Cited By
View all- Russinovich MFournet CZaverucha GBenaloh JMurdoch BCosta M(2024)Confidential Computing ProofsQueue10.1145/368994922:4(73-100)Online publication date: 11-Sep-2024
Why Should I Trust Your Code?
Abstract
Confidential computing enables users to authenticate code running in TEEs, but users also need evidence this code is trustworthy.
References
[1]
Al-Bassam, M., Meiklejohn, S. Contour: A Practical System for Binary Transparency. Data Privacy Management, Cryptocurrencies and Blockchain Technology. Springer, 2018, 94--110; https://link.springer.com/chapter/10.1007/978-3-030-00305-0_8.
[2]
Birkholz, H., Delignat-Lavaud, A., Fournet, C., Deshpande, Y., Lasker, S. An Architecture for Trustworthy and Transparent Digital Supply Chains. IETF SCITT Working Group, 2022; https://datatracker.ietf.org/doc/draft-ietf-scitt-architecture/.
[3]
Brunner, C., Gallersdörfer, U., Knirsch, F., Engel, D., Matthes, F. DID and VC: Untangling decentralized identifiers and verifiable credentials for the web of trust. In Proceedings of the 3rd Intern. Conf. Blockchain Technology and Applications, 2020, 61--66
[4]
Confidential Consortium Framework. Microsoft. GitHub; https://github.com/microsoft/CCF.
[5]
CycloneDX SBOM standard. CycloneDX, 2023; https://cyclonedx.org.
[6]
Damlaj, I., Saboori, A. A deeper dive into confidential GKE nodes. Google, 2020; https://cloud.google.com/blog/products/identity-security/confidential-gke-nodes-now-available.
[7]
Dauterman, E., Fang, V., Crooks, N., Popa, R.A. Reflections on trusting distributed trust. In Proceedings of the 21st ACM Workshop on Hot Topics in Networks, 2020, 38--45
[8]
Ferraiuolo, A., Behjati, R., Santoro, T., Laurie, B. Policy transparency: Authorization logic meets general transparency to prove software supply chain integrity. In Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, 3--13
[9]
Laurie, B. Certificate transparency. Commun. ACM 57, 10 (Oct. 2014), 40--46
[10]
Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J. CONIKS: bringing key transparency to end users. In Proceedings of the 24th Usenix Security Symp. 2015; https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-melara.pdf.
[11]
Microsoft. Confidential containers on Azure container instances (ACI), 2023; https://learn.microsoft.com/en-us/azure/container-instances/container-instances-confidential-overview.
[12]
Newman, Z., Meyers, J.S., Torres-Arias, S. Sigstore: Software signing for everybody. In Proceedings of the ACM SIGSAC Conf. Computer and Communications Security, 2022, 2353--2367
[13]
Nikitin, K. et al. CHAINIAC: Proactive software-update transparency via collectively signed skipchains and verified build. In Proceedings of the 26th Usenix Security Symp., 2017; https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/nikitin.
[14]
Open Enclave SDK. GitHub; https://github.com/openenclave/openenclave.
[15]
Russinovich, M., et al. Toward confidential cloud computing. Commun. ACM 64, 8 (Aug. 2021), 54--61; https://cacm.acm.org/magazines/2021/6/252824-toward-confidential-cloud-computing/abstract.
[16]
SCITT service prototype based on CCF. Microsoft. GitHub, 2023; https://github.com/microsoft/scitt-ccf-ledger.
[17]
Stewart, K., Odence, P., Rockett, E. Software package data exchange (SPDX) specification. International Free and Open Source Software Law Review 2, 2 (2010), 191--196; https://www.jolts.world/index.php/jolts/article/view/45.
[18]
Thompson, K. Reflections on trusting trust. Commun. ACM 27, 8 (Aug. 1984), 761--763
[19]
Torres-Arias, S., Afzali, H., Kuppusamy, T. K., Curtmola, R., Cappos, J. 2019. in-toto: providing farm-to-table guarantees for bits and bytes. In Proceedings of the 28th Usenix Security Symp. 2019; https://www.usenix.org/conference/usenixsecurity19/presentation/torres-arias.
[20]
Transparent code updates for confidential computing. Draft Technical Report. https://www.microsoft.com/research/group/azure-research/.
[21]
Triton inference server. GitHub; https://github.com/triton-inference-server.
Recommendations
Benevolence trust: a key determinant of user continuance use of online social networks
Online social networking (OSN) has attracted increased attention and growing membership in recent years. In this paper, we propose and test an extended and unified theory of acceptance and use of technology (UTAUT) model, including the additional areas ...
Understanding code snippets in code reviews: a preliminary study of the OpenStack community
ICPC '22: Proceedings of the 30th IEEE/ACM International Conference on Program ComprehensionCode review is a mature practice for software quality assurance in software development with which reviewers check the code that has been committed by developers, and verify the quality of code. During the code review discussions, reviewers and ...
Does Technology Trust Substitute Interpersonal Trust?: Examining Technology Trust's Influence on Individual Decision-Making
While an increasing number of trust studies examine technological artifacts as trust recipients, there is still a lack of basic understanding of how technology trust relates to traditional trust and its role within the broader nomological net ...
Comments
Information & Contributors
Information
Published In
Copyright © 2023 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 December 2023
Published in CACM Volume 67, Issue 1
Check for updates
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 2,034Total Downloads
- Downloads (Last 12 months)1,428
- Downloads (Last 6 weeks)99
Reflects downloads up to 02 Feb 2025
Other Metrics
Citations
Cited By
View all- Russinovich MFournet CZaverucha GBenaloh JMurdoch BCosta M(2024)Confidential Computing ProofsQueue10.1145/368994922:4(73-100)Online publication date: 11-Sep-2024
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderDigital Edition
View this article in digital edition.
Digital EditionMagazine Site
View this article on the magazine site (external)
Magazine SiteLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in