WingNews logo WingNews
top | item 39981565

(no title)

txutxu | 1 year ago

> In short, the CPU is trusted and creates...

Here it comes the main bug.

If the data is so confidential, let's say for example "the military plans of a country, or ultra-secret technology" I don't know, I could not use a public network, or a provider that mixes it, in their infrastructure, and/or that has it's own employees.

Recently, I got a laptop and saw an option in the BIOS about Intel SGX (enable/disable/auto). After a short research, was terrified: a source of security BUGS, deprecated for Intel Core (but continued for Xeon in the cloud).

We don't need to talk about past and present hardware bugs (or software bugs and attacks), but let's put it in clear:

If some kind of data shouldn't go out, do not put it out, in the first place.

If the data should never go out, the network should be physically separated and isolated at physical level, from everything.

Otherwise, I don't know... not working with such things, but I could use incompatible custom tech at least; no something so easy to get by an adversary, read, use, study, reverse, fuzz and attack without my knowledge.

Cloud+Enclave "sounds" as secure as those "Third party VPN". Let's say your trust model is thrown to the bin, and start talking from there.

discuss

order

NegativeK|1 year ago

I don't think this tech is targeting TS/SCI data.

> If the data should never go out, the network should be physically separated and isolated at physical level, from everything.

Every company has that kind of data, though, and cybersecurity maximalism is how cybersecurity people get disinvited from architecture discussions. We can't tell users to not turn their computers on, since that invites breaches, and we can't tell IT to airgap the networks because that slows business to a crawl (and pisses of users, etc.)

Cybersecurity is always about risk management. The risk of doing basically anything has to be balanced against the risk of not doing it at all. Often the cost of not doing it is too high, so the job is to use something like confidential computing (if it makes sense) and then try to mitigate attackers trying to get at it.

rasengan|1 year ago

> If some kind of data shouldn't go out, do not put it out, in the first place.

This is a really important message. Confidential Computing is still in development in the realm of our new-age technologies, but the 'secrecy' of the physical world is a proven primitive we can trust today.