, Talks room
What if someone can read the RAM of your servers? What if your hypervisor is compromised? Encryption of in-use data is an interesting methodology to protect data, software and AI models from advanced attacks. Using hardware features such as Intel TDX and AMD SEV-SNP, a CPU can run confidential virtual machines that are encrypted in RAM and not accessible to the hypervisor. A CPU can then use things like Remote Attestation to provide evidence of the trustworthyness of the software inside of that black box. WebAssembly can be used to further isolate services inside of a cVM.
What if someone can read the RAM of your servers? What if your hypervisor is compromised? Encryption of in-use data is an interesting methodology to protect data, software and AI models from advanced attacks. Using hardware features such as Intel TDX and AMD SEV-SNP, a CPU can run confidential virtual machines that are encrypted in RAM and not accessible to the hypervisor. A CPU can then use things like Remote Attestation to provide evidence of the trustworthyness of the software inside of that black box. WebAssembly can be used to further isolate services inside of a cVM.
