Announcing the winners of the Confidential Computing Challenge
Jasika Bawa
Product Manager, Google Cloud
Confidential computing aims to protect the integrity and confidentiality of applications and data being processed in the public cloud. At Google, one approach to confidential computing is Asylo, an open-source framework that we released for creating enclaves (sometimes referred to as trusted execution environments, or TEEs) to help protect sensitive data and code with hardware-backed protections.
This emerging technology is promising and sought-after by customers that want to preserve the security and privacy of critical code and sensitive user data.That’s what inspired us to collaborate with Intel on the Confidential Computing Challenge (C3)--an online, global competition to accelerate the field of confidential computing. In February, we invited participants to explore the advantages confidential computing can bring, and they did not disappoint!
"As an industry, we've made a lot of progress towards our common goals of protection for data-in-use, and we're only just getting started in terms of understanding the potential applications of trusted execution environments," explained Simon Johnson, Sr. Principal Engineer & Intel® Software Guard Extensions (Intel® SGX) Architect, who was also one of the C3 judges. "This is one of the primary reasons we decided to co-sponsor the Confidential Computing Challenge along with Google Cloud—to invite the world's most brilliant minds to collaborate with us and share their ideas so we can collectively grow this nascent space."
We received entries from around the world that covered practical and creative use cases for confidential computing, including machine learning, data analytics, multi-party computation, and hardening existing security features like Transport Layer Security (TLS). It was so inspiring and energizing to see the effort participants put into developing their C3 ideas that we decided to expand our original plan and award not just a first place prize, but also a runner-up and two honorable mentions.
With that, please join us in congratulating the winners of C3!
First place: TF Trusted - Confidential Machine Learning with TensorFlow and Asylo
TF Trusted is an open-source framework built on top of Asylo and TensorFlow Lite to compute a prediction without revealing the model or input vector to the host computer. This is achieved by performing computations inside of an Intel SGX device; the user can then perform private computation inside the enclave with any collection of operations supported by TensorFlow. This private computation can be performed in whole, as a TensorFlow Lite model. The enclave’s computation can be extended as a custom TensorFlow Operation for use in broader TensorFlow computation graphs and libraries like TF Encrypted.
"We believe that TF Trusted is an important step towards empowering enterprises, data scientists, and machine learning engineers to leverage confidential machine intelligence to realize the true potential of artificial intelligence," said Gavin Uhma, CEO and co-founder of Dropout Labs, a distributed startup from France, Canada, and the USA focused on secure, privacy-preserving machine learning. "Solutions like this are especially applicable to industries such as finance, healthcare, and transportation, which are interested in moving to the public cloud but have concerns around data confidentiality. It is great that the Confidential Computing Challenge provided us with a platform with which to share these ideas more broadly."
Runner up: PrivateLearn
Recommendation systems typically learn their models from user data. PrivateLearn provides a potential solution to ensure that the learning process preserves the privacy of such sensitive data, backed by a strong security guarantee.
"There are two phases where leakage may happen on the server side -- one is data leakage during the training phase and the other is data leakage from the learned model," said Ruide Zhang, PhD candidate at Virginia Tech. "To encourage adoption of new IoT and AI applications, machine learning frameworks need to guarantee user privacy. PrivateLearn recognizes this need and aims to address it. PrivateLearn also shows that porting existing application into Asylo framework is practical."
For more information, head on over to the PrivateLearn GitHub here.
Honorable mention: GeneCrypt - putting users in control of their genetic data
GeneCrypt helps protect genomic data while also allowing it to be used for the benefit of the individual. "Unlike many other contexts, in this use case, you have a massive amount of sensitive data, but you don’t need all the raw data for practical purposes—just a computationally derived value," explained Martin Thiim, a software and security engineer based in Denmark. "This could, for instance, be a boolean value indicating the presence or absence of some genetic variant. Enclaves lend themselves well to be the filters that extract just the relevant information."
This novel idea utilizes confidential computing principles, and particularly Asylo/Intel SGX enclaves, to realize its goals. You can read more about and try out GeneCrypt here.
Honorable mention: Intel SGX-based Certificate Transparency
This idea proposes to harden the security of a Certificate Transparency (CT) scheme using Intel SGX, by making query authentication much more lightweight, and paving the way for an efficient, secure and practical CT scheme.
"Our proposal aims at hardening the security and building trustworthy systems of CT log servers and monitors," said Dr. Yuzhe Tang, assistant professor in the department of Electrical Engineering & Computer Science at Syracuse University. "Intel SGX-based CT systems will help significantly reduce operational costs for both domain owners and organizations, without sacrificing security. This will eventually increase the adoption rate of CT among organizations and individual users in mainstream and mobile environments."
Intel SGX-based CT is being built on top of enclave Log-Structured Merge-tree (eLSM), a high-performance key-value store that leverages Intel SGX enclaves, developed earlier by Dr. Tang's team. You can find the source code for eLSM here and the corresponding technical paper here. For more information, you can also check out the project website.
Stay in touch
Congratulations to the winners and a huge thank you to all our C3 participants! Thank you also to our judges for the time and energy they spent reviewing and providing feedback on the awesome C3 entries.
If reading this has inspired you to develop your own confidential computing idea, you can start by learning more about Asylo here and Intel SGX here. We can't wait to hear from you and see what you build next!