Talk:Confidential computing

COI contribution
It is difficult for COI editors to maintain a neutral point of view; For a contribution of this length, it is presumably impossible. That said, this is clearly a notable topic and it would benefit Wikipedia to have this coverage. In order to accept this we're going to need to find a reviewer with expertise in this subject area who can take the time to work through NPOV issues. I have the expertise but the only way I can review this is slowly. You either need some extreme patience, to find another editor with more time available time to dedicate to this or shorten the draft severely and let other editors build it back up in mainspace. ~Kvng (talk) 23:57, 3 April 2023 (UTC)


 * Hi @Kvng,
 * Thanks for your reply. I agree with you that confidential computing is a notable topic in computer security today, and I’m eager (but patient) to see it included on Wikipedia while abiding by all the community rules. I acknowledge I have a disclosed conflict of interest on confidential computing since my employer is active in this space.
 * That said, have you identified any neutrality issues in the proposed article? I ask because I drafted it with rigor and neutrality in mind, knowing it would be viewed skeptically due to my conflict. I made every effort to maintain balance and well-sourced verifiability throughout. Some actions I took include:
 * The draft is written using industry-standard definitions, mainstream publications, and well-known, reputable sources including 76 citations. I only included information I could source via quality references, not from my own point-of-view.
 * I reviewed and received feedback from multiple computer security experts, including companies and vendors with differing or competing interests.
 * The article includes criticism and vulnerabilities of confidential computing, including demonstrated side-channel attacks and a critique of the very concept/definition itself.
 * I made a very deliberate effort to describe the pros & cons of confidential computing compared to other Privacy-enhancing technologies.
 * I modeled it on the Trusted Computing article, which is another security technology associated with an industry trade group. (https://en.wikipedia.org/wiki/Trusted_Computing)
 * I'd really appreciate if you spot-checked the article for any neutrality issues. I believe the draft is solid and would be helpful to the Wikipedia community. I'm willing to be patient while editors give it a thorough review.
 * Thank you so much!
 * HudsonAttests (talk) 22:22, 4 April 2023 (UTC)
 * It's a 1700 word draft and I haven't yet taken the time to read it. ~Kvng (talk) 23:17, 4 April 2023 (UTC)

Response to addition to Criticism section
Noting that my employer is active in Confidential Computing, I want to respond to the recent addition to the criticism section. I have no problem with criticisms of Confidential Computing, but I think the addition 1) would fit better in a different section, and 2) needs clarification to accurately capture the issue.

1: Move Confidential Remote Computing to Use cases
The technique called “Confidential Remote Computing” introduced in the first paragraph of the new edit would be more appropriately placed in the Use Cases section and benefit from greater clarity and a short description of its function and benefits.

Suggested text (Use Cases)
Oxford University researchers proposed the paradigm called "Confidential Remote Computing" (CRC), which uses confidential operations in Trusted Execution Environments across endpoint computers as a means to establish trust between remote computers or service providers.[ cite]

2: Clarify criticism
One of the claims in the new second paragraph is inaccurate.

“[Confidential computing] does not distinguish multiple stakeholder scenarios,” is incorrect, as demonstrated in existing citations 15, 24, 25 and 26. The implication of the new edit is that the only type of platform that can support “remoteness” is a desktop PC or laptop. The use cases in the citations illustrate remote, multi-party usages involving server platforms.

However, the edit exposes a more accurate criticism: Specifically, no microprocessor vendor currently supports Confidential Computing in personal computer processors, which inhibits the deployment of use cases that rely on hardware support in PCs, including Confidential Remote Computing as described in the citation.

Suggested text (Criticism)
None of the major microprocessor or GPU providers offer Confidential computing hardware in devices for personal computers, which limits use cases only to server-class platforms. Intel SGX was introduced for PCs in 6th Generation Intel Core (Skylake) processors in 2015, but deprecated in the 11th Generation Intel Core processors (Rocket Lake) in 2022.[cite]

''I'm happy to make these changes myself if there are no objections, or open to discussing how to improve them. If someone else would prefer to make the change, I'm ok with that as well.'' HudsonAttests (talk) 20:18, 19 April 2023 (UTC)

Confidential Remote Computing (CRC)
I'm parking some recently added content on the Talk page for reasons listed with each addition.

1) Uncited original analysis is excessive and jargon-heavy for this topic page; Would be better in an article about CRC itself where this level of analysis is aligned with the topic.


 * "Key differences of CRC and traditional confidential computing are at their design principles. A few of CRC design patterns suggest the following; (1) no continuous operations, (2) stateless execution, (3) smaller life time of enclaves (4) partitioning style development instead of unmodified large applications (LibOS supported). CRC classifies the enclave development in three main domains as hardware domain, attestation domain and the development domain. Although some example applications of multi-party analytics are built with CRC principles, any enclave applications can be build with CRC design patterns."

2) Uncited analysis that replicates information in the prior sentence and the table.


 * "Available SGX hardware in the market over six years makes it possible to find SGX-enabled hardware for solutions targeting end-user machines."

3) Uncited speculation about Arm's future plans and product roadmap; Needs a source to provide evidence.


 * "Further, ARM CCA plans to support end-user devices with enclaves/isolates. Upcoming improvements and plans may bring a new focus back to end-user targeting solutions."

Happy to discuss these additions in the context of the article and its sources. Thanks! HudsonAttests (talk) 18:27, 15 May 2023 (UTC)

Protected Computing
@Antoniomana - I noticed you are the likely author of the two papers cited in your contribution about "protected computing". Self-Citing (WP:SELFCITE) isn't necessarily disqualifying, but citing third party sources demonstrates wider impact or significance of the topic. I can't find any third party citations/mentions that independently speak to "protected computing" as described in your papers. Are there any other sources besides your own work which can validate interest of the security industry or research community in this approach? Thanks! HudsonAttests (talk) 22:50, 11 August 2023 (UTC)


 * Thanks for the clarification. If you agree I will change the section to "Code Partitioning" because it is a more general term that maybe represent the approach better, but still I believe is a relevant approach. There are some other external references to Protected Computing that I will add, like Serge Chaumette, Olivier Ly, Renaud Tabary. Some Tools for Software Protection. Workshop on Cryptography and Security for Embedded Systems. June 2009, but I think the change of section name helps representing the approach better. 95.124.181.105 (talk) 11:35, 20 August 2023 (UTC)
 * I appreciate you looking for improvements here. Adding third-party citations will help with the "Self-Citing" issue, and show wider impact of Protected computing as described in the original papers.  Changing the name to "code partitioning" opens up a different question though.  Partitioning the code and running the sensitive parts in a secure processing environment sounds exactly like Confidential computing, specifically like an application enclave using Intel's SGX.  Can you clarify the differences between Protected computing, code partitioning and Confidential computing as you see them?  This may provide the basis for improvements in the article.  Thanks! HudsonAttests (talk) 15:22, 21 August 2023 (UTC)

I'm parking the section about "Protected Computing" here on the Talk page until we can resolve a couple outstanding issues. 1) Self-Citing: The addition is primarily supported by papers authored by the contributor [@Antoniomana], 2) Third party citations needed to show significant presence of the "Protected Computing" concept in the field, 3) Resolution of the contributor's suggested alternative around "code partitioning" and how that differs from Confidential Computing as already described in the article. Happy to discuss this change and alternatives to bring the contribution into the article with comparable rigor.  Parked text as follows:

Protected computing

The origin of the Protected Computing approach can be dated back to 1984. The lack of adequate hardware and software support made it unfeasible in practice at the time. The current concept of Protected Computing has its foundations on more recent work. The Protected Computing approach divides the code (and/or data) of an application into two or more parts. Some of these are protected and prepared to be executed in a secure trusted processor, while others are executed in a normal (untrusted) processor. In this way, the application is divided into two mutually dependent parts in such a way that:

- the public parts do not suffice to gain knowledge about the protected parts; and

- the communication trace between the parts is not enough  to gain knowledge about the protected parts

- In a Protected Computing setting, different secure coprocessors can be used (even simultaneously) including TEEs and TEEs provided as a service.

Citations Schaumüller-Bichl, I.; Piller, E. (1984). A Method of Software Protection Based on the Use of Smart Cards and Cryptographic Techniques. Proceedings of Eurocrypt’84. Springer-Verlag. LNCS 0209. pp. 446–454. Maña, Antonio (2003). Maña, A. Protección de Software Basada en Tarjetas Inteligentes. PhD Thesis. Málaga, Spain: University of Málaga. Maña, Antonio; Lopez, Javier; Ortega, Juan J. (2004). "A framework for secure execution of software". doi:10.1007/s10207-004-0048-6. — Preceding unsigned comment added by HudsonAttests (talk • contribs) 14:50, 14 September 2023 (UTC)