CONFIDENTIAL6G
Privacy-preserving confidential computing platform that enables mitigation of internal threats for telecom cloud providers
This use case targets the verification of: (i) cryptographic enablers - focus will be on post-quantum TLS enablers and Trusted Execution Environment toolkit that will include enablers for remote attestations; (ii) confidential computing hardware abstractions - focus will be on TEE Hardware Abstraction Layer (HAL), software management agent (SMA) implementation, remote attestation handling and TLS connections outside of the enclave; (iii) confidential orchestration. This use case will set up a testbed based on a private or hybrid (public/private) cloud consisting of machines with VM-based TEE support (AMD SEV or Intel TDX) and use the testbed to verify correct initialisation and the secure VMs. It will develop procedures for the automation of the cloud setup. This use case will further inspect control of these secure VMs with HAL and SMA components loaded into them and inspect TLS communication with servers within an enclave. Special attention will be put into analysing remote attestation handling, and procedures for their logging will be developed. Secure VMs will be orchestrated via confidential containers, so the testbed will include a Kubernetes cluster, which will be modified to include these types of containers. Users will be capable of defining and automatically deploying confidential clouds (via pre-written scripts, configuration files and user interface), and test procedures will include these operations. The goal of the use case is to produce a usable cloud platform that can be suitable for constructing confidential telecom clouds with an important characteristic that they could offer protection even against insider threats.