About the project
Project Name: CoCEM – Confidential Computing Enclaves for the Masses
Orchestrator for Confidential Computing Workload Deployment.
Team: Nicolae Paladi and Stefano Cucchiella
Cloud computing enables seamless data access across multiple devices, collaborative work and centralized data storage. However, using the cloud imposes significant limitations in terms of data confidentiality and privacy, control over geographic and jurisdictional placement of data, as well as data and service portability across cloud providers. While some of the challenges have promising solutions, these promises remain unfulfilled. CoCEM project aims to design and prototype an orchestration service for Confidential Computing workload deployment, paving the way for unprecedented user empowerment!
Achievements from the first phase of the DAPSI programme
In the first phase of the project, our effort focused on assessing our assumptions on both the product and the market.
1) Product Development
We managed to successfully create an environment where data and applications were able to be executed in a safe and trusted environment with no possibility for any external entity to access either resources during the computational phase.
At the same time, we defined a first version of the solution’s architectural description in order to make it easy to use for our customers. We then used the outcome of this activity to define the product APIs https://api.confidentialcloud.io and documentation https://docs.confidentialcloud.io/.
2) Market research
The solution we are providing can be applied to several industries from energy production to fashion, from banking to automotive. Hence, we have spent many hours performing deep analysis of the market and finding early adopters.
All in all, the market is likely to grow exponentially over the next few years, projected to reach 54 billion USD in 2026.
We believe in community-driven efforts and for this purpose we have also joined the Confidential Computing Consortium (CCC) and The Linux Foundation (LF) in addition to local hubs like Gaia-X and Cybernode Sweden.
Achievements from the second phase of the DAPSI programme
On the technical side, during the second phase of the DAPSI programme, CanaryBit has made significant progress in deployment automation and reproducible builds of confidential enclaves. We also introduced multi-cloud support, allowing end-users to deploy confidential enclaves on several cloud back-ends. Our implementation is done using Infrastructure-as-Code best practices (see Figure below). These steps were primarily done to put end users firmly in control over their data and workloads and be able to obtain attestation reports to verify the trustworthiness of their infrastructure.
Finally, we have made significant progress in the business validation of our solutions. By collaborating with partners in a range of verticals (energy, manufacturing and IoT, pharmaceutical, e-commerce, public administration and cybersecurity) we identified repetitive challenges that can be solved using CanaryBit’s confidential cloud platform. We further identified the challenges with respect to data governance and data quality that often need to be addressed to enable data portability and data collaboration projects. This also led to several insights that we subsequently patented to ensure we can develop the Confidential cloud platform unhindered. All in all, the second phase of the DAPSI project helped CanaryBit evolve its product and get closer to a product market fit.
On the technical side, during the second phase of the DAPSI programme, CanaryBit has made significant progress in deployment automation and reproducible builds of confidential enclaves. We also introduced multi-cloud support, allowing end-users to deploy confidential enclaves on several cloud back-ends. Our implementation is done using Infrastructure-as-Code best practices (see Figure below). These steps were primarily done to put end users firmly in control over their data and workloads and be able to obtain attestation reports to verify the trustworthiness of their infrastructure.
We have also made some important community contributions. During the second phase of the DAPSI project, CanaryBit became a member of the Confidential Computing Consortium (confidentialcomputing.io) and of the European Cyber Security Organization (ECSO). Moreover, CanaryBit has been actively involved in IETF standardization related to confidential computing, in particular the Trusted Execution Environment Platform work group (TEEP WG) and the Remote ATtestation procedureS work group (RATS WG), in collaboration with the StandICT 2023 project. This helped us both align our service to the on-going standardization efforts and contribute our insights to help create a better and more complete IETF Request For Comments document.
Finally, we have made significant progress in the business validation of our solutions. By collaborating with partners in a range of verticals (energy, manufacturing and IoT, pharmaceutical, e-commerce, public administration and cybersecurity) we identified repetitive challenges that can be solved using CanaryBit’s confidential cloud platform. We further identified the challenges with respect to data governance and data quality that often need to be addressed to enable data portability and data collaboration projects. This also led to several insights that we subsequently patented to ensure we can develop the Confidential cloud platform unhindered. All in all, the second phase of the DAPSI project helped CanaryBit evolve its product and get closer to a product market fit.
Pitch
Testimonial
DAPSI helped us grow in so many ways during the first phase of the program. As a young startup we had to cover different aspects of our solution – everything including technical, regulatory and business. Their coaching sessions stimulated our thinking and contributed to put our product onto the right track. Also, we initiated dialogs for collaboration with fellow projects in the program and together we are setting the ground for a tight and productive collaboration in the near future.
Stefano Cucchiella
Entities
