DESC

Secure Scietific Computing :

  • lots of sensitive data, we want to allow data sceicntiss to do computations here.
  • Mullion veteran progream., take veteran data and put it on super computes, how doyou secure thid data.
  • Need high performance cmputer without trustr procider.

option 1: Fully homomorphic encryption.

  • big perfromance overhead and programmability challeneges.

option 2: Confidential computing.

  • Trust Exectuion Envurment, Hardware bases protection.

  • We do not trust the end users.

  • SGX/ Keystone vs SEV/TDX style
  • There is a problems of performanc vs re

SEV/TDX -> ebtire OS in TCB.

DESC - Data Enclaves for Scientific Computing. RISCV has an explicit ring 0. This means that it is even below an OS and hyper visor…There are some physcial memory registers that can only be read/write by ring 0.

DESC makes singular security gurantee that enclave data is protected at all times. It is protected from everyone , including the OS.

When running the enclave only enclave nmemory is accessible when you are not running enclave , it is not acceisble but everything else is accessible.

No remapping allowed or something.

Some sort of switch interception?