Burning Fetch Execution: A Framework for Zero-Trust Multi-party Confidential Computing
摘要
How can one tamper with data that does not exist? Motivated by this question, we present the Burning Fetch eXecution (BFX) paradigm. Data in-use is vulnerable, and the current focus on encrypting and/or isolating in-use data has fallen short. Frequently reported breaches of “secure” hardware and indispensable overhead with encryption schemes confirm that trust is the modern bottleneck. This work tackles the gap in existing safeguarding technology by avoiding byte-level decryption until it is immediately fetched by the processor, only to burn it right after. We perform on-the-fetch data decryption, immediately followed by burning, i.e., erasing right after processing cycles. Thus, BFX minimizes the existence of sensitive data in-use. BFX does not demand new processing hardware units nor requires restructuring application software. Three pillars set the BFX paradigm apart: (1) zero-trust multi-party confidentiality with (2) security rooted in transparency, and (3) high performance. By tackling the root of the issue, BFX enables a zero-trust multi-partied sharing without showing scenarios that were previously unthinkable. We showcase the impact of the BFX in a scenario with a highly privileged cloud insider attacker present. We exercise a sensitive mission whereby a third-party cloud processes fourth-party confidential real-time data streamed by a drone swarm. To further highlight the zero-trust nature of BFX , we assume the inference model (code) stream-processing on swarm data to be top-secret and owned by yet another party. The unknown threat, however, is the compromised processing system (cloud) where sensitive code and data are about to be deployed by all other parties-thanks to misplaced trust.