Resilient Trusted Execution Environment

Singapore health records were hacked. More than 1.5m records were stolen in one of the worst cyber attacks in Singapore history. Including Prime Minister Lee's records were stolen. page Multiple tiers of protection did not do anything to help stop the honeypot (database) from being stolen -- a new solution is sorely required. Thus, the idea of a decentralized secure enclave solution is discussed. The question is how secure enclaves can be used at scale in a decentralized setting?

For brevity many discussions referenced papers links.

- On Security Analysis of Proof-of-Elapsed-Time (PoET) download - A critical review of TEE and IoT paper - Properties of various TEE’s with a bit more substantial explanation pdf From Mic, we look for three characteristics for general purpose use: - Confidentiality – this can be provided by some form of encrypted memory. - Integrity – guarantees that what was run is what was supposed to run. - 3rd party attestation – prove to somebody else that I ran what I claim I ran.

TEE Table

The TEE table together with theoretical analysis paper and the schematic above point to our In our quest for a ideal reference model from which to architect trusted real world blockchain (and IoT) systems. CPU based trusted execution environments as the basis for the ideal reference model can lead us into assumptions that TEE itself can’t be tampered with leading back to the Byzantine Generals' Problem. A different approach could adopt the principle of least authority to build a extremely resilient execution environment. One where the CPUs TEE is complemented by application of object-capabilities in the OS and Ocap based programming languages to develop the substrate for an extremely resilient real world model. For example the latest version (4.x.x) of the Linux kernel has moved to a security model that is similar to an object capabilities model. It's known as Control Groups and contains two components: control groups and namespaces. Together, Linux control groups and namespaces form a very capability-like API. Selected programming languages, JavaScript, Scheme and Rust are good first class capabilities-based candidates. Here we can combine TEE with least authority capabilities-based computing into an extremely resilient execution. I believe top people are working toward delivering this today. demo page

By following Chromium OS we can see least authority capabilites pattern implemented already page gerrit