During the summer of 2022, Google engaged NCC Group to conduct a security assessment of the Confidential Space product. The system provides a confidential computing environment that allows cloud customers to run workloads in the cloud that can be attested to run a specific payload with high assurances that the workload was not and cannot be tampered with. Container images and source code were provided for various components of the Confidential Space platform.
Overall, no security vulnerabilities were identified in the in-scope components of the Confidential Space product during the allotted testing time.
The public report for this review may be downloaded below: