Isolated execution environment (execution virtual machine) environment proof

Proof of Isolated Execution Environment (PIEE) is a proof method based on mathematical and cryp- tographic techniques to prove the correctness and security of isolated execution environments in pro- cessors. We know that every cloud server is at risk of being attacked, and it is extremely impor- tant to ensure the security of user code running and information data storage on it. Introducing the concept of Trusted Execution Environment and Confidentail Computation (CC) can better address the execution environment proof challenge. In the CC approach, the execution environment guided by the cloud system software is generally considered unreliable, and it is recommended to run security sensitive workloads in an isolated Trusted Execution Environment (TEE). the security assurance of TEE is rooted in the deep hardware layer of the platform, and remote authentication will be used to verify and declare security.

The key words of PIEE here are isolation and remote proof. The main isolation means include memory isolation, CPU isolation, network isolation and file isolation, etc. These means are good to ensure that the workload runs in a reliable TEE, and the next remote proof will be in the form of cryptography to fully prove the security of TEE operation. Kubernetes (K8s for short) will be used in the Utility network architecture to deploy the runtime environment and obtain a segment of TEE for proof by means of isolation, then the specific proof of security is as follows:A random task function (computational operator)θ is obtained for a node ξ(x) that needs to perform PIEE in the language framework (e.g. PyTorch) specified in the deployment environment and a task U is extracted from the Kubernetes execution container to perform a verification operation to obtain the result:

Qθ = ξ(Uθ) (1)

where Uθ is the task specific input value at that node and Qθ is the result of the calculation.

1.The computation results are cryptographically signed and packaged and published on the chain along with the function operators and tasks. 2.Each node obtains this function operator ξ(x) and the en- crypted result of Qθ, re-decrypts it with the public key to obtain the original result Qθ, and performs the computation in its respective environment:

Q1 = ξ(U1) Q2 = ξ(U2)... Qi = ξ(Ui) (2)

where Ui and Qi are the task input and final compu- tation result corresponding to node i, respectively. If the computation result is the same as Qθ, it proves that the PIEE of the original node passes,and the PIEE verification of each node is done as mentioned analogously.