Saved in:
| Main Author: | |
|---|---|
| Format: | Recurso digital |
| Language: | |
| Published: |
Zenodo
2025
|
| Online Access: | https://doi.org/10.5281/zenodo.17018246 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Table of Contents:
- <p>Confidential computing is a paradigm designed to protect data not only at rest and in transit but also during active processing. While traditionally associated with cloud environments, where it enables secure deployment of computing workloads for improved performance, scalability, and cost-efficiency, its applications are expanding into other domains.</p> <p>This document explores the applicability of confidential computing technologies in resource-constrained embedded systems, evaluating both software-based approaches (Fully Homomorphic Encryption) and hardware-based solutions (Trusted Execution Environments). A short overview of confidential computing enablers, especially for ARM and RISC-V platforms, is given.</p> <p>Key use cases are presented, particularly in secure edge computing, where latency constraints, limited bandwidth, or large data volumes require local processing at the edge or along the edge-cloud continuum. In embedded systems, code confidentiality can be as critical as data confidentiality, especially when proprietary algorithms are deployed in physically insecure or even hostile environments. The study also highlights confidential computing use cases across verticals such as automotive, healthcare, military, and financial services, emphasizing the unique security requirements of each.</p> <p>While cloud-based confidential computing often relies on confidential virtual machines for ease of deployment, embedded systems typically adopt a lighter-weight protected application/process model that demands more customization but fits within tighter resource constraints.</p> <p>The document also details experimental work with Keystone enclaves on the RISC-V platform, including methods for deploying encrypted native code workloads or running lightweight runtimes for Python or WebAssembly with optional encryption support. Although Fully Homomorphic Encryption remains computationally intensive for embedded devices, the report explores hybrid models where client-side operations are performed locally and offloaded to cloud services for secure computation. Benchmark results for client-side operations and the Homomorphic WiSARDs framework are also included.</p>