"TowIt" is a free, global, cross-platform mobile app, website, and Web API that allows civilians to report parking violations and dangerous driving in real-time. The mission is to remove the barriers required to make cities effectively fight and deter bad parking and dangerous driving habits. The company ultimately aims to better existing social controls in order to drive necessary behavioral change through increased education, real-time reporting, optimized enforcement, as well as the resulting reactivity. == User base and adoption == The application has users reporting vehicular infractions in upwards of 30 countries. The top reporting countries are: Portugal, Canada, United States of America and Australia. Users have adopted TowIt for a variety of reasons, usually central to their geographical location and the prominent offences in those specific areas. For instance, the majority of Portuguese reports are cars parked on sidewalks, footpaths and pedestrian crossings, Australian reports are largely focused on the abuse of disabled parking spaces, and in Toronto or San Francisco users generally capture cars parked in bicycle lanes. == Functions == === Data collection === TowIt gathers data on individual parking offences, the prominence of various offence types, as well as recurring offenders. This allows the company to identify trends and hotspots in order to take action against problem vehicles, as well as to help improve urban planning, traffic congestion and gridlock management. Individuals modify or improve an aspect of their behavior in response to their awareness of being observed, theoretically more so when demonstrating selfishness, egocentrism, narcissism and anti-social behavior. The company states that by becoming a user, one can "help TowIt relieve congestion, reduce collisions, open up economies, improve the environment and enhance the lives of urban residents and suburban commuters alike". The company has acknowledged that there are numerous legislative changes that would be required to integrate with governments at any level in many countries. A simple three-step process allows users to take a photo of an offending vehicle and subsequently verifying the offending vehicle's license plate information before submitting by tapping the TowIt (submit) button. Photographical evidence can only be captured with the camera from within the TowIt application. An Internet connection is required. The company has stated that this was purposefully done for quality control and report validation purposes. Users may only submit and view their own report history on either the iOS or Android applications. Globally submitted reports are displayed uncensored and in aggregate only on the Android application and the TowIt website. The "Global Feed" feature was removed from iOS (see iTunes Connect Acceptance Issues). TowIt's back-end automatically geotags the report and compares it to local parking by-law data, including by-law types, locations, times, side(s) of street, etc.- where available. Valid reports are posted to the global feed, to the TowIt website, and passed on to municipalities and police for enforcement (where connected). === Technologies used under license === TowIt currently utilizes the following software or software libraries under license: AngularJS, Apache Cordova, Apple iTunes Store EULA, Chart.js, Google Play Distribution Agreement, Ionic Framework, MongoDB, Moment.js, Python 2.7, Python Flask, and jQuery. == Company history == The TowIt application was conceived by Michael Duncan McArthur on December 5, 2014, as a response to Toronto Mayor John Tory's election mandate to "get this city moving". The application was announced via TowIt's official Twitter page on January 6, 2015. After the initial public announcement, Michael & Gregory were contacted by members of John Tory's staff on January 8, 2015, and invited to demo a prototype at Toronto City Hall on January 12, 2015. The two were also invited to meet with Toronto Councillor Norm Kelly, in his City Hall office, for a subsequent demo of the live Android application on January 28, 2015. A similar meeting and demo took place with members of the Traffic Services department of Toronto Police Service on February 2, 2015. Michael & Gregory teamed up with friends and Toronto-based developers Dae-Seon Moon, Jesse Malone, and Marcus Veres to complete the prototype in time to meet the city's imposed demo deadline and to launch the initial Android version of the application. TowIt officially launched on the Android platform on January 16, 2015. A subsequent iOS launch took place on March 19, 2015. === iTunes connect acceptance issues === The iOS version of the application was delayed for approximately two months, only after significant deliberation with Apple's iTunes Connect review board around (as then stated) rule: "14.1 - Any App that is defamatory, offensive, mean-spirited, or likely to place the targeted individual or group in harm's way will be rejected." The result was having to remove the "Global Feed" feature from the iOS platform, in which civilian users could view all recent reports from within the application. This feature still exists on the Android platform. === Business and legal === TowIt engaged Wildeboer Dellelce, one of Canada's leading business law and transactional corporate finance law firms, on January 17, 2015. The company filed for incorporation as "TowIt Solutions Inc." by both Michael & Gregory in the Canadian province of Ontario on January 22, 2015. TowIt continues to operate under a Freemium business model. The company is 100% bootstrapped and has received no outside investment to date. TowIt was accepted into the MaRS Discovery District's Venture Services program on March 4, 2015. === Lobbyist registration === After receiving initial press coverage in January and February 2015, an unknown entity reported Michael & Gregory's initial communications with city staff to the City of Toronto's Lobbyist Registrar. This complaint resulted in legal threats of fines received on February 10, 2015, for apparently and unknowingly breaking municipal lobbying by-laws. These fines (of up to $100,000) were eventually withdrawn after Michael & Gregory immediately provided all records of communication with city officials and registered as lobbyists in the City of Toronto on the subjects of By-law / Regulation, Parking, and Technology. Their registration was accepted by the Lobbyist Registrar on March 6, 2015. However, communication with Toronto city staff was reduced greatly as a result, which the company believes may have been the desired intent of the original complaint. === Outreach and activism === TowIt encourages its global user base to reach out to their local government representatives to promote the app at the users' own will. This tactic is used not only to demonstrate grassroots support, but also to avoid future lobbying issues. On June 2, 2015, the company officially partnered with Australian campaign "No Permit No Park" who advocate for the creation of inclusive communities. == Reception == The Best Planning Apps for 2016 by Planetizen, 5 Toronto apps you should be using by Indie88, 12 Best Apps Made In Canada by TechVibes.
Security of the Java software platform
The Java software platform provides a number of features designed for improving the security of Java applications. This includes enforcing runtime constraints through the use of the Java Virtual Machine (JVM), a security manager that sandboxes untrusted code from the rest of the operating system, and a suite of security APIs that Java developers can utilise. Despite this, criticism has been directed at the programming language, and Oracle, due to an increase in malicious programs that revealed security vulnerabilities in the JVM, which were subsequently not properly addressed by Oracle in a timely manner. == Security features == === The JVM === The binary form of programs running on the Java platform is not native machine code but an intermediate bytecode. The JVM performs verification on this bytecode before running it to prevent the program from performing unsafe operations such as branching to incorrect locations, which may contain data rather than instructions. It also allows the JVM to enforce runtime constraints such as array bounds checking. This means that Java programs are significantly less likely to suffer from memory safety flaws such as buffer overflow than programs written in languages such as C which do not provide such memory safety guarantees. The platform does not allow programs to perform certain potentially unsafe operations such as pointer arithmetic or unchecked type casts. It manages memory allocation and initialization and provides automatic garbage collection which in many cases (but not all) relieves the developer from manual memory management. This contributes to type safety and memory safety. === Security manager === The platform provides a security manager which allows users to run untrusted bytecode in a "sandboxed" environment designed to protect them from malicious or poorly written software by preventing the untrusted code from accessing certain platform features and APIs. For example, untrusted code might be prevented from reading or writing files on the local filesystem, running arbitrary commands with the current user's privileges, accessing communication networks, accessing the internal private state of objects using reflection, or causing the JVM to exit. The security manager also allows Java programs to be cryptographically signed; users can choose to allow code with a valid digital signature from a trusted entity to run with full privileges in circumstances where it would otherwise be untrusted. Users can also set fine-grained access control policies for programs from different sources. For example, a user may decide that only system classes should be fully trusted, that code from certain trusted entities may be allowed to read certain specific files, and that all other code should be fully sandboxed. === Security APIs === The Java Class Library provides a number of APIs related to security, such as standard cryptographic algorithms, authentication, and secure communication protocols. === The sun.misc.Unsafe class === sun.misc.Unsafe is an internal utility class in the Java programming language which is a collection of low-level unsafe operations. While it is not a part of the official Java Class Library, it is called internally by the Java libraries. It resides in an unofficial Java module named jdk.unsupported. Beginning in Java 11, it has been partially migrated to jdk.internal.misc.Unsafe (which resides in module java.base). Its primary feature is to allow direct memory management (similar to C memory management) and memory address manipulation, manipulating objects and fields, thread manipulation, and concurrency primitives. Its declaration is: public final class Unsafe;, and it is a singleton class with a private constructor. It contains the following methods, many of which are declared native (invoking Java Native Interface): static Unsafe getUnsafe(): retrieves the Unsafe instance. It uses sun.reflect.Reflection to do so. int getInt(Object o, long offset): fetches a value (a field or array element) in the object at the given offset. (There are corresponding getBoolean(), getByte(), getShort(), getChar(), getLong(), getFloat(), and getDouble() methods as well.) void putInt(Object o, long offset, int x): stores a value into an object at the given offset. (There are corresponding putBoolean(), putByte(), putShort(), putChar(), putLong(), putFloat(), and putDouble() methods as well.) Object getObject(Object o, long offset): fetches a reference value from an object at the given offset. void putObject(Object o, long offset, Object x): stores a reference value into an object at the given offset. int getInt(long address): fetches a value at the given address. (There are corresponding getBoolean(), getByte(), getShort(), getChar(), getLong(), getFloat(), and getDouble() methods as well.) void putInt(long address, int x): stores a value into the given address. (There are corresponding putBoolean(), putByte(), putShort(), putChar(), putLong(), putFloat(), and putDouble() methods as well.) long getAddress(long address): fetches a native pointer from a given address. void putAddress(long address, long x): stores a native pointer into a given address. long allocateMemory(long bytes): allocates a block of native memory of the given size (similar to malloc()). long reallocateMemory(long address, long bytes): resizes a block of native memory to the given size (similar to realloc()). void setMemory(Object o, long offset, long bytes, byte value), void setMemory(long address, long bytes, byte value): sets all bytes in a block of memory to a fixed value (similar to memset()). void copyMemory(Object srcBase, long srcOffset, Object destBase, long destOffset, long bytes), void copyMemory(long srcAddress, long destAddress, long bytes): sets all bytes in a given block of memory to a copy of another block (similar to memcpy()). void freeMemory(long address): deallocates a block of native memory obtained from allocateMemory() or reallocateMemory(), similar to free()). long staticFieldOffset(Field f): obtains the location of a given field in the storage allocation of its class. long objectFieldOffset(Field f): obtains the location of a given static field in conjunction with staticFieldBase(). Object staticFieldBase(Field f): obtains the location of a given static field in conjunction with staticFieldOffset(). void ensureClassInitialized(Class c): ensures the given class has been initialized. int arrayBaseOffset(Class arrayClass): obtains the offset of the first element in the storage allocation of a given array class. int arrayIndexScale(Class arrayClass): obtains the scale factor for addressing elements in the storage allocation of a given array class. static int addressSize(): obtains the size (in bytes) of a native pointer. int pageSize(): obtains the size (in bytes) of a native memory page. Class defineClass(String name, byte[] b, int off, int len, ClassLoader loader, ProtectionDomain protectionDomain): signals to the JVM to define a class without security checks. Class defineAnonymousClass(Class hostClass, byte[] data, Object[] cpPatches): signals to the JVM to define a class but do not make it known to the class loader or system directory. Object allocateInstance(Class cls) throws InstantiationException: allocates an instance of a class without running its constructor. void monitorEnter(Object o): locks an object. void monitorExit(Object o): unlocks an object. boolean tryMonitorEnter(Object o): tries to lock an object, returning whether the lock succeeded. void throwException(Throwable ee): throws an exception without telling the verifier. final boolean compareAndSwapInt(Object o, long offset, int expected, int x): updates a variable to x if it is holding expected, returning whether the operation succeeded. (There are corresponding compareAndSwapLong() and compareAndSwapObject() methods as well.) int getIntVolatile(Object o, long offset): volatile version of getInt(). (There are corresponding getBooleanVolatile(), getByteVolatile(), getShortVolatile(), getCharVolatile(), getLongVolatile(), getFloatVolatile(), getDoubleVolatile(), and getObjectVolatile() methods as well.) void putIntVolatile(Object o, long offset, int x): volatile version of putInt(). (There are corresponding putBooleanVolatile(), putByteVolatile(), putShortVolatile(), putCharVolatile(), putLongVolatile(), putFloatVolatile(), putDoubleVolatile(), and putObjectVolatile() methods as well.) void putOrderedInt(Object o, long offset, int x): version of putIntVolatile() not guaranteeing immediate visibility of storage to other threads. (There are corresponding putOrderedLong() and putOrderedObject() methods as well.) void unpark(Object thread): unblocks a thread. void park(boolean isAbsolute, long time): blocks the current thread. int getLoadAverage(double[] loadavg, int nelems): gets the load average in the system run queue assigned to available processors averaged over various periods of time. void invokeCleaner(ByteBuffe
List of software palettes
This is a list of software palettes used by computers. Systems that use a 4-bit or 8-bit pixel depth can display up to 16 or 256 colors simultaneously. Many personal computers in the early 1990s displayed at most 256 different colors, freely selected by software (either by the user or by a program) from their wider hardware's RGB color palette. Usual selections of colors in limited subsets (generally 16 or 256) of the full palette includes some RGB level arrangements commonly used with the 8-bit palettes as master palettes or universal palettes (i.e., palettes for multipurpose uses). These are some representative software palettes, but any selection can be made in such of systems. For specific hardware color palettes, see the list of monochrome and RGB palettes, list of 8-bit computer hardware graphics, the list of 16-bit computer hardware graphics and the list of video game console palettes articles. Each palette is represented by an array of color patches. A one-pixel size version appears below each palette, to make it easy to compare palette sizes. For each unique palette, an image color test chart and sample image (truecolor original follows) rendered with that palette (without dithering) are given. The test chart shows the full 8-bit, 256 levels of the red, green, and blue (RGB) primary colors and cyan, magenta, and yellow complementary colors, along with a full 8-bit, 256 levels grayscale. Gradients of RGB intermediate colors (orange, lime green, sea green, sky blue, violet and fuchsia), and a full hue spectrum are also present. Color charts are not gamma corrected. These elements illustrate the color depth and distribution of the colors of any given palette, and the sample image indicates how the color selection of such palettes could represent real-life images. == System specifics == These are selections of colors officially employed as system palettes in some popular operating systems for personal computers that support 8-bit displays. === Microsoft Windows and IBM OS/2 default 16-color palette === Used by these platforms as a roughly backward compatible palette for the CGA, EGA and VGA text modes, but with colors arranged in a different order. Also, is the default palette for 16 color icons. The corresponding indices into this palette are: === Microsoft Windows default 20-color palette === In 256-color mode, there are four additional standard Windows colors, twenty system reserved colors in total; thus the system leaves 236 palette indexes free for applications to use. The system color entries inside a 256-color palette table are the first ten plus the last ten. In any case, the additional system colors do not seem to add a sharp color richness: they are only some intermediate shades of grayish colors. Since Windows 95, these additional colors can be changed by the system when a color scheme needs custom colors, reducing their utility as static, unchanging palette entries. The complete 20-color Windows system palette is: === Apple Macintosh default 16-color palette === When Apple Computer introduced the Macintosh II in 1987, this 16-color palette was included in System 4.1. === RISC OS default palette === Acorn RISC OS 2.x and 3.x provided this 16-color palette: === Solaris default 16-color palette === Solaris OS used this color palette: == RGB arrangements == These are selections of colors based in evenly ordered RGB levels which provide complete RGB combinations, mainly used as master palettes to display any kind of image within the limitations of the 8-bit pixel depth. === 6 level RGB === Having six levels for every primary, with 6³ = 216 combinations. The index can be addressed by (36×R)+(6×G)+B, with all R, G and B values in a range from 0 to 5. Intended as homogeneous RGB cube, it gives six true grays. Also, there is room for another sorts of 40 colors, so operating systems or programs can add extra colors. Systems that use this software palette are: Web-safe colors Apple Macintosh 256 color default palette. It also contains four gradients of ten shades each for gray, red, green and blue. === 6-7-6 levels RGB === This palette is constructed with six levels for red and blue primaries and seven levels for the green primary, giving 6×7×6 = 252 combinations. The index can be addressed by (42×R)+(6×G)+B, with R and B values in a range from 0 to 5 and G in a range from 0 to 6. The same case as the former, but with an added level of green due to the greater sensibility of the normal human eye to this frequency. It does not provide true grays, but remaining indexes can be filled with four intermediate grays. In any case, there is little room for any other color. === 6-8-5 levels RGB === This palette is constructed with six levels for red, eight levels for green and five levels for the blue primaries, giving 6×8×5 = 240 combinations. The index can be addressed by (40×R)+(5×G)+B, with R ranging from 0 to 5, G from 0 to 7 and B from 0 to 4. Levels are chosen in function of sensibility of the normal human eye to every primary color. Also, it does not provide true grays. Remaining indexes can be filled with sixteen intermediate grays or other fixed colors. In fact, this is the best balanced RGB master software palette, in a compromise between the RGB arrangement based in the human eye's sensibility and a sufficient remaining palette entries for another purposes. === 8-8-4 levels RGB === The 8-8-4 level RGB use eight levels for each of the red and green color components (3+3 high order bits), and four levels (2 low order bits) for the blue component, due to the lesser sensitivity of the normal human eye to this primary color. This results in an 8×8×4 = 256-color palette as follows: This RGB software palette occupies the full 8-bit range of possible palette entries, so there is no room for other fixed colors. Software using this palette must draw their user interface elements with the same colors used to show pictures. Also again, it does not provide true grays. == Other common uses of software palettes == === Grayscale palettes === Simple palette made doing every triplet RGB primaries having equal values as a continuous gradient from black to white through the full available palette entries. Here is the 8-bit, 256 levels palette: Used to display pure grayscale TIFF or JPEG images, for example. === Color gradient palettes === Palettes made of a continuous color gradient from darkest to lightest arbitrary hues. The pixel data is treated as if it were grayscale, but the color table plays with RGB color combinations, not only gray. The relationship between the original luminance and the mapped one can vary, but the lighting scale is preserved along all the palette entries. One very common case of such palettes is the sepia tone palette, which gives an image an old fashioned and aged look (left). Another gradient example, based on blue hues, is presented here (right), but any hue or mixing of hues can be used. Many cell phones with built-in cameras have options to take colorized photos using this technique. === Adaptive palettes === Those whose whole number of available indexes are filled with RGB combinations selected from the statistical order of appearance (usually balanced) of a concrete full true color original image. There exist many algorithms to pick the colors through color quantization; one well known is the Heckbert's median-cut algorithm. Here is the 8-bit, 256 color palette used with the color test chart and the image sample above: Adaptive palettes only work well with a unique image. Trying to display different images with adaptive palettes over an 8-bit display usually results in only one image with correct colors, because the images have different palettes and only one can be displayed at a time. Here is an example of what happens when an indexed color image is displayed with any color palette that is not its own adaptive palette: === False color palettes === Arbitrary gradient color scales, usually 256 shades, with no relationship with real colors of a given image. They are employed to artificially colorize a grayscale image to reveal details and/or to map the pixel level values to amounts of some physical magnitude (potential, temperature, altitude, etc.) Note, in the example above, that new details can be seen as blue over magenta in the background's dark areas of the original photograph. Here is the 8-bit, 256 color gradient palette used with the color test chart and the image sample above: There exist many false color palettes, some of them standardized, used mainly in scientific applications: astronomy and radioastronomy, satellite land imaging, thermography, study of materials, tomography and magnetic resonance imaging in medicine, etc.
Drop shadow
In graphic design and computer graphics, a drop shadow is a visual effect consisting of a drawing element which looks like the shadow of an object, giving the impression that the object is raised above the objects behind it. The drop shadow is often used for elements of a graphical user interface such as windows or menus, and for simple text. The text label for icons on desktops in many desktop environments has a drop shadow, as this effect effectively distinguishes the text from any colored background it may be in front of. A simple way of drawing a drop shadow of a rectangular object is to draw a gray or black area underneath and offset from the object. In general, a drop shadow is a copy in black or gray of the object, drawn in a slightly different position. Realism may be increased by: Darkening the colors of the pixels where the shadow casts instead of making them gray. This can be done with alpha blending the shadow with the area it is cast on. Softening the edges of the shadow. This can be done by adding Gaussian blur to the shadow's alpha channel before blending. Inset drop shadows are a type which draws the shadows inside the element. This allows the interface element to appear as if it is sunken into the interface. == Photo editing == In photo editing or photography post-production, a drop shadow may be added right beneath a model or product in the image. It is used to create contrast between the background and the subject. To add a drop shadow, retouchers use graphic editing tools like Adobe Photoshop. Drop shadows are often used as a visual effect in e-commerce. This is done to improve the presentation of product images and create depth in the image. == Use == Generally, window managers which are capable of compositing allow drop shadow effects, whereas incapable window managers do not. In some operating systems like macOS, drop shadow is used to differentiate between active and inactive windows. Websites are able to use drop shadow effects through the CSS properties box-shadow, text-shadow, and drop-shadow() filter function in filter. The first two are used for elements and text respectively, while the filter applies to the element's content, letting it support oddly shaped elements or transparent images.
Data administration
Data administration or data resource management is an organizational function working in the areas of information systems and computer science that plans, organizes, describes and controls data resources. Data resources are usually stored in databases under a database management system or other software such as electronic spreadsheets. In many smaller organizations, data administration is performed occasionally, or is a small component of the database administrator’s work. In the context of information systems development, data administration ideally begins at system conception, ensuring there is a data dictionary to help maintain consistency, avoid redundancy, and model the database so as to make it logical and usable, by means of data modeling, including database normalization techniques. == Data resource management == According to the Data Management Association (DAMA), data resource management is "the development and execution of architectures, policies, practices and procedures that properly manage the full data lifecycle needs of an enterprise". Data Resource management may be thought of as a managerial activity that applies information system and other data management tools to the task of managing an organization’s data resource to meet a company’s business needs, and the information they provide to their shareholders. From the perspective of database design, it refers to the development and maintenance of data models to facilitate data sharing between different systems, particularly in a corporate context. Data Resource Management is also concerned with both data quality and compatibility between data models. Since the beginning of the information age, businesses need all types of data on their business activity. With each data created, when a business transaction is made, need data is created. With these data, new direction is needed that focuses on managing data as a critical resource of the organization to directly support its business activities. The data resource must be managed with the same intensity and formality that other critical resources are managed. Organizations must emphasize the information aspect of information technology, determine the data needed to support the business, and then use appropriate technology to build and maintain a high-quality data resource that provides that support. Data resource quality is a measure of how well the organization's data resource supports the current and the future business information demand of the organization. The data resource cannot support just the current business information demand while sacrificing the future business information demand. It must support both the current and the future business information demand. The ultimate data resource quality is stability across changing business needs and changing technology. A corporate data resource must be developed within single, organization-wide common data architecture. A data architecture is the science and method of designing and constructing a data resource that is business driven, based on real-world objects and events as perceived by the organization, and implemented into appropriate operating environments. It is the overall structure of a data resource that provides a consistent foundation across organizational boundaries to provide easily identifiable, readily available, high-quality data to support the business information demand. The common data architecture is a formal, comprehensive data architecture that provides a common context within which all data at an organization's disposal are understood and integrated. It is subject oriented, meaning that it is built from data subjects that represent business objects and business events in the real world that are of interest to the organization and about which data are captured and maintained.
ISLRN
The ISLRN or International Standard Language Resource Number is Persistent Unique Identifier for Language Resources. == Context == On November 18, 2013, 12 major organisations (see list below) from the fields Language Resources and Technologies, Computational Linguistics, and Digital Humanities held a cooperation meeting in Paris (France) and agreed to announce the establishment of the International Standard Language Resource Number (ISLRN), to be assigned to each Language Resource. Among the 12 organisations, 4 institutions constitute the ISLRN Steering Committee (ST) ADHO ACL Asian Federation of Natural Language Processing ST COCOSDA, International Committee for the Coordination & Standardisation of Speech Databases and Assessment Techniques ICCL (COLING) European Data Forum ELRA ST IAMT, International Association for Machine Translation Archived 2010-06-24 at the Wayback Machine ISCA LDC ST Oriental COCOSDA ST RMA, Language Resource Management Agency == Size and Content == The Joint Research Centre(JRC), the [European Commission]'s in-house science service, was the first organisation to adopt the ISLRN initiative and requested. 2500 resources and tools have already been allocated an ISLRN. These resources include written data (Annotated corpus, Annotated text, List of misspelled word, Terminological database, Treebank, Wordnet, etc.) and speech corpora (Synthesised Speech, Transcripts and Audiovisual Recordings, Conversational Speech, Folk Sayings, etc.) == Objectives == Providing Language Resources with unique names and identifiers using a standardized nomenclature ensures the identification of each Language Resources and streamlines the citation with proper references in activities within Human Language Technology as well as in documents and scientific publications. Such unique identifier also enhances the reproducibility, an essential feature of scientific work.
Confidential computing
Confidential computing is a security and privacy-enhancing computational technique focused on protecting data in use. Confidential computing can be used in conjunction with storage and network encryption, which protect data at rest and data in transit respectively. It is designed to address software, protocol, cryptographic, and basic physical and supply-chain attacks, although some critics have demonstrated architectural and side-channel attacks effective against the technology. The technology protects data in use by performing computations in a hardware-based trusted execution environment (TEE). Confidential data is released to the TEE only once it is assessed to be trustworthy. Different types of confidential computing define the level of data isolation used, whether virtual machine, application, or function, and the technology can be deployed in on-premise data centers, edge locations, or the public cloud. It is often compared with other privacy-enhancing computational techniques such as fully homomorphic encryption, secure multi-party computation, and Trusted Computing. Confidential computing is promoted by the Confidential Computing Consortium (CCC) industry group, whose membership includes major providers of the technology. == Properties == Trusted execution environments (TEEs) "prevent unauthorized access or modification of applications and data while they are in use, thereby increasing the security level of organizations that manage sensitive and regulated data". Trusted execution environments can be instantiated on a computer's processing components such as a central processing unit (CPU) or a graphics processing unit (GPU). In their various implementations, TEEs can provide different levels of isolation including virtual machine, individual application, or compute functions. Typically, data in use in a computer's compute components and memory exists in a decrypted state and can be vulnerable to examination or tampering by unauthorized software or administrators. According to the CCC, confidential computing protects data in use through a minimum of three properties: Data confidentiality: "Unauthorized entities cannot view data while it is in use within the TEE". Data integrity: "Unauthorized entities cannot add, remove, or alter data while it is in use within the TEE". Code integrity: "Unauthorized entities cannot add, remove, or alter code executing in the TEE". In addition to trusted execution environments, remote cryptographic attestation is an essential part of confidential computing. The attestation process assesses the trustworthiness of a system and helps ensure that confidential data is released to a TEE only after it presents verifiable evidence that it is genuine and operating with an acceptable security posture. It allows the verifying party to assess the trustworthiness of a confidential computing environment through an "authentic, accurate, and timely report about the software and data state" of that environment. "Hardware-based attestation schemes rely on a trusted hardware component and associated firmware to execute attestation routines in a secure environment". Without attestation, a compromised system could deceive others into trusting it, claim it is running certain software in a TEE, and potentially compromise the confidentiality or integrity of the data being processed or the integrity of the trusted code. == Technical approaches == Technical approaches to confidential computing may vary in which software, infrastructure and administrator elements are allowed to access confidential data. The "trust boundary," which circumscribes a trusted computing base (TCB), defines which elements have the potential to access confidential data, whether they are acting benignly or maliciously. Confidential computing implementations enforce the defined trust boundary at a specific level of data isolation. The three main types of confidential computing are: Virtual machine isolation Application isolation, also known as process isolation Function isolation, also known as library isolation Virtual machine isolation removes the elements controlled by the computer infrastructure or cloud provider, but allows potential data access by elements inside a virtual machine running on the infrastructure. Application or process isolation permits data access only by authorized software applications or processes. Function or library isolation is designed to permit data access only by authorized subroutines or modules within a larger application, blocking access by any other system element, including unauthorized code in the larger application. == Threat model == As confidential computing is concerned with the protection of data in use, only certain threat models can be addressed by this technique. Other types of attacks are better addressed by other privacy-enhancing technologies. === In scope === The following threat vectors are generally considered in scope for confidential computing: Software attacks: including attacks on the host’s software and firmware. This may include the operating system, hypervisor, BIOS, other software and workloads. Protocol attacks: including "attacks on protocols associated with attestation as well as workload and data transport". This includes vulnerabilities in the "provisioning or placement of the workload" or data that could cause a compromise. Cryptographic attacks: including "vulnerabilities found in ciphers and algorithms due to a number of factors, including mathematical breakthroughs, availability of computing power and new computing approaches such as quantum computing". The CCC notes several caveats in this threat vector, including relative difficulty of upgrading cryptographic algorithms in hardware and recommendations that software and firmware be kept up-to-date. A multi-faceted, defense-in-depth strategy is recommended as a best practice. Basic physical attacks: including cold boot attacks, bus and cache snooping and plugging attack devices into an existing port, such as a PCI Express slot or USB port. Basic upstream supply-chain attacks: including attacks that would compromise TEEs through changes such as added debugging ports. The degree and mechanism of protection against these threats varies with specific confidential computing implementations. === Out of scope === Threats generally defined as out of scope for confidential computing include: Sophisticated physical attacks: including physical attacks that "require long-term and/or invasive access to hardware" such as chip scraping techniques and electron microscope probes. Upstream hardware supply-chain attacks: including attacks on the CPU manufacturing process, CPU supply chain in key injection/generation during manufacture. Attacks on components of a host system that are not directly providing the capabilities of the trusted execution environment are also generally out-of-scope. Availability attacks: confidential computing is designed to protect the confidentiality and integrity of protected data and code. It does not address availability attacks such as Denial of Service or Distributed Denial of Service attacks. == Use cases == Confidential computing can be deployed in the public cloud, on-premise data centers, or distributed "edge" locations, including network nodes, branch offices, industrial systems and others. === Data privacy and security === Confidential computing protects the confidentiality and integrity of data and code from the infrastructure provider, unauthorized or malicious software and system administrators, and other cloud tenants, which may be a concern for organizations seeking control over sensitive or regulated data. The additional security capabilities offered by confidential computing can help accelerate the transition of more sensitive workloads to the cloud or edge locations. === Multi-party analytics === Confidential computing can enable multiple parties to engage in joint analysis using confidential or regulated data inside a TEE while preserving privacy and regulatory compliance. In this case, all parties benefit from the shared analysis, but no party's sensitive data or confidential code is exposed to the other parties or system host. Examples include multiple healthcare organizations contributing data to medical research, or multiple banks collaborating to identify financial fraud or money laundering. Oxford University researchers proposed the alternative paradigm called "Confidential Remote Computing" (CRC), which supports confidential operations in Trusted Execution Environments across endpoint computers considering multiple stakeholders as mutually distrustful data, algorithm and hardware providers. === Confidential generative AI === Confidential computing technologies can be applied to various stages of a generative AI deployments to help increase data or model privacy, security, and regulatory compliance. TEEs and remote attestation can protect the integrity of data during AI model training, keep