Asterinas Confidential Computing Platform: Architecture, Core Components, and Real‑World Applications

On October 22, the open‑source system software stack “Asterinas” (星绽) was announced by Zhongguancun Laboratory, Ant Group, Peking University, Southern University of Science and Technology, and other industry‑academic partners, offering a secure native system software foundation for both general‑purpose and trusted execution environments.

Data has become a core production factor of the digital economy, and secure data circulation relies on protecting data privacy and integrity. Confidential computing, a key privacy‑computing technique based on Trusted Execution Environments (TEE), isolates and verifies execution to keep sensitive data safe in CPU and memory, a capability increasingly demanded by cloud‑based AI and big‑data scenarios.

Existing commercial TEEs suffer from foreign CPU‑root dependencies, limited domestic CPU support, and high development costs. Asterinas Confidential Computing, developed by Ant Group, fills these gaps with a nationally‑controlled trust root, reducing hardware‑software costs and delivering flexible, high‑performance confidential and privacy‑preserving computation.

The platform is built on three core components:

HyperEnclave : an open, cross‑platform TEE that provides hardware‑level isolation, a publicly trusted root, and can be hosted by national authorities, eliminating reliance on foreign CPU vendors.

Occlum : a lightweight TEE operating system supporting multiple programming languages and file systems, allowing existing Linux applications to run in a TEE with minimal changes.

TrustFlow : a trustworthy data‑flow framework that guarantees privacy and security during data processing, offering out‑of‑the‑box capabilities for large‑model, machine‑learning, and data‑analysis workloads.

Technical highlights include full‑stack coverage from secure virtualization to trusted services, universal compatibility with various CPU platforms, national‑level trust‑root control, ease of use for big‑data and AI scenarios, open‑source code audited by authorities, endorsement by the Ministry of Industry and Information Technology, and recognition through top‑conference papers (ASPLOS’24, ASPLOS’20, ATC’22) and over 20 patents.

Real‑world deployments span government, public security, finance, big‑data trading, and healthcare. Notable cases are the “Anti‑Fraud Alliance Trusted Collaboration Network” for cross‑agency risk data sharing, high‑security financial risk‑control services for millions of customers, the nation’s first confidential‑computing center in Hangzhou, and the “Farmer‑Second‑Loan” project that has granted loans to over 6 million farmers.

For more information and to access the source code, visit the GitHub repository: https://github.com/asterinas/asterinas-cc .