Confidential Computing

Messaging Guide

January 2025
Contents Audience
This document is intended for:
Executive Summary..............................................................3
1. Organization leaders to explore use cases and services
Introduction ..............................................................................4 that can be enabled by Confidential Computing.

Use case 1: Confidential Computing 2. Organization leaders considering whether to use

for generative AI......................................................................4 Confidential Computing for securing a new or existing
product(s), projects, services, and capabilities
Use case 2: Confidential Computing
3. Regulators, standards bodies and ecosystem members in
for multiparty collaboration..............................................5
Data Privacy and related fields.
Use case 3: Confidential Computing 4. General public/Mainstream Media/Publication to raise
for software supply chain...................................................8 general awareness of Confidential Computing and its benefits

Acknowledgments..................................................................9
Executive Summary
Broadening adoption of on-demand compute for sensitive and private workloads requires
simple and fast security mechanisms to protect data, code and runtimes. This Confidential
Computing Consortium white-paper provides an overview of why Confidential Computing
addresses this problem, along with use cases, motivations and solutions.

Confidential computing (CC) capabilities protect against unauthorized accesses and data leaks
while enabling collaboration and compliance. Encrypting data at rest, in transit and while
processing using CC technology further allows sensitive workloads to move to the cloud even
without trusting the cloud provider (admins, hypervisors, etc.). This white-paper describes why
a practitioner will leverage CC for three specific use cases: (i) protect large language models
and user privacy, (ii) enable multiple organizations to securely share and analyze data, and (iii)
protect services from software supply chain attacks.

CONFIDENTIAL COMPUTING MESSAGING GUIDE 3

 Introduction
Confidential computing (CC) helps build a resilient and secure organization by ensuring integrity and confidentiality of data and code in
use. Confidential computing does this by performing computation in a hardware-based, attested Trusted Execution Environment (TEE).
CC can prevent unauthorized access, help meet regulatory compliance, allow secure collaboration between multiple parties and more.
This document outlines the benefits CC can offer to organizations, illustrated by the following use cases.

Use case 1: Confidential Computing for Generative AI

Audience: Gen AI service providers on public or private clouds, Benefits:
cloud providers offering TEEs with confidential GPUs, business
For Gen AI service providers in public or private clouds:
owners self hosting Gen AI applications needing confidentiality &
• Protect proprietary models
integrity for their workloads.
• Increase customer adoption by attesting the integrity of
service to clients

• Improve data security and customer confidence

For cloud providers:

Send Data Send AI Model • Better/increased adoption of cloud services for hosting
Gen AI services
Query Model
Client Enterprise Description: Generative AI is being widely adopted to improve
(Data Owner) LLM Service (Model Owner)
customer experiences and boost productivity. As part of this
adoption, organizations are building their own large language
models (LLMs) or fine-tuning openly available models.

Solution:
CVM
Generative AI workloads typically involve three different parties:
Prevent from Prevent from
reading model seeing client data
Data AI Model 1. Model owner: owns the right to the model itself. This
model could be a proprietary model or customized public
Prevent from peeking
into running service model. Model owner provides access to this model using
a LLM service. Model owners need not trust the compute
provider or client.
Compute Provider
CONFIDENTIAL COMPUTING MESSAGING GUIDE 4
 2. Client (data owner): need to send private data to the LLM confidentiality and integrity requirements. The client can verify
service for inference and fine-tuning. Client needs assur- the attestation report of the confidential TEE, ensuring integrity of
ance that inference prompts are private and not exposed hardware and code. This process guarantees privacy of prompts
to the compute provider or model owner or fine tuning data. The model owner can verify the attestation
report of the confidential TEE, before releasing models to ensure
3. Compute provider (cloud or on-prem): want to host the
model and services are protected from the compute provider.
LLM service while assuring the model owner and client that
Hardware guarantees of the confidential TEE ensures the compute
the provider cannot read or edit the model or prompts.
provider cannot see either the model or prompts used.

Hosting a LLM service in a confidential trusted execution

environment (TEE) allows the model owner, compute provider
and client to collaborate while guaranteeing each of their

Use case 2: Confidential Computing for multiparty collaboration

Audience: Financial, healthcare, pharmaceutical executives 1. Financial Services: Enhancing Fraud
for drug discovery, patient care. Banking executives in charge Detection and Compliance
of fraud detection and compliance.
• Audience:
Description: Enable multiple organizations to securely share » Business Leaders: Executives and decision-makers in
and analyze data. financial institutions

One of the most promising applications of confidential computing » Regulators and Standards Bodies: Compliance officers,
is in multiparty data collaboration, where organizations can regulatory authorities
securely pool data to achieve more accurate insights, predictive
» General Public and Media: Financial analysts, industry
modeling, and pattern recognition. Whether in financial services,
reporters and media outlets focused on advancements
healthcare, or pharmaceuticals, confidential computing offers a
in fraud prevention and data security.
platform for secure federated collaboration that maintains strict
data privacy while enabling innovation and compliance with
• Challenge: Financial institutions must comply with
stringent regulations.
rigorous anti-money laundering (AML) regulations while
protecting customer privacy. However, siloed data within
individual institutions makes it difficult to detect fraudulent
transactions across the financial network, giving criminals
the opportunity to exploit data gaps by moving funds
between banks undetected.

CONFIDENTIAL COMPUTING MESSAGING GUIDE 5

 • Solution: Confidential computing provides a secure » General Public and Media: Medical journalists,
environment for financial institutions to pool their healthcare analysts, and industry publications
transaction data across multiple organizations, enabling interested in innovations that impact public health and
cross-institutional collaboration without exposing drug development timelines.
sensitive customer information. Using multiparty data
sharing, financial institutions can securely combine their • Challenge: The pharmaceutical industry relies on
data in centralized data clean rooms, while federated large datasets, including sensitive patient data, for the
learning models allow institutions to keep data locally development of new drugs and treatments. However,
but still benefit from shared insights through combined strict privacy regulations (such as HIPAA) make it difficult
models and algorithms. for companies to share this data with research partners,
slowing down the pace of innovation and clinical trials.
• Benefits:
» Faster Fraud Detection: By pooling transaction data, • Solution: Confidential computing allows pharmaceutical
institutions can detect patterns and anomalies faster, companies and research institutions to securely
reducing the risk of money laundering. collaborate and share sensitive data, such as electronic
health records (EHRs), across multiple entities. This
» Enhanced Compliance: Confidential computing supports
collaboration happens without exposing raw data, ensuring
compliance with AML and “know your customer” (KYC)
compliance with privacy regulations while unlocking the
regulations, providing attested and auditable results.
power of larger datasets for drug discovery.
» Cost Efficiency: Multiparty collaboration reduces the
• Benefits:
cost and time required for individual investigations
» Faster Clinical Trials: Secure access to large, diverse
while improving overall detection success rates.
datasets accelerates drug development and the
approval of new treatments.
2. Pharmaceuticals: Accelerating Drug
Discovery through Secure Collaboration » Improved Data Security: Confidential computing
protects patient data throughout the drug development
• Audience:
process, ensuring regulatory compliance and data
» Business Leaders: Pharmaceutical executives and R&D
integrity.
managers seeking secure data-sharing methods to
speed up drug discovery and clinical trials. » Cross-Institutional Collaboration: Confidential
computing enables institutions to work together
» Regulators and Standards Bodies: Authorities
securely, streamlining the clinical trial process and
responsible for ensuring HIPAA, GDPR, and FDA
improving research outcomes.
compliance in drug development processes.

CONFIDENTIAL COMPUTING MESSAGING GUIDE 6

3. Healthcare: Improving Patient Care • Benefits:
with Data Aggregation » Better Patient Outcomes: Aggregated data leads
to more accurate diagnoses and treatment plans,
• Audience:
improving patient care.
» Business Leaders: Healthcare executives, CIOs,
and IT directors » Lower Costs: Secure data sharing reduces
redundant tests and unnecessary treatments,
» Regulators and Standards Bodies: Healthcare
lowering healthcare costs.
regulators and compliance officers ensuring adherence
to HIPAA, GDPR, and other privacy standards. » Enhanced Research Opportunities: With access to
larger datasets, healthcare providers and researchers
» General Public and Media: Health journalists, patient
can participate in more advanced research, leading to
advocacy groups, and the general public focused
medical breakthroughs and better patient care
on privacy, healthcare outcomes, and technological
innovations in patient care.
Source
The Case for Confidential Computing
• Challenge: Healthcare providers face strict regulations that
limit their ability to share patient data across institutions,
even when collaboration could improve patient outcomes.
Aggregating patient data from multiple providers could lead
to better diagnoses, treatments, and research, but privacy
concerns create significant barriers to data sharing.

• Confidential computing enables healthcare providers

to securely aggregate and share patient data across
institutions. Through the use of data clean rooms and
secure enclaves, healthcare providers can collaborate
on patient data without violating privacy regulations.
This enables more precise diagnoses, better treatment
plans, and improved patient outcomes while maintaining
compliance with regulations such as HIPAA and GDPR.

CONFIDENTIAL COMPUTING MESSAGING GUIDE 7

Use case 3: Confidential Computing for software supply chain
Audience: SaaS providers, CISOs, open source project Confidential computing technologies can play a vital step in this
admins, developers process by ensuring the generated attestation reports contain
the appropriate measurements. Confidential computing allows
Benefits:
entire runtime environments to be attested against a known
• Ensure SaaS offerings are not compromised by software measurement and additionally protects those environments from
supply chain threats and boost customer confidence being modified; preventing malicious attacks to the pipeline. A
measurement generates data that typically includes a cryptographic
• Protect customer data and signing keys providing improve
hash of the software stack which can be traced all the way back to
data security and integrity
the root of trust (e.g., a private key from a chip manufacturer where
• Comply with open source security foundation (OpenSSF) the public key is known). This measurement can then be verified
best practices for protecting data in use against known reference values. Using these techniques, a SaaS
provider, for example, can make sure their service will only run on
Description: protect cloud or self hosted services from software known and verified hardware and software.
supply chain attacks
Even more, confidential computing can be leveraged to
Solution: Confidential computing attestation reports can contain ensure the integrity of the build pipeline itself. By attesting
measurements related to hardware, firmware and the software to the integrity of the build environment and protecting the
stack. This capability can be leveraged to ensure the integrity of artifact signing keys, confidential computing can establish the
various layers in a software supply chain. correctness and validity of software releases.

Supply chain attacks target developer tools, open source packages,

proprietary software and more. To protect against these and other
threats, software projects are increasingly focusing on reproducible
builds and processes like SLSA (supply-chain levels for software
artifacts). With this, the industry is heading towards the ability to
verify the integrity of all artifacts of a software product.

CONFIDENTIAL COMPUTING MESSAGING GUIDE 8

Acknowledgments
• Lead author, Julian Stephen, IBM

• Co-author, Liang Wan, IBM

We thank all the participants of the Brand Repositioning Working Group for their contributions,
insights, and feedback. Special thanks to the Outreach Committee and Governing Board for
their involvement in various stages of the brand repositioning and messaging guide process.

Brand Repositioning Working Group participants:

• Ab Nacef (coordinator) AMD • Kate George Intel

• Rachel Wan (coordinator) IBM • Mike Burrell CCC/LF

• Laura Martinez NVIDIA • Jeff Birnbaum Microsoft

• Sal Kimmich CCC/LF • Mike Bursell CCC/LF

• Dave Singh Intel • Alec Fernandez Microsoft

• Julian Stephen IBM • Manu Fontaine Hushmesh

• Joseph Artgole Arm • Vini Jaiswal TikTok

• Matthieu Legré Cysec • Justin Lucht Enclaive

• Jen Shelby CCC/LF

CONFIDENTIAL COMPUTING MESSAGING GUIDE 9

Sponsored by the Linux Foundation, the CCC is a community focused on projects securing
data in use using hardware-based TEEs and accelerating the adoption of confidential
computing through open collaboration. The CCC brings together hardware vendors, cloud
providers, and software developers to foster the adoption of TEE technologies and standards.