Towards the Medicine of the Future in Bavaria and Germany, One Heartbeat at the Time With Confidential Computing

Conference Talk, Open Confidential Computing Conference, Online
March 15th 2023

Since 2018, the Bavarian ministry of health has invested 24.5 million euros in the DigiMed Bayern project with the ambition to create the lighthouse that will guide Germany towards the medicine of the future. By developing a legal framework and a secure environment powered by confidential computing technologies, over one hundred researchers, clinicians, lawyers, and tinkerers from academia and industry across 14 institutions have found a sovereign computing environment to collaborate on sensitive multi-omic medical data. With the common goal to advance research on heart disease, they already published more than 50 scientific publications and developed large-scale studies and smart wearable technologies.

In the first part of this talk, we will focus on the Bavarian Cloud for Health Research (BCHR) which is the cornerstone of the project. Architected around confidential computing technologies and hosted at the top-tier Leibniz Supercomputing Centre (LRZ) in Munich, we will present how the Big Data and Artificial Intelligence team has engineered the BCHR with security and performance for AI/ML workloads in mind. We will showcase heterogeneous workloads running on the OpenStack-based cloud with hundreds of cores at the petabyte scale, as well as its prospective integration in the European cloud GAIA-X.

In the second part of this talk, we will focus on a new axis of research opened by confidential computing in the area of Privacy-Preserving AI. While approaches like Differential Privacy, Secure Multiparty Computation, or Homomorphic Encryption allow parties to collaborate on confidential data, they come at the expense of the model’s utility. We will discuss how TEEs can be repurposed for AI workloads and allow to train models privately, at high velocity, and without reducing the model’s accuracy. The emphasis will be put on computer vision applications with convolutional neural networks, secure inference in TEEs, hardware acceleration with GPUs, and remote attestation of the privacy guarantee.