.svg){kind=icon}
.jpeg)
Trusted Execution Environments (TEEs) [1] are one mechanism for enabling multiple parties to collaboratively do computation. As the name suggests, the security depends on the computation running in an environment that all the parties trust. Imagine a clean room or bunker where everyone knows data can come in but only information they are comfortable with goes out.
Before the participants will be willing to share their data with the Trusted Execution Environments TEE, they need to know what computation will be performed. For this purpose, TEEs provide a signed description of the code that will be run, called an attestation. The parties can check the attestation, and once they’re comfortable, they will share the data and the computation is performed.
In the standard model of Trusted Execution Environments, the computation is protected using hardware. What this means is that the participants need to trust the chip manufacturer in providing a suitable level of hardware protection. Well-known examples include Intel’s SGX chip and Apple’s Secure Enclave [2].
A common concern with using Trusted Execution Environments is that they depend on security that is susceptible to hardware vulnerabilities like side-channel attacks. Intel’s SGX chip, for example, has had several vulnerabilities discovered, and has now been deprecated from Intel Core processors [3]. This is actually why more recent PCs are unlikely to support DVD and BlueRay playback [4]!
If you’re interested in trying out a Trusted Execution Environment, you may want to explore Azure’s Confidential Computing stack or the offerings from Decentriq. Bitfount doesn’t currently support access control checks requiring hardware attestation, as we’ve found our customers prefer to be in complete control of their own data and are not always comfortable with the security guarantees provided by TEEs. If you’re interested in TEE support as an addition to the Bitfount platform do let us know on support@bitfount.com.
References
[1] https://en.wikipedia.org/wiki/Trusted_execution_environment
[2] https://support.apple.com/en-gb/guide/security/sec59b0b31ff/web
[3] https://en.wikipedia.org/wiki/Software_Guard_Extensions
[4] https://www.ghacks.net/2022/01/14/intels-dropping-of-sgx-prevents-ultra-hd-blu-ray-playback-on-pcs/
.png)
.png)
