In the use of SGX and Oblivious RAM. There sometimes exist the notions untrusted memory and trusted processor. What are the intuitions of those?
Can memory easily be hacked by adversaries? What about CPU?
Asked
Active
Viewed 242 times
1 Answers
2
As the name implies, the memory or CPU are partially or entirely untrusted.
An adversary who can control your memory and/or access patterns can learn a great deal about your data, even if it is encrypted. ORAM hides both the data and access patterns. ORAM may extend to disk or network storage, not just local memory.
An adversary who can control your CPU / program can do any arbitrary computations they want, including skipping safety checks or leak sensitive information outside the trusted container.
Trusting a public service on untrusted hardware
A public service may use SGX to verify to their users that they run the open source code that they commit to. I.e. to prove they don't have access to personal information, while their system actively processes the sensitive unencrypted information.
SGX only verifies the program that is running. Depending on the program and how it uses memory, a hypervisor may be able to observe the memory accesses (but not the internal program state) and learn properties of the secrets. ORAM protects against the latter case.
Neither trusted nor untrusted are ideal when we have more than 1 party. If you can use verified protocols instead, then you do not need to place trust in another party - because they cannot cheat (without being detected).
cypherfox
- 1,442
- 8
- 16