This article introduces HyperGPU, a confidential‑computing infrastructure that transforms ordinary GPUs into trusted execution environments for large‑model inference, covering its background, design goals, architecture, security mechanisms, performance results, future optimizations, and open‑source plans.
This article explains the concept of zero‑copy in Linux, compares the four main system calls—sendfile, mmap, splice and tee—describes their APIs, internal mechanisms, performance characteristics, typical use‑cases and provides practical code examples for high‑performance network programming.
This article explains how Linux zero‑copy techniques—DMA, sendfile, splice, mmap + write, and tee—reduce CPU involvement in large file and network transfers by moving data directly within kernel space, detailing their workflows, code examples, performance trade‑offs, and suitable use cases.
The Asterinas open‑source confidential computing stack, released by leading Chinese research institutions and Ant Group, combines HyperEnclave, Occlum, and TrustFlow to provide a secure, nationally‑trusted TEE foundation for cloud, AI, and data‑intensive workloads, addressing the shortcomings of existing commercial TEEs and enabling trustworthy data flow across diverse industries.
The second Confidential Computing Forum at CNCC2024, held on October 26 in Hangzhou, gathers leading experts to discuss TEE‑based secure computing, present cutting‑edge research on confidentiality, side‑channel attacks, collaborative trust, and cryptographic applications, and outlines future directions for data security in the digital economy.
Under the guidance of the People’s Bank of China, the Beijing FinTech Industry Alliance has published the 'Financial Industry Privacy Computing Interconnection Platform Technical Specification', a standard co‑authored by China UnionPay, major banks, universities, tech firms and telecom operators, with Ant Group playing a key role.
The article examines the rapid growth of China's digital economy, the rising demand for secure data circulation, and how Trusted Execution Environments (TEE) are evolving through hardware and software advances, interoperability efforts, and large‑model privacy solutions to address emerging security challenges.
This article explains the architecture and practical steps for deploying confidential containers using Intel TDX and Alibaba Cloud ACK, detailing threat models, security features, remote attestation, and AI workload protection while maintaining performance and cost efficiency.
The IEEE 2952-2023 standard, jointly released by Ant Group and multiple partners, defines a comprehensive technical framework for secure computing using Trusted Execution Environments, covering isolation, confidentiality, compatibility, performance, availability, and security, and outlines reference implementations, cluster management, and remote attestation mechanisms.
At the 2023 World AI Conference summit, Ant Group unveiled its YinYu Open‑Source Framework 1.0 and the HyperEnclave financial‑grade TEE, detailing their technical features, industry‑wide standards contributions, and how they aim to boost the usability, security, and interoperability of privacy computing for AI applications.
The report details a collaborative effort led by UnionPay and Ant Group to create a unified remote attestation framework that enables interoperability among diverse TEE solutions, demonstrating successful integration of five major TEE platforms and highlighting the significance for secure data flow in the financial sector.
The article explains Android’s multi‑layered file‑based encryption system, describing how FDE, FBE and metadata encryption work together, and detailing the end‑to‑end key‑management flow that spans the HAL, VOLD, Linux kernel, fscrypt, the Trusted Execution Environment and hardware crypto engines to generate, derive, and program per‑file encryption keys.
TrustZone implements a hardware‑level privacy shield for smartphones by partitioning CPU, bus, memory, peripherals and interrupts into a Secure World and a Normal World, using ARMv8 exception levels and extensions such as SCR, TZPC, TZASC, GIC and MMU to isolate user data from non‑secure software.
This article presents a comprehensive overview of TEE interoperability, describing the background of trusted execution environments, their remote attestation processes, a unified remote attestation framework, and the overall strategy for achieving cross‑TEE compatibility, including open‑source implementations and future directions.
This article introduces and compares major privacy computing technologies—including MPC, federated learning, TEE, and proxy MPC—evaluating them across security, development cost, operational cost, accuracy, performance, participant scale, control, hardware cost, and trust, and then outlines Ant Group’s privacy computing framework, applications, and standards work.
The article examines OP‑TEE 3.18’s SFS secure storage, detailing its GP API, kernel file‑system module, REE daemon interactions, file format with header, hash‑tree nodes, key hierarchy (SSK, TSK, FEK), and encryption using AES‑GCM, and highlights the single‑point‑of‑failure risk of the dirf.db directory.
This article presents an end‑to‑end privacy‑preserving machine‑learning solution for AI and big‑data workloads built on Intel SGX, the open‑source TEE OS Occlum, and BigDL PPML, detailing its architecture, key features, deployment steps, and real‑world applications.
The article explains how ARM TrustZone creates a Secure World Trusted Execution Environment, details the REE‑to‑TEE interaction via Secure Monitor Calls, outlines AArch32/AArch64 register conventions, fast versus yielding SMCs, service registration, and the low‑level boot and handling flow of the Secure Monitor.
This article introduces the concept of federated learning, outlines its industry opportunities and challenges, explains the evolution of data‑sharing technologies, details core techniques such as MPC, TEE, and differential privacy, and presents the architecture and capabilities of the Dianshi federated learning platform.
This article explains how privacy computing technologies such as federated learning, multi‑party computation, and trusted execution environments, combined with blockchain, address data sharing challenges in the digital economy by protecting privacy, ensuring compliance, and enabling secure, trusted collaboration across enterprises and government agencies.
This article presents a technical overview of the security challenges in multi‑party big‑data collaboration and explains how Trusted Execution Environments (TEE) and blockchain can be combined to protect data privacy, ensure computation integrity, and enable traceable data usage in distributed systems.
This guide explains the Linux tee utility, covering its purpose, installation verification, basic syntax, useful options, and seven practical examples that demonstrate writing to files, appending data, handling multiple outputs, ignoring interrupts, and combining tee with sudo for privileged writes.
The article explains how confidential computing, built on trusted execution environments like Intel SGX, addresses data‑in‑use security, outlines the technical hurdles developers face, and showcases Ant Group's open‑source SOFAEnclave components—Occlum, HyperEnclave, and KubeTEE—highlighting Rust’s pivotal contribution.
The article explains how Trusted Execution Environments (TEE), built on ARM TrustZone, provide a secure world separate from the Rich Execution Environment, detailing its architecture, GP API interactions, and how fingerprint enrollment and authentication are performed within TEE to protect sensitive biometric data.
The article explains Linux zero‑copy I/O techniques—mmap, sendfile, splice, and tee—detailing their design principles, execution flows, context‑switch and data‑copy reductions, advantages, limitations, and appropriate use cases, helping developers choose the optimal method for high‑performance file and network transfers.
Ant Group has led the IEEE to approve the world’s first standard for secure computing based on Trusted Execution Environments (TEE), outlining framework, functions, and security requirements, and aims to protect data privacy and sensitive code across cloud, blockchain, AI, and other emerging applications.
This article introduces the design principles and core technologies of fingerprint authentication, explains the FIDO protocol’s security model, describes the server‑client architecture—including REE and TEE environments—and discusses how these components combine to deliver a privacy‑preserving, user‑friendly mobile authentication solution.
This guide explains how the Linux tee command reads from standard input and simultaneously writes to both a file and the screen, providing seven detailed examples that cover basic usage, writing to multiple files, silent output, appending, sudo integration, piping between commands, and using tee within vim.
KubeTEE is an open‑source cloud‑native framework that integrates Trusted Execution Environment (TEE) technology with Kubernetes to provide a complete solution for developing, deploying, and operating large‑scale confidential computing applications, simplifying the entire lifecycle from code signing to runtime management.
This article introduces confidential computing with Intel SGX, explains why SGX development is difficult, and demonstrates how Ant Group's open‑source TEE OS Occlum dramatically lowers the barrier by using three simple commands to build, package, and run a Hello World program inside an enclave.
The article compares shared intelligence and federated learning, examines privacy‑preserving techniques such as MPC, TEE, and differential privacy, discusses gradient‑inversion attacks and their mitigations, and presents Ant Group’s end‑to‑end system design and real‑world deployments in finance.
An interview with Ant Group senior engineer Qin Kailun reveals the inherent security flaws of Kubernetes Secrets—including plaintext storage, memory exposure, and vulnerable KMS plugins—and explains Ant Group’s TEE‑based end‑to‑end protection solution that encrypts secrets throughout their lifecycle.
As IoT devices proliferate across industries, their fragmented, resource‑constrained nature and continuous operation create security challenges distinct from traditional Internet security, prompting the need for specialized authentication, lightweight TLS, secure chips, trusted execution environments, software hardening, and emerging standards to protect the ecosystem.
This guide explains how to use the Linux tee command to capture command output, append to files, write to multiple destinations, ignore interrupts, pipe results to other commands, and integrate tee into shell scripts, providing practical examples and syntax details.
SOTER is Tencent's comprehensive biometric security standard that leverages Trusted Execution Environments and device‑root keys to provide unified, tamper‑resistant fingerprint authentication across Android and iOS platforms, simplifying integration for developers while protecting user data.
