Cited By
View all- Russinovich MFournet CZaverucha GBenaloh JMurdoch BCosta M(2024)Confidential Computing ProofsQueue10.1145/368994922:4(73-100)Online publication date: 11-Sep-2024
Why Should I Trust Your Code?
Abstract
Confidential computing enables users to authenticate code running in TEEs, but users also need evidence this code is trustworthy.
References
[1]
Al-Bassam, M., Meiklejohn, S. Contour: A Practical System for Binary Transparency. Data Privacy Management, Cryptocurrencies and Blockchain Technology. Springer, 2018, 94--110; https://link.springer.com/chapter/10.1007/978-3-030-00305-0_8.
[2]
Birkholz, H., Delignat-Lavaud, A., Fournet, C., Deshpande, Y., Lasker, S. An Architecture for Trustworthy and Transparent Digital Supply Chains. IETF SCITT Working Group, 2022; https://datatracker.ietf.org/doc/draft-ietf-scitt-architecture/.
[3]
Brunner, C., Gallersdörfer, U., Knirsch, F., Engel, D., Matthes, F. DID and VC: Untangling decentralized identifiers and verifiable credentials for the web of trust. In Proceedings of the 3rd Intern. Conf. Blockchain Technology and Applications, 2020, 61--66
[4]
Confidential Consortium Framework. Microsoft. GitHub; https://github.com/microsoft/CCF.
[5]
CycloneDX SBOM standard. CycloneDX, 2023; https://cyclonedx.org.
[6]
Damlaj, I., Saboori, A. A deeper dive into confidential GKE nodes. Google, 2020; https://cloud.google.com/blog/products/identity-security/confidential-gke-nodes-now-available.
[7]
Dauterman, E., Fang, V., Crooks, N., Popa, R.A. Reflections on trusting distributed trust. In Proceedings of the 21st ACM Workshop on Hot Topics in Networks, 2020, 38--45
[8]
Ferraiuolo, A., Behjati, R., Santoro, T., Laurie, B. Policy transparency: Authorization logic meets general transparency to prove software supply chain integrity. In Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, 3--13
[9]
Laurie, B. Certificate transparency. Commun. ACM 57, 10 (Oct. 2014), 40--46
[10]
Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J. CONIKS: bringing key transparency to end users. In Proceedings of the 24th Usenix Security Symp. 2015; https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-melara.pdf.
[11]
Microsoft. Confidential containers on Azure container instances (ACI), 2023; https://learn.microsoft.com/en-us/azure/container-instances/container-instances-confidential-overview.
[12]
Newman, Z., Meyers, J.S., Torres-Arias, S. Sigstore: Software signing for everybody. In Proceedings of the ACM SIGSAC Conf. Computer and Communications Security, 2022, 2353--2367
[13]
Nikitin, K. et al. CHAINIAC: Proactive software-update transparency via collectively signed skipchains and verified build. In Proceedings of the 26th Usenix Security Symp., 2017; https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/nikitin.
[14]
Open Enclave SDK. GitHub; https://github.com/openenclave/openenclave.
[15]
Russinovich, M., et al. Toward confidential cloud computing. Commun. ACM 64, 8 (Aug. 2021), 54--61; https://cacm.acm.org/magazines/2021/6/252824-toward-confidential-cloud-computing/abstract.
[16]
SCITT service prototype based on CCF. Microsoft. GitHub, 2023; https://github.com/microsoft/scitt-ccf-ledger.
[17]
Stewart, K., Odence, P., Rockett, E. Software package data exchange (SPDX) specification. International Free and Open Source Software Law Review 2, 2 (2010), 191--196; https://www.jolts.world/index.php/jolts/article/view/45.
[18]
Thompson, K. Reflections on trusting trust. Commun. ACM 27, 8 (Aug. 1984), 761--763
[19]
Torres-Arias, S., Afzali, H., Kuppusamy, T. K., Curtmola, R., Cappos, J. 2019. in-toto: providing farm-to-table guarantees for bits and bytes. In Proceedings of the 28th Usenix Security Symp. 2019; https://www.usenix.org/conference/usenixsecurity19/presentation/torres-arias.
[20]
Transparent code updates for confidential computing. Draft Technical Report. https://www.microsoft.com/research/group/azure-research/.
[21]
Triton inference server. GitHub; https://github.com/triton-inference-server.
Recommendations
Understanding code snippets in code reviews: a preliminary study of the OpenStack community
ICPC '22: Proceedings of the 30th IEEE/ACM International Conference on Program ComprehensionCode review is a mature practice for software quality assurance in software development with which reviewers check the code that has been committed by developers, and verify the quality of code. During the code review discussions, reviewers and ...
Bug localization via searching crowd-contributed code
Internetware '14: Proceedings of the 6th Asia-Pacific Symposium on InternetwareBug localization, i.e., locating bugs in code snippets, is a frequent task in software development. Although static bug-finding tools are available to reduce manual effort in bug localization, these tools typically detect bugs with known project-...
Understanding and Detecting Harmful Code
SBES '20: Proceedings of the XXXIV Brazilian Symposium on Software EngineeringCode smells typically indicate poor design implementation and choices that may degrade software quality. Hence, they need to be carefully detected to avoid such poor design. In this context, some studies try to understand the impact of code smells on the ...
Comments
Information & Contributors
Information
Published In
Copyright © 2023 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 December 2023
Published in CACM Volume 67, Issue 1
Check for updates
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 1,659Total Downloads
- Downloads (Last 12 months)1,659
- Downloads (Last 6 weeks)195
Reflects downloads up to 15 Oct 2024
Other Metrics
Citations
Cited By
View all- Russinovich MFournet CZaverucha GBenaloh JMurdoch BCosta M(2024)Confidential Computing ProofsQueue10.1145/368994922:4(73-100)Online publication date: 11-Sep-2024
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderDigital Edition
View this article in digital edition.
Digital EditionMagazine Site
View this article on the magazine site (external)
Magazine SiteGet Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in