| Confidential Computing |
The protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment. |
CCC |
| Confidential Payload |
A set of code and data specifically designed to be executed within Trusted Execution Environments (TEEs) while maintaining strict confidentiality and integrity. |
|
| Workload Identity |
Unique identity assigned to software workloads for authentication and access management across services and resources. |
Microsoft Learn |
| Remote Attestation |
A process whereby a system produces information about itself (typically cryptographically-backed) and another party verifies that information, allowing decisions to be made about what types of trust relationships are appropriate to the first system. |
IETF RFC 9334, CCC Blog |
| Enclave |
A secure area of a processor chip that ensures code and data loaded inside are protected from access or tampering by other software, including the operating system. |
CCC |
| TEE (Trusted Execution Environment) |
An environment that provides a level of assurance of data confidentiality, integrity, and code integrity by preventing unauthorized entities from viewing, altering, or tampering with data and code in use within the TEE. |
CCC |
| TCB (Trusted Computing Base) |
A set of components that can be known and defined, evaluated and verified by a trusting party or its agents, expected to continue in the same state, and used as the foundation for other services or systems. This represents the critical security components including hardware, firmware, and software. |
Wikipedia, Bursell, Mike (2021) Trust in Computer Systems and the Cloud, NIST, Microsoft Azure |
| Memory Isolation |
Security feature preventing unauthorized access to data in memory. |
Microsoft Azure |
| Measurements |
Process of assessing the state of a system or components to ensure integrity. |
NIST |
| Root of Trust |
A static component in a system whereby an endorsing authority allows trustors to assume trust in the system in which the anchor is contained. Trust in the root of trust is assumed, based on the endorsing authority, rather than derived. |
Wikipedia on Trust Anchor, Bursell, Mike (2021) Trust in Computer Systems and the Cloud |
| Attestation Verification Service |
Services that verify the integrity and authenticity of attestations in secure computing environments, playing a critical role in establishing trust. |
Azure Attestation, Red Hat on Confidential Computing, Veraison Project on GitHub |