Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adding TEE to threat model #33

Merged
merged 10 commits into from
Apr 10, 2024
Merged

adding TEE to threat model #33

merged 10 commits into from
Apr 10, 2024

Conversation

kylehogan
Copy link
Collaborator

@kylehogan kylehogan commented Feb 21, 2023
edited
Loading

Adding a threat model section for the TEE itself.
Should it have references?
Also see #32 which adds the TEE operator and #34 which adds the TEE manufacturer.

This was referenced Feb 21, 2023
Open
Open
martinthomson
martinthomson approved these changes Feb 21, 2023
View reviewed changes
Copy link
Collaborator

@martinthomson martinthomson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again Kyle.

threat-model/readme.md Outdated
1. Confidentiality of attestation/identity key: the TEE's private key(s) should never be accessible from outside the TEE and any operations involving them must be performed obliviously (independently of the key) to avoid leaking bits of the key via side channels.
3. Integrity of computation: any TEE assets leaving the TEE, e.g. to DRAM, must be integrity checked by the TEE upon return. This includes the initial inputs and final output of the computation over its communication channel with the computation owner.
4. Confidentiality of computation and its inputs/outputs: guaranteed based on confidentiality of the key(s) associated with the communication channel and resistance to side channel leakage (see 1.9 on TEE operators)
5. Authenticity of the computation: guaranteed based on confidentiality of the attestation/identity key.

### 1.10 TEE Manufacturers
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For other editors: time to renumber? Or maybe we just drop numbers entirely. This is where the limitations of the format stand out.

(Note that the "TEE Manufacturers" section includes subsection 1.9.1.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@AramZS AramZS added the call-for-consensus We are calling for participants to reach consensus. 2 weeks from being added or handled via agenda+ label Sep 11, 2023
@AramZS AramZS added Threat Model Document This pertains to the Threat Model document and is in an editorial mode. Merge Pending Change is set to be merged pending editor or chair action. Last chance to comment. and removed call-for-consensus We are calling for participants to reach consensus. 2 weeks from being added or handled via agenda+ labels Oct 30, 2023
@AramZS AramZS mentioned this pull request Apr 8, 2024
Closed
@AramZS AramZS merged commit adca98d into patcg:main Apr 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eriktaubeneck eriktaubeneck eriktaubeneck left review comments

@martinthomson martinthomson martinthomson approved these changes

Assignees
No one assigned
Labels
Merge Pending Change is set to be merged pending editor or chair action. Last chance to comment. Threat Model Document This pertains to the Threat Model document and is in an editorial mode.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kylehogan @martinthomson @eriktaubeneck @AramZS