This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Use Cases

Common Applications of Confidential Containers

1 - Confidential AI

Confidential Containers for AI

Accelerated Inference and Fine Tuning

Many AI workloads require or benefit from accelerators like GPUs. CoCo supports Confidential Computing compliant accelerators.

Workloads request compliant accelerators using standard Kubernetes resource descriptions in the pod specification.

CoCo includes a specific feature called, “composite attestations” to bind evidence of accelerators and vCPUs. Users can enable policies requiring composite attestations to gate releasing secret resources to the pod.

Retrieval Augmented Generation

In addition to the general AI usages mentioned above, CoCo can help secure popular RAG deployments. RAG deployments often include repositories of confidential information used to augment the LLM’s latent knowledge. To secure those sensitive repositories including their representations in vector databases, deploy all containers using CoCo.

Access to the confidential repositories and vector databases should be gated on correct attestation verification. Attestation policies can be managed using Trustee or similar attestation services.

CoCo includes features in “Confidential Data Hub” to securely handle secrets for resources like encrypted storage that can be used for confidential document repositories. See the Features section for Secret Resources and Sealed Secrets.

Federated Learning

Federated Learning (FL) is a decentralized machine learning approach where multiple participants (such as organizations, edge devices, or distributed servers) collaboratively train a model without sharing their raw data. Instead of centralizing data, each participant trains a local model and shares only model updates with a central aggregator, preserving data privacy and reducing communication overhead. A variety of FL systems and frameworks currently exist and can be deployed more securely using CoCo.

CoCo’s Role and Guidance

FL requires honest participants and a trusted aggregator. CoCo can help enforce honest behavior of each client, reducing the risk of poisoning and tampering at each client. CoCo can also protect the aggregator from infrastructure threats and malicious clients.

To secure an FL workload with CoCo:

  • Deploy the Aggregator in a Confidential Container to protect the central model aggregation service and the global model weights from tamper or unauthorized exposure.
  • Deploy each client in a Confidential Container to protect local data and model weights from external attack as well as reducing the risk of poisoning and tampering.
  • Mutual Trust:
  • The Aggregator must only accept updates from correctly attesting clients. The attestation measurements of the container ensure that only the expected training code is calculating and providing model updates.
  • Each Client should submit local model weights to or accept global model weights from a correctly attesting Aggregator.
    • In lieu of incorporating verification logic in each component, deployments can use attestation policies in Trustee. Clients and Aggregators can receive communication credentials (e.g. TLS Certificates, JWTs) from Trustee upon successful attestation verification.

2 - Switchboard Oracles: Securing Web3 Data with Confidential Containers

How Switchboard leverages Confidential Containers to create a secure, decentralized oracle network for Web3 applications

Overview

Switchboard is building a decentralized oracle network that provides secure, reliable, and verifiable data for Web3 applications. By leveraging Confidential Containers (CoCo) with AMD SEV-SNP technology, Switchboard has created a robust infrastructure that protects sensitive oracle data from privileged attackers while ensuring verifiable attestation for blockchain applications.

Challenge

Oracles serve as critical infrastructure in the blockchain ecosystem, providing external data to smart contracts. However, they face unique security challenges:

  1. Data Integrity: Ensuring data remains unaltered from source to blockchain
  2. Confidentiality: Protecting sensitive data from manipulation during processing
  3. Privileged Access Threats: Defending against potential attacks from system administrators or cloud providers
  4. Verifiable Trust: Providing cryptographic proof that data processing occurs in a secure environment

Traditional container solutions couldn’t provide the level of isolation and attestation required for Switchboard’s security model.

Solution

Switchboard implemented Confidential Containers with AMD SEV-SNP to create a trusted execution environment for their oracle infrastructure:

  • Hardware-Level Memory Encryption: Using AMD EPYC CPUs with SEV-SNP to encrypt memory contents, protecting data-in-use from privileged attackers
  • Remote Attestation: Providing cryptographic verification that oracle code runs in a genuine, unmodified confidential environment
  • Confidential Containers Integration: Building on Kata Containers’ isolation while adding confidential computing capabilities
  • Decentralized Infrastructure: Enabling trusted node partners to run Switchboard infrastructure while maintaining security guarantees

Business Benefits

  1. Enhanced Security Posture: Protection against infrastructure-level attacks, reducing the attack surface for oracle data
  2. Verifiable Trust: Ability to cryptographically prove to users and partners that data processing occurs in a secure environment
  3. Competitive Advantage: Offering higher security guarantees than traditional oracle solutions
  4. Simplified Compliance: Helping meet regulatory requirements for sensitive data handling in Web3 applications
  5. Partner Network Growth: Enabling secure decentralization through the Node Partners program

Future Roadmap

Switchboard is expanding its confidential computing capabilities with planned support for Intel TDX, further broadening hardware compatibility options for node partners. This multi-architecture approach ensures the oracle network can scale securely across diverse infrastructure environments.

Conclusion

By implementing Confidential Containers with AMD SEV-SNP, Switchboard has established a new security standard for Web3 oracles. This infrastructure provides the foundation for Switchboard’s Node Partners program, launching on mainnet on March 11, 2025, enabling a truly decentralized and secure oracle network that Web3 applications can trust with their most sensitive data needs.

3 - Secure Supply Chain (Trusted Pipeline)

A trusted CI/CD pipeline prevents malicious code from infiltrating the software and ensures that the software can be traced and verified.

Background

  • Compliance Frameworks require Software Bill Of Materials (SBOM)
    • What was the OCI Image was built from?
  • Confidential Computing requires a way to verify the OCI Images being used. (Signatures, Encrypted Layers etc.)
    • Is this the OCI Image I am looking for?

Being able to verify the image is not sufficient for Confidential Computing if we do not trust the environment in which the evidence for verification was created.

Can we ever have a Confidential Computing Environment if we do not trust the environment in which the application has been built?

What environment was used to

  • Build the OCI Images?
  • Define/Generate the SBOM we later use to inform our choice of Image?
  • Sign or encrypt the Image?

We need to use CoCo to establish a Secure Supply Chain.

  • To ensure the SBOM accurately reflects how the OCI Image was built
  • No ability to tamper with the build
  • To protect the keys used to establish signatures or encrypt the Images.
  • To make the signatures, keys, SBOMs available for use/audit purposes later.

But considering OCI Images is not enough our Supply chain also includes:

  • AI Use Cases would include training Data and AI Models
  • CoCo VM (with SBOM)
  • Attestation Measurements to verify the CoCo VM
  • Generation and protection of Keys/Secrets/Policies/Configuration
  • Trustee (KBS/Attestation) and Remote Verification Services
  • Potentially updates to Firmware for the TEE in use.

One of the key considerations for the confidential containers project is

  • Transparent deployment of unmodified containers

For a Secure Supply Chain it is reasonable to conclude that in order to build the unmodified containers we should start by considered pre-existing CI/CD systems which can be deployed within a Kubernetes Environment. Such systems could be deployed to Confidential Containers with CI/CD system then securely building, signing, encrypting unmodified containers and SBOMs. One such CI/CD system being investigated is Tekton

Bootstrap Problem

This Use Case needs to consider how to solve the bootstrap problem.

  • How can we use a CoCo VM to securely build a CoCo VM?