OPODIS2025

SCONE Confidential Computing Environment: Protecting Applications against Powerful Adversaries

Our objective is to protect the code, data, and keys of applications against all users with access to the computer systems. In some domains (e.g., healthcare domain), this must be guaranteed, even if the application is not entirely correct. To simplify the adoption of confidential computing, SCONE transforms cloud-native applications into confidential cloud-native applications running on vanilla Kubernetes clusters. The applications can run on Intel SGX, Intel TDX, and AMD SEV. In the near future, SCONE will also support confidential GPUs. The confidentiality, integrity, and consistency of an application's data and keys are guaranteed by always keeping the data encrypted, i.e., at rest, in transit, and in use. This enables us to add a protection layer around applications to prevent data loss caused by bugs and backdoors in the application code.

 

About the speaker

Christof Fetzer received his Ph.D. from UC San Diego (1997). As a student he received a two-year scholarship from the DAAD and won two best student paper awards (SRDS and DSN). He was a finalist of the 1998 Council of Graduate Schools/UMI distinguished dissertation award and won an IEE mather premium in 1999. Dr. Fetzer joined AT&T Labs-Research in August 1999 and was a principal member of technical staff until March 2004. Since April 2004, he is head of the Systems Engineering Chair in the Computer Science Department at the Dresden University of Technology. He is the chair of the Distributed Systems Engineering International Masters Program at the Computer Science Department. Prof. Dr. Fetzer has published over 130 research papers in the field of dependable systems.