FRIDGE extends trusted research environments to powerful, external compute resources using an ephemeral, satellite TRE deployed in a secure enclave.
Overview¶
TREs can be constrained by the computing resources available to them. This could hinder research which requires high-performance hardware and accelerators, for example AI workloads. Cloud and HPC systems possess great computational power but they are not useable for research with sensitive data if they lie outside the governance boundary of a TRE. FRIDGE enables the use of computing power from external resources, such as cloud or cloud-native HPC, in an existing TRE.
FRIDGE extends the governance boundary of an existing TRE to the external resource. This is achieved by provisioning a secure enclave to the external infrastructure into which the ephemeral FRIDGE satellite TRE is deployed. In effect, a portion of the external system is borrowed by the TRE and brought under the control of the TRE, and its existing governance and administrators.
The advantage of this approach is, as we can formally consider the FRIDGE deployment part of an existing TRE, there is no need to involve the external infrastructure provider in data sharing agreements or rewrite existing agreements with data owners.