IEEE 2952-2023 Standard for Secure Computing Based on Trusted Execution Environment – Technical Overview

Recently, the IEEE 2952-2023 "Standard for Secure Computing Based on Trusted Execution Environment" was officially released at the 2023 WAIC Data Elements and Privacy Computing Summit, with participation from IEEE Vice‑Chair Yuan Yu, Shanghai Jiao‑Tong University Professor Xia Yubin, and representatives from Ant Group, Pudong Development Bank, and other leading institutions.

The standard establishes a technical framework for secure computing systems built on Trusted Execution Environments (TEE), providing guidance for design, development, testing, and maintenance. It defines universal security computing platform requirements in six dimensions—isolation, confidentiality, compatibility, performance, availability, and security—offering use‑case specifications that are valuable references for confidential computing standards.

Ant Group led the standardization effort together with 17 other companies and institutions, including Huawei, Lenovo, Baidu, Intel, and several universities. The collaboration produced a comprehensive set of technical requirements and architectural diagrams.

Technical Highlights

The framework focuses on three core layers: trusted computing nodes, trusted cluster management, and platform services. Trusted nodes provide the hardware foundation for TEE, ranging from dedicated physical servers to hybrid soft‑hardware appliances, and support major TEE implementations such as Intel SGX, ARM TrustZone, and the Chinese CSV, as well as Ant's cross‑CPU solution HyperEnclave.

The platform layer supplies essential OS components (e.g., the open‑source Occlum LibOS runtime), encrypted file systems, secure memory management, and high‑performance scheduling. It also implements remote attestation to establish secure communication channels and enable end‑to‑end data protection.

Cluster management extends trusted application deployment from single‑node to scalable clusters, supporting confidential containers, Confidential Kubernetes, and Ant's KubeTEE cloud‑native model. It also offers shared services such as remote attestation proxies, trusted configuration, and key management.

Cross‑layer security functions—including access control, identity authentication, audit logging, incident response, and secure operations—are tailored for confidential computing, with special considerations for remote attestation‑driven authentication and confidentiality‑aware auditing.

The release marks a milestone for Ant Group and its partners, providing a reference framework that aims to foster orderly growth of the confidential computing industry.

In addition to IEEE 2952-2023, Ant Group has contributed to other standards such as IEEE 2830-2022 for TEE‑based shared machine learning, the domestic YD/T 4234-2023 framework, and collaborative efforts with ITU, national standards bodies, and the Beijing FinTech Alliance to develop international and national confidential computing standards.

IEEE Standards Association, the global leader in technology standardization, continues to play a pivotal role in defining standards across information technology, communications, power, and energy sectors.