Meanwhile, outside of VMware's business model, zillions of people use the simpler and more robust method of "owning the machine it is running on".
VMware has joined AMD, Samsung, and members of the RISC-V community to work on an open and cross-platform framework for the development and operation of applications using confidential computing hardware. Revealing the effort at the Confidential Computing Summit 2023 in San Francisco, the companies say they aim to bring about …
Friday 30th June 2023 23:00 GMT that one in the corner
But how could companies collaborate in a "multi-party computation and analytics" project?
They would have to come up with some way of copying each others' datasets onto all those machines. Maybe invent some kind of "mobile storage medium" that exists outside of the datacentre?
You know, that is a crazy idea, but it might just be crazy enough to work!
Saturday 1st July 2023 22:50 GMT Bebu
More difficult than might be thought?
《owning the machine it is running on
Apart from the gentlemen from the slightly more dodgy parts of the world kindly administering (pwning) your servers, Intel's management engine (ME), DELL iDRACs, iLO, iKVM and their ilk leaves me wondering who does actually own my servers.
Sunday 2nd July 2023 00:04 GMT Bebu
The whats, whys and hows.
Coincidentally I was wondering last night, whether signing system calls and verifying the return values would make much sense. Comes down to "what is trusted"- here the kernel, "what is doing the trusting (and why)" - here some process, and what are the attacks that might be thwarted?
A typical bit of skulduggery, I have occasionally engaged in, has been to intercept syscalls retrieving the hosts mac address and redact it to something, er.., more convenient. Signing syscalls could hinder such shenanigans but I suspect it ultimately would reduce to a spy.v.spy cycle of measure and counter-measure.
Without formal models and formal verification I wouldn't think any enclave technology would be worth a rat's or tinker's.