As migration to The Cloud seems inevitable, tech for decoupling trust into platforms from trust into platform owners will become increasingly important (at least for us, users). TEE-based tech, e.g. Intel SGX, is one approach, but has problems on its own. Are there alternatives?
-
Show this thread
-
One alternative is compiler-based code obfuscation. The advantage is we're not moving trust from one 3rd party (i.e. platform owner) to another 3rd party (i.e. processor vendor). Obvious problem: it is always(?) breakable, so could only provide cost-based guarantees...?
5 replies 1 retweet 15 likesShow this thread -
Speaking of which - what different levels of trust guarantees would you expect from a software/compute platform? E.g.: Level 1: availability Level 2: integrity (i.e. verbatim execution of user payloads) Level 3: confidentiality (i.e. no snooping) ?
9 replies 4 retweets 19 likesShow this thread -
Replying to @rootkovska
Obfuscation is also *expensive* computationally...
1 reply 0 retweets 3 likes -
Replying to @halvarflake
I wonder if that must necessarily be true in general? E.g. an optimized gcc code (think -O2) is generally more difficult to understand (for a human at least) than a non-optimized code, is it not?
3 replies 0 retweets 2 likes -
Replying to @rootkovska @halvarflake
Opposite. I always prefer reading -Oanything asm to -O0 asm.
1 reply 0 retweets 0 likes
For a machine though -O0 is easier to reverse into original source.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.