Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

privacy security changes- add few lines #472

Merged
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 16 additions & 10 deletions contents/privacy_security/privacy_security.qmd
Original file line number Diff line number Diff line change
Expand Up @@ -464,14 +464,16 @@ As ML moves into more critical systems, verifying hardware integrity from design

#### About TEE

A Trusted Execution Environment (TEE) is a secure area within a main processor that provides a high level of security for the execution of code and protection of data. TEEs operate by isolating the execution of sensitive tasks from the rest of the device's operations, thereby creating an environment resistant to attacks from software and hardware vectors.
A Trusted Execution Environment (TEE) is a secure area within a host processor that ensures the safe execution of code and the protection of sensitive data. By isolating critical tasks from the operating system, TEEs resist software and hardware attacks, providing a secure environment for handling sensitive computations.

#### Benefits

TEEs are particularly valuable in scenarios where sensitive data must be processed or where the integrity of a system's operations is critical. In the context of ML hardware, TEEs ensure that the ML algorithms and data are protected against tampering and leakage. This is essential because ML models often process private information, trade secrets, or data that could be exploited if exposed.

For instance, a TEE can protect ML model parameters from being extracted by malicious software on the same device. This protection is vital for privacy and maintaining the integrity of the ML system, ensuring that the models perform as expected and do not provide skewed outputs due to manipulated parameters. [Apple's Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web), found in iPhones and iPads, is a form of TEE that provides an isolated environment to protect sensitive user data and cryptographic operations.

Trusted Execution Environments (TEEs) are crucial for industries that demand high levels of security, including telecommunications, finance, healthcare, and automotive. TEEs protect the integrity of 5G networks in telecommunications and support critical applications. In finance, they secure mobile payments and authentication processes. Healthcare relies on TEEs to safeguard sensitive patient data, while the automotive industry depends on them for the safety and reliability of autonomous systems. Across all sectors, TEEs ensure the confidentiality and integrity of data and operations.

In ML systems, TEEs can:

* Securely perform model training and inference, ensuring the computation results remain confidential.
Expand All @@ -482,21 +484,25 @@ In ML systems, TEEs can:

* Enable secure updates to ML models, ensuring that updates come from a trusted source and have not been tampered with in transit.

* Strengthen network security by safeguarding data transmission between distributed ML components through encryption and secure in-TEE processing.

The importance of TEEs in ML hardware security stems from their ability to protect against external and internal threats, including the following:

* **Malicious Software:** TEEs can prevent high-privilege malware from accessing sensitive areas of the ML system.

* **Physical Tampering:** By integrating with hardware security measures, TEEs can protect against physical tampering that attempts to bypass software security.

* **Side-channel Attacks:** Although not impenetrable, TEEs can mitigate certain side-channel attacks by controlling access to sensitive operations and data patterns.
* **Side-channel Attacks:** Although not impenetrable, TEEs can mitigate specific side-channel attacks by controlling access to sensitive operations and data patterns.

* ** Network Threats:** TEEs enhance network security by safeguarding data transmission between distributed ML components through encryption and secure in-TEE processing. This effectively prevents man-in-the-middle attacks and ensures data is transmitted through trusted channels.

#### Mechanics

The fundamentals of TEEs contain four main parts:

* **Isolated Execution:** Code within a TEE runs in a separate environment from the device's main operating system. This isolation protects the code from unauthorized access by other applications.
* **Isolated Execution:** Code within a TEE runs in a separate environment from the host device's host operating system. This isolation protects the code from unauthorized access by other applications.

* **Secure Storage:** TEEs can securely store cryptographic keys, authentication tokens, and sensitive data, preventing access by regular applications running outside the TEE.
* **Secure Storage:** TEEs can securely store cryptographic keys, authentication tokens, and sensitive data, preventing regular applications from accessing them outside the TEE.

* **Integrity Protection:** TEEs can verify the integrity of code and data, ensuring that they have not been altered before execution or during storage.

Expand All @@ -506,29 +512,29 @@ Here are some examples of TEEs that provide hardware-based security for sensitiv

* **[ARMTrustZone](https://www.arm.com/technologies/trustzone-for-cortex-m):**This technology creates secure and normal world execution environments isolated using hardware controls and implemented in many mobile chipsets.

* **[IntelSGX](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html):**Intel's Software Guard Extensions provide an enclave for code execution that protects against certain software attacks, specifically O.S. layer attacks. They are used to safeguard workloads in the cloud.
* **[IntelSGX](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html):** Intel's Software Guard Extensions provide an enclave for code execution that protects against various software-based threats, specifically targeting O.S. layer vulnerabilities. They are used to safeguard workloads in the cloud.

* **[Qualcomm Secure Execution Environment](https://www.qualcomm.com/products/features/mobile-security-solutions):**A Hardware sandbox on Qualcomm chipsets for mobile payment and authentication apps.

* **[Apple SecureEnclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web):**TEE for biometric data and key management on iPhones and iPads.Facilitates mobile payments.
* **[Apple SecureEnclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web):** A TEE for biometric data and cryptographic key management on iPhones and iPads, facilitating secure mobile payments.

@fig-enclave is a diagram demonstrating a secure enclave isolated from the main processor to provide an extra layer of security. The secure enclave has a boot ROM to establish a hardware root of trust, an AES engine for efficient and secure cryptographic operations, and protected memory. It also has a mechanism to store information securely on attached storage separate from the NAND flash storage used by the application processor and operating system. This design keeps sensitive user data secure even when the Application Processor kernel becomes compromised.
@fig-enclave is a diagram demonstrating a secure enclave isolated from the host processor to provide an extra layer of security. The secure enclave has a boot ROM to establish a hardware root of trust, an AES engine for efficient and secure cryptographic operations, and protected memory. It also has a mechanism to store information securely on attached storage separate from the NAND flash storage used by the application processor and operating system. This design keeps sensitive user data secure even when the Application Processor kernel becomes compromised.

![System-on-chip secure enclave. Source: [Apple.](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web)](images/png/image1.png){#fig-enclave}

#### Tradeoffs

If TEEs are so good, why don't all systems have TEE enabled by default? The decision to implement a TEE is not taken lightly. There are several reasons why a TEE might only be present in some systems by default. Here are some tradeoffs and challenges associated with TEEs:
While Trusted Execution Environments offer significant security benefits, their implementation involves trade-offs. Several factors influence whether a system includes a TEE:

**Cost:** Implementing TEEs involves additional costs. There are direct costs for the hardware and indirect costs associated with developing and maintaining secure software for TEEs. These costs may only be justifiable for some devices, especially low-margin products.

**Complexity:** TEEs add complexity to system design and development. Integrating a TEE with existing systems requires a substantial redesign of the hardware and software stack, which can be a barrier, especially for legacy systems.

**Performance Overhead:** While TEEs offer enhanced security, they can introduce performance overhead. For example, the additional steps in verifying and encrypting data can slow down system performance, which may be critical in time-sensitive applications.
**Performance Overhead:** TEEs may introduce performance overhead due to the additional steps involved in encryption and data verification, which could slow down time-sensitive applications.

**Development Challenges:** Developing for TEEs requires specialized knowledge and often must adhere to strict development protocols. This can extend development time and complicate the debugging and testing processes.

**Scalability and Flexibility:** TEEs, due to their secure nature, may impose limitations on scalability and flexibility. Upgrading secure components or scaling the system for more users or data can be more challenging when everything must pass through a secure, enclosed environment.
**Scalability and Flexibility:** TEEs, due to their protected nature, may impose limitations on scalability and flexibility. Upgrading protected components or scaling the system for more users or data can be more challenging when everything must pass through a secure, enclosed environment.

**Energy Consumption:** The increased processing required for encryption, decryption, and integrity checks can lead to higher energy consumption, a significant concern for battery-powered devices.

Expand Down
Loading