DCS: Trusted Execution Environment #10
Comments
gosuri
added a commit
that referenced
this issue
Mar 23, 2020
See: #10 Signed-off-by: Greg Osuri <me@gregosuri.com>
|
Are there updates on this? Is SGX support implemented or have an estimation? Will he highly valuable. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
Trusted Execution Environment (TEE) guarantees code and data loaded inside to be protected with respect to confidentiality and integrity that is enforced at the Process level.
Motivation
Providers execute a Tenant's workload. Providers have physical access to the machine executing a tenant’s workload thereby can gain access to sensitive information by inspecting the memory. The unprotected access presents a challenge to secure sensitive information when running on an untrusted node.
Rationale
When we use the cloud today, AWS for example, even though AWS employees can inspect your application, we trust that AWS ensures that it won’t be the case because of brand value. Akash. [DCS-8] ensure this level of trust by means of accreditation. We can enhance that trust further by providing a Trusted Execution Environment (TEE).
A TEE as an isolated execution environment provides security features such as isolated execution, the integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security to tenants than a rich operating system (OS) and more functionality than a 'secure element' (SE).
TEE is platform-dependent, all major providers have a form for TEE implementations as stated below.
Hardware Support
SDKs
Further Research
Opensource Implementations for TEE are incomplete, projects like Keystone are making progress in the right direction and require further analysis on practicality.
The text was updated successfully, but these errors were encountered: