The field of confidential computing focuses on technologies that protect “data in use” to enable secure remote computation. The goal is to allow sensitive data to be processed on external machines, such as cloud servers, without compromising confidentiality guarantees.

Hardware-supported confidential computing is rapidly gaining traction in industry. All major hardware vendors have introduced confidential computing features in their processors (e.g., Intel SGX, Intel TDX, AMD SEV, ARM CCA). However, achieving strong confidentiality guarantees with reasonable performance also requires changes in the software stack. In confidential computing, system software on the cloud servers is considered untrusted, and such software can observe and influence program execution in many intricate ways. Protecting against information leaks through side channels at various layers of abstraction is a major challenge in this setting, and is often left out of scope by current hardware protection mechanisms.

This talk will explain and illustrate these challenges, and present some ideas on how to address them.

Frank Piessens is a full professor in the Department of Computer Science at the Katholieke Universiteit Leuven, Belgium. His research focuses on software and systems security, encompassing both attack techniques and defenses.

On the defense side, he has made contributions to formal verification techniques for C-like languages, enforcement of information flow security, hardening against memory safety exploits, mitigating micro-architectural side-channels, and designing and implementing embedded security architectures.

On the attack side, he has contributed to the development of novel attack techniques for transient execution attacks, memory safety attacks, and controlled channel attacks.

Frank has served on the program committee of numerous prestigious security and software conferences including ACM CCS, Usenix Security, IEEE Security & Privacy, and ACM POPL. He acted as program chair for the International Conference on Principles of Security and Trust (POST 2016), for the IEEE European Symposium on Security & Privacy (Euro S&P 2018 & 2019), and for the IEEE Secure Development Conference (SecDev 2021 & 2022).