[Cryptography] Data in Use
Natanael
natanael.l at gmail.com
Fri Aug 5 08:03:11 EDT 2022
Den fre 5 aug. 2022 08:51Andrea Pasquinucci <liste at ucci.it> skrev:
>
> Sorry but to me "Data in use" is an old (but still critical) concept,
> unless you are discussing something different.
>
> Please have a look for example at
>
> https://confidentialcomputing.io/
>
> whose title is
>
> The Confidential Computing Consortium is a community focused on projects
> securing data in use and accelerating the adoption of confidential
> computing through open collaboration.
>
> Or are you referring to something else?
>
There's additional approaches.
The first that comes to mind is capability based systems, wherein the
default level is system access for any piece of code is nothing at all.
Access isn't even inherented from a parent process, it has to be explicitly
delegated. I believe some schemes go so far as to encrypt the memory and
link the encryption key access to capability tokens.
Formal verification is another approach, and some use code synthetization
from a spec.
On top of that there's hardware based attestation schemes and secure boot
type schemes.
Not to mention red/black systems;
https://csrc.nist.gov/glossary/term/red_black_concept
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220805/b129ae78/attachment.htm>
More information about the cryptography
mailing list