Gidauniyar Linux ta sanar kafuwar Ididdigar putididdigar Confididdiga, wanda makasudin sa shine haɓaka fasaha da buɗaɗɗun ƙa'idodin da suka danganci amintaccen sarrafa bayanai a ƙwaƙwalwar ajiya da lissafin sirri.
Kamfanoni irin su Alibaba, Arm, Baidu, Google, IBM, Intel, Tencent da Microsoft sun riga sun shiga aikin saita, wanda aka tsara don haɓaka haɗin fasaha don keɓance bayanai a cikin ƙwaƙwalwar ajiya yayin lissafi a wani tsaka tsaki. Babban burin shine samar da kudade don kula da dukkanin tsarin sarrafa bayanai a cikin rufaffen tsari, ba tare da nemo bayanai a bude ba a wasu matakai.
Bukatun na consortium galibi sun haɗa da fasahar da ke da alaƙa da amfani da bayanan ɓoye a cikin tsarin lissafi, watau amfani da keɓaɓɓun enclaves, ladabi don sarrafa lissafi da yawa, magudi na ɓoyayyen bayanai a ƙwaƙwalwa da cikakken keɓewar bayanai a cikin ƙwaƙwalwa (misali, don hana mai gudanarwa-tsarin mai gudanarwa damar isa ga bayanai cikin ƙwaƙwalwar ajiyar tsarin baƙo).
An gabatar da wadannan ayyukan don ci gaba mai zaman kansa a matsayin ɓangare na Consididdigar putididdigar identwarewar Sirri:
- Intel ta ɗauki matakin ci gaba da haɓaka haɗin gwiwa na abubuwan da aka buɗe a baya don amfani da fasaha SGX (Protectionarin kariyar software) akan Linux, ciki har da SDK tare da saitin kayan aiki da dakunan karatu.
SGX yana ba da shawarar yin amfani da umarnin sarrafa keɓaɓɓen masarufi wanda aka saita don ware keɓaɓɓun wuraren ƙwaƙwalwar ajiya masu amfani zuwa aikace-aikacen matakin mai amfani waɗanda ɓoyayyen abun cikin su kuma ba za a iya karanta su da gyaggyara su ba koda da kwaya da lambar da aka aiwatar a cikin yanayin. ring0, SMM da VMM.
- Microsoft ya gabatar da tsarin Open Enclav, que le ba da damar ƙirƙirar aikace-aikace don gine-gine daban-daban TEE (Amintaccen Yanke Yanke Yanayi) ta amfani da API guda ɗaya da wakilci mara misaltuwa na rashi. Aikace-aikacen da aka shirya ta amfani da Open Enclav na iya gudana akan tsarin tare da aiwatarwa da yawa. Daga TEE, a halin yanzu Intel SGX kawai ke tallafawa.
Ana ƙirƙirar lambar don tallafawa ARM TrustZone. Ba a bayar da rahoton Tallafi don Keystone, AMD PSP (Platform Security Processor) da AMD SEV (Tsare Sirrin Kariyar Sirri). - Red Hat ya ba da aikin Enarx, wanda ke ba da takaddar ɓoye don ƙirƙirar aikace-aikacen duniya don gudana a cikin keɓaɓɓu waɗanda ke tallafawa wurare masu yawa na TEE, waɗanda ba su da haɗin gine-ginen kayan aiki, kuma suna ba da izinin amfani da harsunan shirye-shirye da yawa (ta amfani da lokacin tafiyar WebAssembly). Aikin yanzu yana tallafawa fasahar AMD SEV da Intel SGX.
Daga cikin irin ayyukan da ba a kula da su ba, ana iya kiyaye su tsarin Asylo, wanda injiniyoyin Google suka haɓaka, amma ba shi da izini na hukuma na Google.
Tsarin yana sauƙaƙa daidaita aikace-aikacen don matsar da wasu ayyukan da ke buƙatar babbar kariya zuwa gefen shimfidar kariya. Daga cikin kayan keɓewar kayan masarufi a cikin Asylo, Intel SGX ne kawai ke tallafawa, amma ana samun wadataccen tsarin kayan aikin komputa mai amfani da software.
Don aiwatar da shi, nau'ikan algorithms na ɓoyewa, ayyuka don sarrafa maɓallan sirri da kalmomin shiga, hanyoyin tabbatarwa, da lambar don aiki tare da bayanai masu mahimmanci za a iya matsar da su.
Idan akwai tsarin daidaitawar rundunar, maharin ba zai iya tantance bayanan da aka ajiye a cikin kewayen ba kuma za'a iyakantashi ne kawai ta hanyar aikace-aikacen waje.
Amfani da kayan tallafi na kayan masarufi ana iya ɗauka azaman madadin yin amfani da hanyoyin ɓoyayyen ɓoye na homomorphic ko ladabi na lissafin sirri don kare lissafi, amma Ba kamar waɗannan fasahohin ba, haƙƙin mallaki ba shi da tasirin tasiri na lissafi tare da bayanai masu mahimmanci kuma yana sauƙaƙe haɓakawa.
Source: https://www.linuxfoundation.org