Jump to content

Talk:Confidential computing

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

COI contribution

[edit]

It is difficult for COI editors to maintain a neutral point of view; For a contribution of this length, it is presumably impossible. That said, this is clearly a notable topic and it would benefit Wikipedia to have this coverage. In order to accept this we're going to need to find a reviewer with expertise in this subject area who can take the time to work through NPOV issues. I have the expertise but the only way I can review this is slowly. You either need some extreme patience, to find another editor with more time available time to dedicate to this or shorten the draft severely and let other editors build it back up in mainspace. ~Kvng (talk) 23:57, 3 April 2023 (UTC)[reply]

Hi @Kvng,
Thanks for your reply. I agree with you that confidential computing is a notable topic in computer security today, and I’m eager (but patient) to see it included on Wikipedia while abiding by all the community rules. I acknowledge I have a disclosed conflict of interest on confidential computing since my employer is active in this space.
That said, have you identified any neutrality issues in the proposed article? I ask because I drafted it with rigor and neutrality in mind, knowing it would be viewed skeptically due to my conflict. I made every effort to maintain balance and well-sourced verifiability throughout. Some actions I took include:
  • The draft is written using industry-standard definitions, mainstream publications, and well-known, reputable sources including 76 citations. I only included information I could source via quality references, not from my own point-of-view.
  • I reviewed and received feedback from multiple computer security experts, including companies and vendors with differing or competing interests.
  • The article includes criticism and vulnerabilities of confidential computing, including demonstrated side-channel attacks and a critique of the very concept/definition itself.
  • I made a very deliberate effort to describe the pros & cons of confidential computing compared to other Privacy-enhancing technologies.
  • I modeled it on the Trusted Computing article, which is another security technology associated with an industry trade group. (https://wiki.riteme.site/wiki/Trusted_Computing)
I'd really appreciate if you spot-checked the article for any neutrality issues. I believe the draft is solid and would be helpful to the Wikipedia community. I'm willing to be patient while editors give it a thorough review.
Thank you so much!
HudsonAttests (talk) 22:22, 4 April 2023 (UTC)[reply]
It's a 1700 word draft and I haven't yet taken the time to read it. ~Kvng (talk) 23:17, 4 April 2023 (UTC)[reply]

Response to addition to Criticism section

[edit]

Noting that my employer is active in Confidential Computing, I want to respond to the recent addition to the criticism section. I have no problem with criticisms of Confidential Computing, but I think the addition 1) would fit better in a different section, and 2) needs clarification to accurately capture the issue.

1: Move Confidential Remote Computing to Use cases

[edit]

The technique called “Confidential Remote Computing” introduced in the first paragraph of the new edit would be more appropriately placed in the Use Cases section and benefit from greater clarity and a short description of its function and benefits.

Suggested text (Use Cases)

[edit]

Oxford University researchers proposed the paradigm called "Confidential Remote Computing" (CRC), which uses confidential operations in Trusted Execution Environments across endpoint computers as a means to establish trust between remote computers or service providers.[cite]

2: Clarify criticism

[edit]

One of the claims in the new second paragraph is inaccurate.

“[Confidential computing] does not distinguish multiple stakeholder scenarios,” is incorrect, as demonstrated in existing citations 15, 24, 25 and 26. The implication of the new edit is that the only type of platform that can support “remoteness” is a desktop PC or laptop. The use cases in the citations illustrate remote, multi-party usages involving server platforms.

However, the edit exposes a more accurate criticism: Specifically, no microprocessor vendor currently supports Confidential Computing in personal computer processors, which inhibits the deployment of use cases that rely on hardware support in PCs, including Confidential Remote Computing as described in the citation.

Suggested text (Criticism)

[edit]

None of the major microprocessor or GPU providers offer Confidential computing hardware in devices for personal computers, which limits use cases only to server-class platforms. Intel SGX was introduced for PCs in 6th Generation Intel Core (Skylake) processors in 2015, but deprecated in the 11th Generation Intel Core processors (Rocket Lake) in 2022.[cite]

I'm happy to make these changes myself if there are no objections, or open to discussing how to improve them. If someone else would prefer to make the change, I'm ok with that as well. HudsonAttests (talk) 20:18, 19 April 2023 (UTC)[reply]

Confidential Remote Computing (CRC)

[edit]

I'm parking some recently added content on the Talk page for reasons listed with each addition.


1) Uncited original analysis is excessive and jargon-heavy for this topic page; Would be better in an article about CRC itself where this level of analysis is aligned with the topic.

"Key differences of CRC and traditional confidential computing are at their design principles. A few of CRC design patterns suggest the following; (1) no continuous operations, (2) stateless execution, (3) smaller life time of enclaves (4) partitioning style development instead of unmodified large applications (LibOS supported). CRC classifies the enclave development in three main domains as hardware domain, attestation domain and the development domain. Although some example applications of multi-party analytics are built with CRC principles, any enclave applications can be build with CRC design patterns."


2) Uncited analysis that replicates information in the prior sentence and the table.

"Available SGX hardware in the market over six years makes it possible to find SGX-enabled hardware for solutions targeting end-user machines."


3) Uncited speculation about Arm's future plans and product roadmap; Needs a source to provide evidence.

"Further, ARM CCA plans to support end-user devices with enclaves/isolates. Upcoming improvements and plans may bring a new focus back to end-user targeting solutions."


Happy to discuss these additions in the context of the article and its sources. Thanks! HudsonAttests (talk) 18:27, 15 May 2023 (UTC)[reply]

Protected Computing

[edit]

@Antoniomana - I noticed you are the likely author of the two papers cited in your contribution about "protected computing".  Self-Citing (WP:SELFCITE) isn't necessarily disqualifying, but citing third party sources demonstrates wider impact or significance of the topic. I can't find any third party citations/mentions that independently speak to "protected computing" as described in your papers.  Are there any other sources besides your own work which can validate interest of the security industry or research community in this approach? Thanks! HudsonAttests (talk) 22:50, 11 August 2023 (UTC)[reply]

Thanks for the clarification. If you agree I will change the section to "Code Partitioning" because it is a more general term that maybe represent the approach better, but still I believe is a relevant approach. There are some other external references to Protected Computing that I will add, like Serge Chaumette, Olivier Ly, Renaud Tabary. Some Tools for Software Protection. Workshop on Cryptography and Security for Embedded Systems. June 2009, but I think the change of section name helps representing the approach better. 95.124.181.105 (talk) 11:35, 20 August 2023 (UTC)[reply]
I appreciate you looking for improvements here. Adding third-party citations will help with the "Self-Citing" issue, and show wider impact of Protected computing as described in the original papers. Changing the name to "code partitioning" opens up a different question though. Partitioning the code and running the sensitive parts in a secure processing environment sounds exactly like Confidential computing, specifically like an application enclave using Intel's SGX. Can you clarify the differences between Protected computing, code partitioning and Confidential computing as you see them? This may provide the basis for improvements in the article. Thanks! HudsonAttests (talk) 15:22, 21 August 2023 (UTC)[reply]

I'm parking the section about "Protected Computing" here on the Talk page until we can resolve a couple outstanding issues. 1) Self-Citing: The addition is primarily supported by papers authored by the contributor [@Antoniomana], 2) Third party citations needed to show significant presence of the "Protected Computing" concept in the field, 3) Resolution of the contributor's suggested alternative around "code partitioning" and how that differs from Confidential Computing as already described in the article. Happy to discuss this change and alternatives to bring the contribution into the article with comparable rigor. Parked text as follows:

Protected computing

The origin of the Protected Computing approach can be dated back to 1984. The lack of adequate hardware and software support made it unfeasible in practice at the time. The current concept of Protected Computing has its foundations on more recent work. The Protected Computing approach divides the code (and/or data) of an application into two or more parts. Some of these are protected and prepared to be executed in a secure trusted processor, while others are executed in a normal (untrusted) processor. In this way, the application is divided into two mutually dependent parts in such a way that:

- the public parts do not suffice to gain knowledge about the protected parts; and

- the communication trace between the parts is not enough  to gain knowledge about the protected parts

- In a Protected Computing setting, different secure coprocessors can be used (even simultaneously) including TEEs and TEEs provided as a service.

Citations

Schaumüller-Bichl, I.; Piller, E. (1984). A Method of Software Protection Based on the Use of Smart Cards and Cryptographic Techniques. Proceedings of Eurocrypt’84. Springer-Verlag. LNCS 0209. pp. 446–454.
Maña, Antonio (2003). Maña, A. Protección de Software Basada en Tarjetas Inteligentes. PhD Thesis. Málaga, Spain: University of Málaga.
Maña, Antonio; Lopez, Javier; Ortega, Juan J. (2004). "A framework for secure execution of software". doi:10.1007/s10207-004-0048-6.  — Preceding unsigned comment added by HudsonAttests (talkcontribs) 14:50, 14 September 2023 (UTC)[reply] 

July 2024 Addition of text about Confidential Remote Computing

[edit]

On 23 July 2024, the account @User is Editing This Page. added the following sentence to the Confidential Computing article.

"In academia, Dr Küçük released Confidential Remote Computing (CRC) to Public Domain from Oxford University under CC0 license, reviewed by pioneers of the field, Prof Andrew Martin, Prof Chris Mitchell and Prof Ivan Martinovic. "

The citation provided refers to an academic paper authored by Kubilay Ahmet Küçük about a use case Dr. Küçük and team call "Confidential Remote Computing". I propose that the added sentence from 23 July 2024 be removed for the following reasons:

  1. The paper specifically states that Confidential Remote Computing (CRC) is different than Confidential Computing even though it may use some of the same underlying hardware technology. The cited paper states (https://ora.ox.ac.uk/objects/uuid:aaad767e-debd-40e9-a51f-712c1b55c4fc/files/d3f4626110, page 23,), [emphasis added] "Our paradigm Confidential Remote Computing (CRC), which differs from the more popular term confidential computing with its threat model" and also, "Although they use the same hardware instructions, our model goes in a different direction from confidential computing, targeting daily computers instead of servers." Since the paper's authors declare CRC a different technology than Confidential Computing, it would be more appropriate for it to be described in its own separate Wikipedia article.
  2. This sentence specifically promotes one academic research paper. There have been dozens, perhaps hundreds, of academic papers on Confidential Computing and associated technologies. Promoting one specific paper is not appropriate in a general article about the broad topic of Confidential Computing.
  3. Possible self-citing. The account @User is Editing This Page. has been used before to add links to Confidential Remote Computing papers by this specific research team. See previous entries in the History and Talk Page.

I can make the deletion myself or make way for another user to do so since I have a disclosed conflict of interest (my employer is active in Confidential Computing). Thank you for your consideration. HudsonAttests (talk) 22:55, 30 September 2024 (UTC)[reply]

Without any objections here on the Talk page, I'll go ahead and make the deletion based on the reasons listed. HudsonAttests (talk) 18:27, 9 October 2024 (UTC)[reply]
Dear @HudsonAttests, many thanks for your insights and valuable feedback.
To make this clear, your arguments are incorrect.
This resource is not a single paper. It is not a research paper, and there is no promotion of it as it is released to public domain under CC0. It is a work from 2015-2023, 255 pages document, not completely irrelevant from Confidential Computing, is more precise and academic way of describing the same paradigm, instead the consortium is dominating the field.
Important point to highlight is that it has been released to Public Domain, CC0, in opposition to expensive memberships from CCC.
Could you please propose here a mutual solution? The researchers' names are not crucial but the license type is a crucial as it is an interest for the "Public". The resource comes directly from the Oxford University.
You are not expected to read all 255 pages, in fact, it is not a single paper to read quickly.
To see specifically how it relates and differs from CC, and why CRC was needed, you are referred to pages 3-4, 18-19, 41, 136, 138-139-140.
It has equal value as the CCC, the consortium being mentioned in the general article, thus added to the general content. User is Editing This Page. (talk) 22:09, 19 October 2024 (UTC)[reply]
Hello, and thank you for your reply.
I can see the case for including the additional information about CRC if there were sources demonstrating its wider impact in the market or research community beyond the academic papers that describe the technology and proposed usages. However, I can't find any products or software companies offering it, and the only non-academic article I can find is a press release/blog about a single company (Swisstronic) that completed a certification course in CRC conducted by Dr. Kucuk. https://medium.com/swisstronik/swisstronik-is-the-first-company-to-receive-confidential-remote-computing-certification-outside-ac0ea2f705ca
As a compromise, I propose that we add the piece of information that seems the most salient (public domain) to the existing paragraph on CRC. Proposed addition shown underlined.
""Confidential Remote Computing" (CRC) paradigm, claims to revert confidential computing to original design principles of TEEs and advocate for small enclaves, running in available end-users computers. CRC adds practices and templates for multiple stakeholders, such as different data owners, hardware owners and algorithm owners. CRC extends the broad notion of confidential computing by adding practices and methodologies for individual use. CRC has been released into the public domain. [appropriate citation]"
Please let me know if this solution is acceptable. Also, you might consider authoring separate Wikipedia article about CRC where you can fully describe the technology and differences with server-based Confidential Computing. Thanks! HudsonAttests (talk) 16:34, 21 October 2024 (UTC)[reply]

Proposed Minor Edit to Paragraph on Confidential Remote Computing

[edit]

A paragraph on the Confidential Remote Computing concept states:

""Confidential Remote Computing" (CRC) paradigm, reverts confidential computing to original design principles of TEEs and advocate for small enclaves, running in available end-users computers. CRC adds practices and templates for multiple stakeholders, such as different data owners, hardware owners and algorithm owners. CRC extends the broad notion of confidential computing by adding practices and methodologies for individual use."

I propose a minor edit to add the phrase "claims to" and align the verb tenses as follows (emphasis added for clarity):

"Confidential Remote Computing" (CRC) paradigm claims to revert confidential computing to original design principles of TEEs and advocates for small enclaves, running in available end-users computers. CRC adds practices and templates for multiple stakeholders, such as different data owners, hardware owners and algorithm owners. CRC extends the broad notion of confidential computing by adding practices and methodologies for individual use.

The original phrasing implies, without evidence or citation, that current suppliers and practitioners of Confidential Computing have deviated from a "true" or "correct" definition. Adding "claims to" clarifies that this assertion is held by the proponents of Confidential Remote Computing, but is not universally held by all practitioners or suppliers.

I can make the insertion myself or make way for another user to do so since I have a disclosed conflict of interest (my employer is active in Confidential Computing). Thank you for your consideration. HudsonAttests (talk) 00:30, 2 October 2024 (UTC)[reply]

Without any objections here on the Talk page, I will add "claims to" to the sentence about CRC. HudsonAttests (talk) 18:28, 9 October 2024 (UTC)[reply]