The CIA Trinity, a well-known information security framework, consists of data confidentiality, integrity protection, and high availability. Starting with each attribute, the research team focuses on executing reliable multiparty apps on untrusted infrastructure. It is the responsibility of organizations to protect personal data privacy. This duty is becoming increasingly regulated by law, and the consequences of not carrying it out can be severe in the case of GDPR, up to 4% of turnover, for example. Companies may want to keep data private even if it is not personal to safeguard intellectual property, gain a competitive edge, or keep systems secure, such as when guarding secrets.
Although secrecy during execution is more difficult, encryption at rest and in-flight are tried-and-true methods. Furthermore, secrecy is only partially resolved by encryption on its own. Rather, it reduces the issue of securing arbitrary data to that of securing keys, which must then be controlled, kept, and issued by a set of established guidelines. It is safeguarding integrity. Organizations bear the dual responsibility of protecting data under their custody against illegal or accidental alteration and upholding data confidentiality. Maintaining the integrity of the code that accesses data is frequently necessary for maintaining data secrecy. When code integrity and transparency are combined, parties sharing data can agree on the intended use of the information.
For example, a bank can abide by anti-money laundering laws by processing requests on behalf of the government without providing full client information. Because of the widespread adoption of cloud computing, which offers low entry barriers and cost-proportional scalability for applications, these systems’ trusted computing base (TCB) is expanding with time. Ensuring data integrity and confidentiality remotely is significantly more challenging when using untrusted cloud infrastructure. Because of this, many extremely sensitive applications, like those related to health, finance, or government, cannot go to the public cloud.
Given this difficult circumstance, the following research issue still needs to be answered: Is it possible to keep cloud providers out of the TCB of multiparty apps while yet allowing developers to take advantage of the cloud’s computing and storage resources? With the growing need for multiparty scenarios, integrating data systems between parties that want to compute over common data but do not have complete trust in one another is especially crucial. Data from many sources may be combined and collaborated upon to boost its value and create new use cases. Nevertheless, confidentiality and integrity are hampered because the study team has to consider the needs and access privileges of several unique participants.
Applications must be trustworthy and highly accessible as today’s digital infrastructure is becoming increasingly important. Apps should be robust to failures expected during regular operation since digital infrastructure cannot be guaranteed to be 100% available, even with the required consistency and cost trade-offs established. The research team must take a morally sound yet extremely practical approach to creating CIA apps that support various stateful applications and contemporary deployment situations, including delegation to untrusted cloud infrastructure and multiparty untrusted governance.
The research team from Microsoft, KU Leuven, and the University of Cambridge presents this study’s Confidential Consortium Framework (CCF), which integrates decentralized trust with centralized cloud computing. For remotely attestable confidentiality and integrity, CCF uses cloud-based trusted execution environments. In addition, a transactional key-value store and state machine replication are combined with an immutable ledger for high availability and auditing. Because of CCF’s great flexibility, developers can use their own multiparty governance architecture for highly adjustable supervision and apply their application logic.
In cloud computing or multiparty cooperation, the study team is one of many that explore data confidentiality, integrity protection, or high availability. CCF provides an end-to-end solution, enabling both execution and storage, in contrast to the majority of previous systems, which offer either an isolated secure execution solution (relying instead on a secondary storage system) or an isolated data storage solution (in the form of a ledger, database, or key-value store). CCF features a special auditable governance architecture encapsulated in a programmable contract and intended to function between untrusted environments and participants.
Furthermore, CCF offers a comparatively modest trusted computing base, a straightforward yet adaptable programming approach, and a sweet spot between security and usability. Not to mention, CCF is trusted in production thanks to services like Azure Managed CCF and Azure Confidential Ledger, which rely on functions like snapshotting, live code updates, reconfiguration, disaster recovery, and indexing. This highlights the significance of a general-purpose and self-contained design.
Aneesh Tickoo is a consulting intern at MarktechPost. He is currently pursuing his undergraduate degree in Data Science and Artificial Intelligence from the Indian Institute of Technology(IIT), Bhilai. He spends most of his time working on projects aimed at harnessing the power of machine learning. His research interest is image processing and is passionate about building solutions around it. He loves to connect with people and collaborate on interesting projects.