During the spring of 2025, Google engaged NCC Group to conduct the security assessment of Confidential Space. Confidential Space is a cloud-based system designed to provide isolated execution environments for sensitive workloads. In this latest revision, Confidential Space has been integrated with Intel TDX confidential computing technology, Intel Tiber Trust Authority (an independent attestation verifier service), and AWS Identity and Access Management (IAM). Documentation describing the system architecture was provided.
The assessment primarily involved dynamic testing of the system, conducted in a production environment with select pre-production features enabled.
The public report for this review is available for download below: