Trusted execution within a distributed computing system

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Manuel Costa · Cambridge, GB
• Felix Schuster · Cambridge, GB
• Cedric Fournet · Cambridge, GB
• Christos Gkantsidis · Cambridge, GB
• Marcus Peinado · Bellevue, US
• Antony Rowstron · Cambridge, GB

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/12
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods for enforcing confidentiality and integrity of code and data while running the code over the data in a distributed computing system are described. In an embodiment each machine which processes data within the system provides a secure sub-system which is protected from other parts of the machine and which receives encrypted data and encrypted code, processes the data using the received code and outputs encrypted data. When establishing the secure sub-systems, keys are exchanged between the client and secure sub-systems and the secure sub-systems provide an attestation confirming the identity of the code running in the secure sub-systems and confirming that the code is running on genuine secure sub-systems. In another embodiment a data-flow computation system is described in which chunks of input data, each comprising an identifier, are authenticated/encrypted. The identifiers are used within the system to confirm that each chunk is processed exactly once.