX (Software Guard Extensions) or TDX (Trust Domain Extensions), ensuring the security of distributed AI workloads remains a complex challenge.

In this session, we will share our experience at ByteDance in developing end-to-end secure AI workloads utilizing Jeddak Sandbox and BigDL PPML. Our solution has been deployed in production for internal customers to build trusted AI applications on large-scale datasets.

Writing Digital Exams secured by Remote Attestation and Cloud Computing

Speaker: Thore Sommer, Keylime Maintainer, FHNW

Digital exams in schools and universities are getting more and more common. This talk we take a closer look at how we, the University of Applied Sciences and Arts Northwestern Switzerland (FHNW), solved many of the related challenges with Trusted Platform Module (TPM) based remote attestation and cloud computing.
During this we discuss the solutions that we found and challenges we faced to implement it in our exam system the Cloud Assessment Management Platform (CAMPLA).

Unlock the Potential of AI with Confidential Computing on NVIDIA GPUs

Speaker: Philip Rogers, VP System Software, NVIDIA

Confidential Computing has made great strides on CPUs over the last several years, especially with the advent of Confidential VMs. This has provided important guarantees for many use cases, but more is needed to run the demanding workloads of Machine Learning and Artificial Intelligence. This session will provide an overview of the software stack and deployment modes for operating the NVIDIA H100 Tensor Core GPU as part of a fully attested Confidential Computing platform to deliver the performance levels needed for ML and AI that only GPUs can provide. We will announce the availability of the NVIDIA Confidential Computing Software Stack and how it enables cloud deployments using CVMs, as well as on premise deployments using Confidential Containers and Kata. Confidential Computing is a team sport and we will discuss ongoing collaborations with Microsoft Azure and Intel to advance the Confidential Computing ecosystem.

From a No to On-the-Go! A Frontrunners Story on How We Introduced Confidential Computing in Telco

Speaker: Jonas De Troy, Domain Manager Public Cloud & Edge, Proximus

The introduction of emerging technologies is always a difficult task in larger sized companies, true for all organisations and relevant for regulated industries. We will articulate a use case to show the process from a no-go – to an on-the-go decision. We will show how technology, vision and legal/compliance need to collaborate to prove added value. As a domain manager for Public Cloud & Edge I had the opportunity to live this process from early concept to how we introduced confidentiality.

Wrapping entire Kubernetes clusters into a confidential-computing envelope with Constellation

Speaker: Felix Schuster, CEO, Edgeless Systems

Kubernetes is widely used for managing and scaling containerized workloads and is considered the most popular platform for this purpose. However, for confidential computing to become mainstream, comprehensive confidential-computing features must be brought to Kubernetes.

Collaborative Account Recovery for End-to-End Encryption Systems

Speakers: Mike Blaguszewski, Lead Backend Engineer, PreVeil Inc.

In this presentation we will describe method that uses of secure enclaves to recover user keys in Preveil’s end-to-end encrypted system.

CONFIDENTIAL6G EU Research Project

Speakers: Drasko Draskovic, CEO, Abstract Machines & Dušan Borovčanin, Software Architect, Ultraviolet

CONFIDENTIAL6G is a large-scale European research project, engaging 7 academic and research institutes, 3 industrial partners and 3 SMEs. Project develops tools, libraries, mechanisms and architectural blueprints for confidentiality in 6G, Confidential Computing enablers and TEE software abstraction layer. This talk will describe the project, its concept, objectives, organization and research strategies related to Confidential Computing subjects.

TEEtime: A New Architecture for Bringing Sovereignty to Smartphones

Speakers: Ivan Puddu, ETH Zurich, Srdjan Capkun, Professor, ETH Zurich & Shweta Shinde, Assistant Professor, ETH Zurich

Phone manufacturers, operators, OS vendors, and users have diverse interests but imbalanced security dynamics. Developers entrust their security to OS vendors who can limit the user, OSes then rely on the firmware for protection.

In this talk, we present a new smartphone architecture called TEEtime that balances the ecosystem while maintaining compatibility. We create ARM TEE-based domains for users and OSes to isolate resources, peripherals, and interrupts as demonstrated with case studies.

Accelerating your digital business with Anjuna Confidential Computing Platform

Speakers: Mark Bower, VP Product, Anjuna Security

Confidential computing is driving radical changes to how leading organizations innovate and transform their digital business. Beyond making transformation seamless and secure, it is enabling G2000 enterprises to embrace the cloud at scale powering optimized digital experiences, privacy-enhanced analytics, and new business models. This session will provide an overview of Anjuna’s platform, how it can be deployed in minutes effectively to secure enterprise workloads without disruption and how a global financial services organization is leveraging it to accelerate its cloud-first strategy.

CC for AI/ML Models: A Comprehensive Security Framework for In-Use Protection, Ownership, and Data

Speaker: Jay Chetty, Cloud Security Architect, Confidential Computing, Intel

As AI/ML models increase in value and application across sectors, their protection becomes paramount. These models, which often demand substantial investment for training and optimization, face threats of tampering and theft. Furthermore, data used for inference holds significant business value and is often subject to regulations such as GDPR and HIPAA. This AI/ML Security Framework offers a protective layer to these models. It secures models at rest, during transit, and at run time, ensuring integrity, confidentiality, and control over their usage. It introduces model ‘ownership’ and the concept of model licensing, allowing developers to monitor deployment and potentially revoke a model’s use if misbehavior or critical flaws are detected. The framework applies cryptographic techniques and Intel Trusted Execution Environments (TEEs) to protect models. TEE attestation, used in licensing, is facilitated via Secure Boot and Intel Platform Trust Technology or SGX-based DCAP. The model’s protection is extended to data streams used for various AI/ML analytics and output results. Designed for AI/ML specialists with limited security expertise, this framework is delivered with a set of easy-to-use tools and is open-sourced, compatible with Linux KVM (VT-x), Intel SGX (with Gramine), and Kubernetes Containers.

Data Clean Rooms for Secure Multi-Party Collaborative Analytics on Confidential Data

Speaker: Rishabh Poddar, CEO Opaque Systems

Confidential collaboration on shared data has forced organizations to make trade-offs and compromises when sharing sensitive data. Learn how Confidential Data Clean Rooms eliminate these trade-offs and provide increased data security, analytic quality, reduced costs, and improved collaboration.

Confidential Containers, Grow Up & Leave the Nest

Speaker: Amar Gowda, Principal Product Manager, Microsoft

Learn how to deploy confidential pods on public clouds using Cloud API Adaptor (CAA), a sub-project of the Confidential Containers project. This open-source project enables the creation of CVMs on public clouds by integrating with Kubernetes and kata-containers. In this talk, we’ll discuss the technical details of CAA, its integration with k8s,the challenges of deploying pods to k8s using this non-obvious approach, attestation on the respective hardware used to power these virtual machines, etc.

An Open, Platform-Neutral Approach to Attestation

Speaker: Mathias Brossard, Principal Security Architect, Arm

Attestation is one of the pillars on which confidential computing rests. A compute environment needs to prove its confidential characteristics before workloads can be executed. Methods of attestation are often platform-specific, leading to fragmentation as more confidential platforms and architectures emerge. This session shows how open-source, platform-neutral, standards-based abstractions can be applied in this space, and invites the community to collaborate and invest in them.

Collaborative Confidential Computing: FHE vs sMPC vs Confidential Computing. Security Models and Real World Use Cases

Speaker: Bruno Grieder, CTO & Co-Founder, Cosmian

Poster Sessions

An Introduction to Huawei Qingtian Enclaves

Speaker: Quoc Do Le, Confidential Computing Lead, Huawei Munich Research Center

Qingtian Enclave provides a secure and isolated environment for running sensitive workloads and data in the cloud. With QingTian Enclaves, customers can leverage the power of cloud computing in Huawei Cloud while maintaining the confidentiality and integrity of their application.

Cocos AI—System for Confidential Collaborative AI

Speakers: Darko Draskovic, Senior Software Engineer, Ultraviolet
Filip Bugarski, Software Engineer, Ultraviolet

Cocos AI is a cloud distributed microservice-based solution that enables confidential and privacy-preserving AI/ML and allows data scientists to train AI and ML models on confidential data that is never revealed, and can be used for Secure Multi-Party Computation (SMPC).

Achieving Kata Confidential Containers Deployments on Azure for Your Zero Trust Operator Deployments

Speaker: Amar Gowda, Principal Product Manager, Microsoft

We have Confidential computing with AMD’s SEV-SNP based Trusted Execution Environments (TEE) which provides remote attestation, memory and code protection, isolation from host. Then we have Kata Confidential Containers Open-Source Project that allows you to achieve the highest form of isolation from other pods, host, and Kubernetes components in a single Kubernetes container host. Combining these two can help deliver zero trust operator deployments.

M