Whitepaper feedback from Muhammad Usama Sardar #77
Comments
|
@thomas-fossati can you take a shot at going through these? |
This comment seems OBE. Looking at version 1.1, Section 3.1 has now: "A Trusted Execution Environment (TEE) is defined by the CCC, following common industry practice, […]", which clearly attributes this definition to CCC.
To be discussed. A question for @muhammad-usama-sardar: are there existing definitions of TEE that include attestation?
It seems to me this is TPM or at least TPM-like, rather than a generic Secure Element. If so, we should fix the table header.
There is no Figure 3 in the January 2021, v1.1 copy of the document. @muhammad-usama-sardar could you please check if your comment refers to an older version? Or did you mean a different figure?
To be discussed. My take is TPMs are relevant here because they provide a root of trust on which subsequent trusted/confidential computing functions can be anchored to. HSMs are more general purpose crypto offloading boxes rather than trusted computing technologies.
The elements of the sets are the existing definitions of the various concepts. The overlaps represent ambiguity in the definitions that allow one class to be in a continuum with another.
To be discussed. Muhammad notes the lack of data / references to support the qualitative claims in Table 2 (scalability comparison).
To be discussed. Move Section 3.1 antepenultimate para (which talks about availability attacks) to section 5.2.2 (“out of scope attacks”). Editorial nit: in the same para we conclude with "Further discussion of the threat model is provided in section 6." which should reference section 5 instead.
This seems to refer to a previous version of the document. @muhammad-usama-sardar could you please re-check this? |
|
Thank you @thomas-fossati for sharing CCC opinion. Please see clarifications/comments below:
Please note this comment was related to the white paper titled "Confidential Computing: Hardware-Based Trusted Execution for Applications and Data".
I will add details on this but what comes to my mind currently is the Edgeless white paper. It does not exactly define TEE, but rather for confidential computing, it includes verifiability (attestation) as a key feature. One could argue that since confidential computing makes use of TEEs (as per CCC definition), the white paper implicitly implies verifiability (attestation) as a key (in contrast to CCC's optional) feature of TEEs.
Please note that I was referring to Figure 3 in the scope document, as I mentioned in my comment.
I think that needs to be explicitly clarified in the white paper. One could also interpret the overlaps as the combination of the technologies.
Sorry for a typo (I commented later on slack about it but it did not reflect here). Please read "caption of Table 1" as "caption of Table 2". This still exists in the latest version (v1.1) of CCC technical white paper. |
|
A comprehensive draft of major issues in CCC white papers with some recommendations is available here. Happy to discuss or present to TAC to move things forward! |
|
The definitions between Confidential Computing and TEE are very similar in the whitepaper, we should give a distinguishing definition. |
|
I have gone through "Confidential Computing and Related Technologies: A Review" and extracted Table 1, which in the intention of the authors summarises the issues with the current version of the CCC white paper. I've added a column to that with an initial set of my own comments to structure the discussion at our next TAC meeting.
[TF] General note about the Venn diagram. The elements of the sets are the existing definitions of the various concepts. The overlaps represent ambiguity in the definitions that allow one class to be in a continuum with another. ISTM that this diagram can be superficially interpreted as the CCC take instead of a CCC survey of the existing terminology, hence the confusion. Maybe we should remove it and only have prose for that? [TF] Typo in Section 2.1, first para: "(See Section 4" should be "(See Section 3" instead. |
|
Thank you Thomas for finally making some progress on it. First and foremost, your comment completely ignores section 3 of the paper, which contains some critical flaws such as missing threat model for the comparison of technologies, and that TPM is a TEE, and so on. (Please note that as mentioned at the end of section 2 in the paper, Table 1 in the paper which you have quoted above summarizes only section 2.) Next, here are some important clarifications/questions/follow-up on some of your comments above:
Scope document is also a document produced by CCC. Can you explain why do you think that the comparison is false?
Your esteemed colleagues are equally respected by us. So please don't try to paint a personal picture out of this, and rather focus on the scientific arguments.
It is quite surprising that you agree that the definition by Arm is superset of CCC definition and still you say that it is not conflicting. In layman terms, Germany is superset of Dresden. Being in Dresden implies being in Germany, but being in Germany does not necessarily imply being in Dresden: one may be in Berlin, then it is still within Germany but not in Dresden. So just as
Indeed. But what is surprising is that CCC says that this precisely defined mathematical object has "multiple competing definitions" and "ambiguities", without justifying what these competing definitions are and what these ambiguities are.
Whether it is appropriate or not is a different story. But indeed the point is that definition in natural language can never be unique and hence the suggestion to remove the claim of unique definition.
If HSM is a special kind of TEE, and given that HSMs exist for decades, what exactly is new in confidential computing?
That is indeed insufficient. How exactly is a hardware TEE defined? There is always software in the TCB. As concrete examples, in which category would you classify Microsoft Virtual Secure Mode, Amazon Nitro and RISC-V?
What is the scientific argument of CCC for this decision? When exactly did this discussion happen? Please share the links to the recording of this discussion. Please recall that the CCC TAC is a transparent organization, which means the scientific process of reaching this decision must be transparent to the community.
I think it's been a year and we have been asking the CCC for the references used in the survey. I don't see any good reason why CCC TAC, being a transparent organization, would not show the references of this survey to the community.
To me, it is clear to imply that TAC conducted a survey and then take from the survey is the Venn diagram. By your comment that it is not CCC take, does it mean that it was just copied and pasted from somewhere? (in this case "composed" in the white paper is misleading, and my question again: what is the source from where it is taken?) The figure has so many flaws, and I highly doubt it would come from some reliable source.
Please note that not only this but also almost all other cross-references to the sections are messed up. Usually they are referring to n+1, where n should be the correct section. |
I understand that the sentence "[...] unlike the term "confidential computing", some of the terms in the diagram have multiple competing definitions" may allow the reader to think that CC has a unique possible definition, but I think you are reading too much into that sentence. In general, the CCC can only recommend that its definition of CC is used, but it can't mandate it and least of all enforce it. We can suggest to rephrase that as I think it's not what was intended: in fact, if you confront it with the scope document - from where this originally comes from - there's no such ambiguity. |
Both the white paper and scope document use a much stronger statement than the one you wrote:
Why leave the ambiguity of which terms in the diagram have multiple competing definitions? Why not specify which of the terms from the survey of CCC have multiple competing definitions and how exactly are they competing? |
Using "some" instead of "several" does not change the substance. The root of the cognitive dissonance is rather this part: "[...] unlike the term “confidential computing”," which is not present in the scope document and was added during editing of the white paper. We can ask to amend it. |
|
Removing "unlike the term confidential computing" solves only one part of the problem. Can you state here exactly the following:
|
cool, 千里之行,始於足下 ;-)
I think that memory should be recoverable from the scope document. |
Maybe I asked too many questions at once. So let's move one by one. Can you give a complete list of all terms in the figure which have multiple competing definitions? This question is not answered by any of the CCC papers. The scope document and white paper both claim "several terms" but fail to provide anything other than one example of “privacy-preserving computation”. |
Muhammad Usama Sardar 10:34 AM
Here are my questions/comments:
• "A Trusted Execution Environment (TEE) is commonly defined as an environment that provides a level of assurance of data integrity, data confidentiality, and code integrity." Where is it defined like this? I thought CCC is defining this way (as opposed to commonly being defined like this) What would be the scientific argument for not including attestation in the definition of TEE?
• Table 1 "Secure Element e.g., TPM" Since it says e.g. TPM and not only TPM, what are some other secure elements considered here? If TPM is a specific example of "Secure Element" as implied by Table 1, why would it differ in some values in Figure 3 in the scope document?
• Why did CCC not consider HSM in Table 1 for a fair comparison with all existing technologies?
• Figure 1 is nice but many interesting explanations are missing: e.g. what does the overlap between TEEs and TPM represent? Similarly between HE and MPC? Similarly between Privacy-preserving computation and TEEs?
• The scientific reasoning/explanation of Table 2 is completely missing. While such tables are very nice for marketing purposes (and thus suitable for the other white paper), adding it in the "Technical Analysis" should accompany some scientific arguments with references of where such a table is derived from.
• Sec. 5.2.2: Why would availability attacks not be considered out of scope?
• Minor comment: The caption of Table 1 is not correct (I guess due to copy and paste from Table 1) as there is no TPM in Table 2
The text was updated successfully, but these errors were encountered: