Module README
05 Confidential Computing
Confidential computing protects data and code during execution, not only at rest or in transit.
In PROTEONEXT it applies when a hospital or scientific node needs to run scoring, training, or inference with stronger isolation guarantees.
Conceptual pattern
- Syntax or the coordinator prepares a signed job.
- The node validates who is requesting it and what permissions they have.
- The confidential runtime starts on a Confidential VM or confidential container.
- The node verifies attestation: image, code hash, environment, and policy.
- Only if the evidence matches the policy are secrets or local data released.
- The job produces aggregates, weights, or authorized artifacts.
Azure fit
| Need | Azure component |
|---|---|
| Workload identity | Entra ID Workload Identity / Managed Identity |
| Secrets and keys | Key Vault / Managed HSM |
| Protected execution | Azure Confidential VMs / confidential containers |
| Verification | Microsoft Azure Attestation |
| Private network | Private Link, NSG, Firewall |
| Audit | Azure Monitor, Log Analytics, Sentinel |
| Governance | Microsoft Purview |
Run simulation
From Desarrollo:
python .\05_confidential_computing\simular_attestation.py
The simulation does not use Azure. It only explains the logic of an attestation decision.