Design a Confidential-Computing Architecture for a Genomics Workflow
Overview
What this challenge is about.
Receive the workflow description (per-hospital genome BAM files uploaded to S3, processed by a variant-calling pipeline, results returned per-hospital), the partner-hospital legal constraints (raw genomes never decrypted outside a confidential boundary), and the candidate cloud platforms (Azure DCadsv5 with SEV-SNP or GCP C3 with TDX). Design the architecture: per-hospital KMS keys, confidential VMs running the pipeline, remote-attestation flow before any key release, encrypted-in-transit-and-at-rest data paths. Prototype the remote-attestation flow against a SEV-SNP or TDX testbed (a small Rust or Go service that requests an attestation report, sends it to a verifier, receives the wrapped key). Build a STRIDE threat model focused on the new boundaries. Deliver the architecture diagrams, the attestation prototype, an 8-page ADR, the threat model, and a 1-page legal-team summary.
The Brief
What you'll do, and what you'll demonstrate.
Design and prototype a confidential-computing architecture using SEV-SNP or TDX that keeps patient genomes opaque to the cloud provider and to the other 3 partner hospitals.
Earning criteria — what you'll demonstrate
- Design a multi-party architecture using confidential computing primitives
- Implement and verify a remote-attestation flow against real hardware
- Threat-model with TEE-aware trust boundaries
- Translate cryptographic architecture into legal-grade plain language
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.