One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8346271 |
| Date de publication | 2023-06-16 13:11:38 (vue: 2023-06-16 19:06:34) |
| Titre | Apporter la transparence à l'informatique confidentielle avec SLSA Bringing Transparency to Confidential Computing with SLSA |
| Texte | Asra Ali, Razieh Behjati, Tiziano Santoro, Software EngineersEvery day, personal data, such as location information, images, or text queries are passed between your device and remote, cloud-based services. Your data is encrypted when in transit and at rest, but as potential attack vectors grow more sophisticated, data must also be protected during use by the service, especially for software systems that handle personally identifiable user data.Toward this goal, Google\'s Project Oak is a research effort that relies on the confidential computing paradigm to build an infrastructure for processing sensitive user data in a secure and privacy-preserving way: we ensure data is protected during transit, at rest, and while in use. As an assurance that the user data is in fact protected, we\'ve open sourced Project Oak code, and have introduced a transparent release process to provide publicly inspectable evidence that the application was built from that source code. This blog post introduces Oak\'s transparent release process, which relies on the SLSA framework to generate cryptographic proof of the origin of Oak\'s confidential computing stack, and together with Oak\'s remote attestation process, allows users to cryptographically verify that their personal data was processed by a trustworthy application in a secure environment. |
| Envoyé | Oui |
| Condensat | integrity specifically this transparent able about accessible added adding addition adherence advantage adversaries affected against ali all allow allows also answer answering any application are artifact artifacts asra assurance attack attacker attacks attestation auditability automated based before behjati between binaries binary blog bringing build builder builders building builds built but can cannot capture case chain channel check checks client clients cloud code collaborated command community compares complete computing confidential connection container containerize create cryptographic cryptographically data day details detect develops device did dockerfile don during each effort encourage encrypted endorsed endorsement engineersevery enhanced ensure ensuring environment especially establishes every evidence explanation explore fact forge forgeable framework from generate generated generates github goal google grow guarantees handle has have how ideas identifiable identities image images important improves inclusion information infrastructure inspectable instance instructions integrity interact interacting interested introduced introduces its key know layer level levels like:was listed location log malicious more must need new non not now oak one only open origin other out outwe overall paradigm particularly passed passes perform personal personally please points post potential potentially preserving privacy process process: processed processing produces project proof protect protected protocol provenance provide publicly published queries questions razieh reach recently recommend recreate related release released releases: relies remote report repository reproducibility research rest rigorous running runtime runtimes same santoro secure security see sending sensitive server servers service services set signature signs similarly slack slsa slsa project software sophisticated source source; sourced stack statement statements such supply sure systems take tampered team technical text these three thus tiziano together tokens tool toolchain toward track transit transparency transparent trust trusted trustproject trustworthiness trustworthy try use user users using vectors verification verification try verify verifying version visualization vulnerability way: ways when which with; workloads your |
| Tags | Tool |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.