Home / Technology

Photo of smartwatch, code, television
Image: via image.theregister.com
Technology

Confidential Computing Security Protocol Found Flawed

WireByte Staff · July 4, 2026

Researchers have discovered a fundamental architectural flaw in the remote attestation protocol used in confidential computing, a key technology for Europe's sovereign cloud ambitions. The protocol, called attested TLS, is used to prove the trustworthiness of servers running sensitive data. The flaw raises concerns about the security of confidential computing systems, which are touted as offering full control over customer data.

Key points

  • Researchers at TU Dresden discovered a flaw in the attested TLS protocol used for remote attestation in confidential computing systems.
  • The protocol is used to prove the trustworthiness of servers running sensitive data, but the flaw means it may not provide the promised level of security.
  • The discovery raises concerns about the security of confidential computing systems, which are used by companies like Intel and Google Cloud.
  • The European Union's sovereignty frameworks, such as SecNumCloud, may not be able to assess the security of these systems due to the flaw in the attested TLS protocol.

Confidential computing has been touted as a key technology for Europe's sovereign cloud ambitions, with vendors like Intel and Google Cloud promising full control over customer data. However, new research has discovered a fundamental architectural flaw in the remote attestation protocol used in these systems.

The protocol, called attested TLS, is used to prove the trustworthiness of servers running sensitive data. However, researchers at TU Dresden have discovered that it may not provide the promised level of security. Using a tool for symbolic security analysis, they found that the protocol may not be able to prevent a malicious server from impersonating a trusted one.

The discovery raises concerns about the security of confidential computing systems, which are used by companies like Intel and Google Cloud. The European Union's sovereignty frameworks, such as SecNumCloud, may not be able to assess the security of these systems due to the flaw in the attested TLS protocol.

The implications of this discovery are still unclear, but it highlights the need for further research and development in the field of confidential computing. As the technology continues to evolve, it is essential to ensure that the security protocols used in these systems are robust and reliable.

Sources

WireByte Staff — Editorial Team

The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.