This research critically reviews the definition of confidential computing(CC)and the security comparison of CC with other related technologies by the Confidential Computing Consortium(CCC).We demonstrate that the defi...This research critically reviews the definition of confidential computing(CC)and the security comparison of CC with other related technologies by the Confidential Computing Consortium(CCC).We demonstrate that the definitions by CCC are ambiguous,incomplete and even conflicting.We also demonstrate that the security comparison of CC with other technologies is neither scientific nor fair.We highlight the issues in the definitions and comparisons and provide initial recommendations for fixing the issues.These recommendations are the first step towards more precise definitions and reliable comparisons in the future.展开更多
Data security and privacy protection have become the focus of cybersecurity protection in many countries.The utilization of confidential computing technology can significantly enhance data security.However,there are a...Data security and privacy protection have become the focus of cybersecurity protection in many countries.The utilization of confidential computing technology can significantly enhance data security.However,there are a variety of confidential computing technology routes,with significant differences in the principles and interfaces of implementation.There is an urgent need to develop relevant standards and specifications and guide the design,development,deployment and application of confidential computing related products.This paper introduces the development progress of the national standard project“Information security techniques—General framework for the confidential computing”and its pilot application scenarios across various industries.Additionally,it proposes suggestions on modifying and improving the standard to promote the healthy development of the confidential computing industry ecosystem.展开更多
With the ever-growing data and the need for developing powerful machine learning models,data owners increasingly depend on various untrusted platforms(e.g.,public clouds,edges,and machine learning service providers)fo...With the ever-growing data and the need for developing powerful machine learning models,data owners increasingly depend on various untrusted platforms(e.g.,public clouds,edges,and machine learning service providers)for scalable processing or collaborative learning.Thus,sensitive data and models are in danger of unauthorized access,misuse,and privacy compromises.A relatively new body of research confidentially trains machine learning models on protected data to address these concerns.In this survey,we summarize notable studies in this emerging area of research.With a unified framework,we highlight the critical challenges and innovations in outsourcing machine learning confidentially.We focus on the cryptographic approaches for confidential machine learning(CML),primarily on model training,while also covering other directions such as perturbation-based approaches and CML in the hardware-assisted computing environment.The discussion will take a holistic way to consider a rich context of the related threat models,security assumptions,design principles,and associated trade-offs amongst data utility,cost,and confidentiality.展开更多
基金Funded by DFG Grants 389792660 as part of TRR 248—CPECand 390696704 as part of CeTI.
文摘This research critically reviews the definition of confidential computing(CC)and the security comparison of CC with other related technologies by the Confidential Computing Consortium(CCC).We demonstrate that the definitions by CCC are ambiguous,incomplete and even conflicting.We also demonstrate that the security comparison of CC with other technologies is neither scientific nor fair.We highlight the issues in the definitions and comparisons and provide initial recommendations for fixing the issues.These recommendations are the first step towards more precise definitions and reliable comparisons in the future.
文摘Data security and privacy protection have become the focus of cybersecurity protection in many countries.The utilization of confidential computing technology can significantly enhance data security.However,there are a variety of confidential computing technology routes,with significant differences in the principles and interfaces of implementation.There is an urgent need to develop relevant standards and specifications and guide the design,development,deployment and application of confidential computing related products.This paper introduces the development progress of the national standard project“Information security techniques—General framework for the confidential computing”and its pilot application scenarios across various industries.Additionally,it proposes suggestions on modifying and improving the standard to promote the healthy development of the confidential computing industry ecosystem.
基金the National Science Foundation under grant no.1245847the National Institute of Health under grant no.1R43AI136357-01A1.
文摘With the ever-growing data and the need for developing powerful machine learning models,data owners increasingly depend on various untrusted platforms(e.g.,public clouds,edges,and machine learning service providers)for scalable processing or collaborative learning.Thus,sensitive data and models are in danger of unauthorized access,misuse,and privacy compromises.A relatively new body of research confidentially trains machine learning models on protected data to address these concerns.In this survey,we summarize notable studies in this emerging area of research.With a unified framework,we highlight the critical challenges and innovations in outsourcing machine learning confidentially.We focus on the cryptographic approaches for confidential machine learning(CML),primarily on model training,while also covering other directions such as perturbation-based approaches and CML in the hardware-assisted computing environment.The discussion will take a holistic way to consider a rich context of the related threat models,security assumptions,design principles,and associated trade-offs amongst data utility,cost,and confidentiality.
