Confidential Consortium Framework: Secure Multiparty Applications with Confidentiality, Integrity, and High Availability
- URL: http://arxiv.org/abs/2310.11559v1
- Date: Tue, 17 Oct 2023 20:12:07 GMT
- Title: Confidential Consortium Framework: Secure Multiparty Applications with Confidentiality, Integrity, and High Availability
- Authors: Heidi Howard, Fritz Alder, Edward Ashton, Amaury Chamayou, Sylvan Clebsch, Manuel Costa, Antoine Delignat-Lavaud, Cedric Fournet, Andrew Jeffery, Matthew Kerner, Fotios Kounelis, Markus A. Kuppe, Julien Maffre, Mark Russinovich, Christoph M. Wintersteiger,
- Abstract summary: Confidential Consortium Framework (CCF) is a general-purpose foundation for developing secure stateful CIA applications.
CCF combines centralized compute with decentralized trust, supporting deployment on untrusted cloud infrastructure.
- Score: 2.294286475180915
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Confidentiality, integrity protection, and high availability, abbreviated to CIA, are essential properties for trustworthy data systems. The rise of cloud computing and the growing demand for multiparty applications however means that building modern CIA systems is more challenging than ever. In response, we present the Confidential Consortium Framework (CCF), a general-purpose foundation for developing secure stateful CIA applications. CCF combines centralized compute with decentralized trust, supporting deployment on untrusted cloud infrastructure and transparent governance by mutually untrusted parties. CCF leverages hardware-based trusted execution environments for remotely verifiable confidentiality and code integrity. This is coupled with state machine replication backed by an auditable immutable ledger for data integrity and high availability. CCF enables each service to bring its own application logic, custom multiparty governance model, and deployment scenario, decoupling the operators of nodes from the consortium that governs them. CCF is open-source and available now at https://github.com/microsoft/CCF.
Related papers
- Endorsement-Driven Blockchain SSI Framework for Dynamic IoT Ecosystems [0.39462888523270856]
Self-Sovereign Identity (SSI) offers significant potential for managing identities in the Internet of Things (IoT)<n>Existing SSI frameworks limit issuance credential and revocation to trusted entities, such as IoT manufacturers.<n>We propose a blockchain-based SSI framework that allows any individual with a verifiable trust linkage to act as a credential issuer.
arXiv Detail & Related papers (2025-07-14T02:03:14Z) - Zero-Trust Foundation Models: A New Paradigm for Secure and Collaborative Artificial Intelligence for Internet of Things [61.43014629640404]
Zero-Trust Foundation Models (ZTFMs) embed zero-trust security principles into the lifecycle of foundation models (FMs) for Internet of Things (IoT) systems.<n>ZTFMs can enable secure, privacy-preserving AI across distributed, heterogeneous, and potentially adversarial IoT environments.
arXiv Detail & Related papers (2025-05-26T06:44:31Z) - Encrypted Federated Search Using Homomorphic Encryption [0.0]
This paper introduces a privacy-preserving federated search system that allows law enforcement agencies to conduct queries on encrypted criminal databases.<n>The key innovation here is the ability to execute encrypted queries across distributed databases, without the decryption of the data.
arXiv Detail & Related papers (2025-05-05T07:03:30Z) - Trusted Compute Units: A Framework for Chained Verifiable Computations [41.94295877935867]
This paper introduces the Trusted Compute Unit (TCU), a unifying framework that enables composable and interoperable computations across heterogeneous technologies.
By enabling secure off-chain interactions without incurring on-chain confirmation delays or gas fees, TCUs significantly improve system performance and scalability.
arXiv Detail & Related papers (2025-04-22T09:01:55Z) - Trusted Identities for AI Agents: Leveraging Telco-Hosted eSIM Infrastructure [0.0]
We propose a conceptual architecture that leverages telecom-grade eSIM infrastructure.
Rather than embedding SIM credentials in hardware devices, we envision a model where telcos host secure, certified hardware modules.
This paper is intended as a conceptual framework to open discussion around standardization, security architecture, and the role of telecom infrastructure in the evolving agent economy.
arXiv Detail & Related papers (2025-04-17T15:36:26Z) - Acurast: Decentralized Serverless Cloud [37.860555651161796]
Acurast is a serverless cloud with a purpose-built orchestrator and reputation engine.
Developers can off-load their computations and verify cryptographically.
Acurast offers a modular execution layer, taking advantage of secure hardware and trusted execution environments.
arXiv Detail & Related papers (2025-03-19T19:09:21Z) - SoK: A cloudy view on trust relationships of CVMs -- How Confidential Virtual Machines are falling short in Public Cloud [1.7040315536962174]
Confidential computing in the public cloud aims to safeguard workload privacy while outsourcing infrastructure management to a cloud provider.
This SoK critically examines the confidential computing offerings of market-leading cloud providers to assess whether they genuinely adhere to its core principles.
arXiv Detail & Related papers (2025-03-11T10:21:29Z) - Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [46.404531555921906]
We propose an architecture for blockchain-based PAISs aimed at preserving both confidentiality and transparency.
Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.
arXiv Detail & Related papers (2024-12-07T20:18:36Z) - Authentication and identity management based on zero trust security model in micro-cloud environment [0.0]
The Zero Trust framework can better track and block external attackers while limiting security breaches resulting from insider attacks in the cloud paradigm.
This paper focuses on authentication mechanisms, calculation of trust score, and generation of policies in order to establish required access control to resources.
arXiv Detail & Related papers (2024-10-29T09:06:13Z) - FL-DECO-BC: A Privacy-Preserving, Provably Secure, and Provenance-Preserving Federated Learning Framework with Decentralized Oracles on Blockchain for VANETs [0.0]
Vehicular Ad-Hoc Networks (VANETs) hold immense potential for improving traffic safety and efficiency.
Traditional centralized approaches for machine learning in VANETs raise concerns about data privacy and security.
This paper proposes FL-DECO-BC as a novel privacy-preserving, provably secure, and provenance-preserving federated learning framework specifically designed for VANETs.
arXiv Detail & Related papers (2024-07-30T19:09:10Z) - SRAS: Self-governed Remote Attestation Scheme for Multi-party Collaboration [1.6646558152898505]
In multi-party cloud computing, how to select a Relying Party to verify the TEE of each party and avoid leaking sensitive data to each other remains an open question.
We propose SRAS, an open self-governed remote attestation scheme with verification functions for verifying the trustworthiness of TEEs and computing assets.
We provide an open-source prototype implementation of SRAS to facilitate the adoption of this technology by cloud users or developers.
arXiv Detail & Related papers (2024-07-04T08:57:18Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - vSPACE: Voting in a Scalable, Privacy-Aware and Confidential Election [0.3749861135832073]
vSPACE presents a novel approach to secure, private, and scalable elections.
It extends the TrueElect and ElectAnon protocols with the integration of AnonCreds SSI (Self-Sovereign Identity)
vSPACE integrates Distributed Ledger Technology (DLT) for immutable and certifiable audit trails.
arXiv Detail & Related papers (2024-03-08T12:56:10Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z) - Cooperative Multi-Agent Actor-Critic for Privacy-Preserving Load
Scheduling in a Residential Microgrid [71.17179010567123]
We propose a privacy-preserving multi-agent actor-critic framework where the decentralized actors are trained with distributed critics.
The proposed framework can preserve the privacy of the households while simultaneously learn the multi-agent credit assignment mechanism implicitly.
arXiv Detail & Related papers (2021-10-06T14:05:26Z) - Security Limitations of Classical-Client Delegated Quantum Computing [54.28005879611532]
A client remotely prepares a quantum state using a classical channel.
Privacy loss incurred by employing $RSP_CC$ as a sub-module is unclear.
We show that a specific $RSP_CC$ protocol can replace the quantum channel at least in some contexts.
arXiv Detail & Related papers (2020-07-03T13:15:13Z) - Regulation conform DLT-operable payment adapter based on trustless -
justified trust combined generalized state channels [77.34726150561087]
Economy of Things (EoT) will be based on software agents running on peer-to-peer trustless networks.
We give an overview of current solutions that differ in their fundamental values and technological possibilities.
We propose to combine the strengths of the crypto based, decentralized trustless elements with established and well regulated means of payment.
arXiv Detail & Related papers (2020-07-03T10:45:55Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.