Collaborative Proposal: SaTC: Frontiers: Center for Distributed Confidential Computing (CDCC)

协作提案：SaTC：前沿：分布式机密计算中心 (CDCC)

• 批准号: 2207202
• 负责人: Zhiqiang Lin
• 金额: $ 88万
• 依托单位: Ohio State University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2027-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2207202&HistoricalAwards=false
• 关键词: Collaborative; Proposal; SaTC; Frontiers; Center

Advances in AI and big data analytics rely on data sharing, which can be impeded by privacy concerns. Most challenging in privacy protection is protection of data-in-use, since even encrypted data needs to be decrypted before it can be utilized, thereby exposing data content to unauthorized parties. A practical and scalable solution to the challenge will transform computing, enabling unprecedented capabilities such as confidential outsourcing, trusted computing services, and confidential or privacy-preserving collaboration. In quest of such a holy grail of data protection, this frontier project establishes multi-institution and multi-disciplinary Center for Distributed Confidential Computing (CDCC) to create a research, education, knowledge transfer and workforce development environment that enables scalable, practical, verifiable and usable data-in-use protection based upon Trusted Execution Environments (TEE) on cloud and edge systems. CDCC focuses on four building block thrusts fundamental to distributed confidential computing (DCC), regardless of specific TEE hardware, including assurance of TEE code, assurance of TEE nodes, assurance of a TEE workflow and assurance for the stakeholder. The first thrust leads to an open ecosystem for TEE code certification, not relying on any trusted party but on a trustworthy application store whose certification operations are public, accountable and verifiable. The second thrust aims to develop novel dynamic data-use policy models and enforcement mechanisms for scalable trust management and data control on the TEE nodes running certified code. The third thrust focuses on ensuring protection of the computational workflow built on TEE nodes and the last thrust studies the stakeholder's preference and expectations to guide the design of DCC technologies and ensure their usability. On top of these building blocks, the center explores various transformative applications (e.g., confidential distributed AI supports for healthcare) to be enabled. CDCC also has a number of efforts for outreach (development of a massive open online course, industry collaboration, etc.) and for broadening participation (security and privacy lab for attracting minority students, joint summer schools and others).This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

人工智能和大数据分析的进步依赖于数据共享，这可能会受到隐私问题的阻碍。隐私保护中最具挑战性的是保护使用中的数据，因为即使是加密的数据也需要在使用之前进行解密，从而将数据内容暴露给未经授权的方。针对这一挑战的实用且可扩展的解决方案将改变计算，实现前所未有的功能，例如机密外包、可信计算服务以及机密或隐私保护协作。为了寻求这样一个数据保护的圣杯，这个前沿项目建立了多机构和多学科的分布式机密计算中心（CDCC），以创建一个研究，教育，知识转移和劳动力开发环境，基于云和边缘系统上的可信执行环境（TEE）实现可扩展，实用，可验证和可用的使用中数据保护。CDCC专注于分布式机密计算（DCC）的四个基本构建块，无论具体的TEE硬件如何，包括TEE代码的保证，TEE节点的保证，TEE工作流的保证和利益相关者的保证。第一个推力导致TEE代码认证的开放生态系统，不依赖于任何可信方，而是依赖于可信的应用程序商店，其认证操作是公开的，可问责的和可验证的。第二个目标是开发新的动态数据使用策略模型和执行机制，用于运行认证代码的TEE节点上的可扩展信任管理和数据控制。第三个重点是确保保护建立在TEE节点上的计算工作流，最后一个重点是研究利益相关者的偏好和期望，以指导DCC技术的设计并确保其可用性。在这些构建模块之上，该中心探索了各种变革性应用（例如，用于医疗保健的机密分布式AI支持）。CDCC也有一些外联工作（开发大规模开放式在线课程，行业合作等）。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

PwrLeak: Exploiting Power Reporting Interface for Side-Channel Attacks on AMD SEV

• DOI: 10.1007/978-3-031-35504-2_3
• 发表时间: 2023
• 作者: Wubing Wang;Mengyuan Li;Yinqian Zhang;Zhiqiang Lin

Reusable Enclaves for Confidential Serverless Computing

• 发表时间: 2023
• 作者: Shixuan Zhao;Pinshen Xu;Guoxing Chen;Mengya Zhang;Yinqian Zhang;Zhiqiang Lin