Gidauniyar Linux ta sanar kafuwar Ididdigar putididdigar Confididdiga, wanda makasudin sa shine haษaka fasaha da buษaษษun ฦa'idodin da suka danganci amintaccen sarrafa bayanai a ฦwaฦwalwar ajiya da lissafin sirri.
Kamfanoni irin su Alibaba, Arm, Baidu, Google, IBM, Intel, Tencent da Microsoft sun riga sun shiga aikin saita, wanda aka tsara don haษaka haษin fasaha don keษance bayanai a cikin ฦwaฦwalwar ajiya yayin lissafi a wani tsaka tsaki. Babban burin shine samar da kudade don kula da dukkanin tsarin sarrafa bayanai a cikin rufaffen tsari, ba tare da nemo bayanai a bude ba a wasu matakai.
Bukatun na consortium galibi sun haษa da fasahar da ke da alaฦa da amfani da bayanan ษoye a cikin tsarin lissafi, watau amfani da keษaษษun enclaves, ladabi don sarrafa lissafi da yawa, magudi na ษoyayyen bayanai a ฦwaฦwalwa da cikakken keษewar bayanai a cikin ฦwaฦwalwa (misali, don hana mai gudanarwa-tsarin mai gudanarwa damar isa ga bayanai cikin ฦwaฦwalwar ajiyar tsarin baฦo).
An gabatar da wadannan ayyukan don ci gaba mai zaman kansa a matsayin ษangare na Consididdigar putididdigar identwarewar Sirri:
- Intel ta ษauki matakin ci gaba da haษaka haษin gwiwa na abubuwan da aka buษe a baya don amfani da fasaha SGX (Protectionarin kariyar software) akan Linux, ciki har da SDK tare da saitin kayan aiki da dakunan karatu.
SGX yana ba da shawarar yin amfani da umarnin sarrafa keษaษษen masarufi wanda aka saita don ware keษaษษun wuraren ฦwaฦwalwar ajiya masu amfani zuwa aikace-aikacen matakin mai amfani waษanda ษoyayyen abun cikin su kuma ba za a iya karanta su da gyaggyara su ba koda da kwaya da lambar da aka aiwatar a cikin yanayin. ring0, SMM da VMM.
- Microsoft ya gabatar da tsarin Open Enclav, que le ba da damar ฦirฦirar aikace-aikace don gine-gine daban-daban TEE (Amintaccen Yanke Yanke Yanayi) ta amfani da API guda ษaya da wakilci mara misaltuwa na rashi. Aikace-aikacen da aka shirya ta amfani da Open Enclav na iya gudana akan tsarin tare da aiwatarwa da yawa. Daga TEE, a halin yanzu Intel SGX kawai ke tallafawa.
Ana ฦirฦirar lambar don tallafawa ARM TrustZone. Ba a bayar da rahoton Tallafi don Keystone, AMD PSP (Platform Security Processor) da AMD SEV (Tsare Sirrin Kariyar Sirri). - Red Hat ya ba da aikin Enarx, wanda ke ba da takaddar ษoye don ฦirฦirar aikace-aikacen duniya don gudana a cikin keษaษษu waษanda ke tallafawa wurare masu yawa na TEE, waษanda ba su da haษin gine-ginen kayan aiki, kuma suna ba da izinin amfani da harsunan shirye-shirye da yawa (ta amfani da lokacin tafiyar WebAssembly). Aikin yanzu yana tallafawa fasahar AMD SEV da Intel SGX.
Daga cikin irin ayyukan da ba a kula da su ba, ana iya kiyaye su tsarin Asylo, wanda injiniyoyin Google suka haษaka, amma ba shi da izini na hukuma na Google.
Tsarin yana sauฦaฦa daidaita aikace-aikacen don matsar da wasu ayyukan da ke buฦatar babbar kariya zuwa gefen shimfidar kariya. Daga cikin kayan keษewar kayan masarufi a cikin Asylo, Intel SGX ne kawai ke tallafawa, amma ana samun wadataccen tsarin kayan aikin komputa mai amfani da software.
Don aiwatar da shi, nau'ikan algorithms na ษoyewa, ayyuka don sarrafa maษallan sirri da kalmomin shiga, hanyoyin tabbatarwa, da lambar don aiki tare da bayanai masu mahimmanci za a iya matsar da su.
Idan akwai tsarin daidaitawar rundunar, maharin ba zai iya tantance bayanan da aka ajiye a cikin kewayen ba kuma za'a iyakantashi ne kawai ta hanyar aikace-aikacen waje.
Amfani da kayan tallafi na kayan masarufi ana iya ษauka azaman madadin yin amfani da hanyoyin ษoyayyen ษoye na homomorphic ko ladabi na lissafin sirri don kare lissafi, amma Ba kamar waษannan fasahohin ba, haฦฦin mallaki ba shi da tasirin tasiri na lissafi tare da bayanai masu mahimmanci kuma yana sauฦaฦe haษakawa.
Source: https://www.linuxfoundation.org