Confidentiality, integrity protection, and high availability, abbreviated to CIA, are essential properties for trustworthy data systems. The rise of cloud computing and the growing demand for multiparty applications however means that building modern CIA systems is more challenging than ever. In response, we present the Confidential Consortium Framework (CCF), a general-purpose foundation for developing secure stateful CIA applications. CCF combines centralized compute with decentralized trust, supporting deployment on untrusted cloud infrastructure and transparent governance by mutually untrusted parties. CCF leverages hardware-based trusted execution environments for remotely verifiable confidentiality and code integrity. This is coupled with state machine replication backed by an auditable immutable ledger for data integrity and high availability. CCF enables each service to bring its own application logic, custom multiparty governance model, and deployment scenario, decoupling the operators of nodes from the consortium that governs them. CCF is open-source and available now at https://github.com/microsoft/CCF.

翻译：机密性、完整性保护与高可用性（简称CIA）是可信数据系统的核心属性。然而，云计算的普及与多方应用需求的日益增长，使得构建现代CIA系统变得前所未有的具有挑战性。为此，我们提出机密联盟框架（CCF），一个用于开发安全有状态CIA应用的通用基础平台。CCF将集中式计算与分布式信任相结合，支持部署在不可信的云基础设施上，并由互不信任的参与方进行透明治理。CCF利用基于硬件的可信执行环境实现可远程验证的机密性与代码完整性，同时结合由可审计不可篡改账本支撑的状态机复制技术，保障数据完整性与高可用性。CCF允许每个服务引入自有业务逻辑、自定义多方治理模型及部署场景，从而将节点运营者与联盟治理机构解耦。CCF现已开源，可通过https://github.com/microsoft/CCF获取。