可信和保密的程序分析(CS)

我们开发了可信任和保密程序分析(TCPA)的概念，使程序认证可以用于以前信任不足的地方。想象一下这样一个场景:制作人可能不被信任来认证自己的软件(可能是由外国监管机构)，而且制作人不愿意向任何外部机构公布其来源和详细设计。我们提出了一种协议，它可以使用基于加密源的可信计算来创建证书，通过该证书，所有人都可以信任交付的目标代码，而不将未加密源透露给任何一方。此外，我们还描述了一个具有可信执行环境(TEE)的TCPA的实现，该环境能够实现通用和高效的计算。我们已经在一个叫做TCWasm的系统中实现了TCPA协议，用于网络组装体系结构。在我们对33个基准案例的评估中，TCWasm以相对较小的开销完成了分析。

原文题目：Trusted And Confidential Program Analysis

原文：We develop the concept of Trusted and Confidential Program Analysis (TCPA) which enables program certification to be used where previously there was insufficient trust. Imagine a scenario where a producer may not be trusted to certify its own software (perhaps by a foreign regulator), and the producer is unwilling to release its sources and detailed design to any external body. We present a protocol that can, using trusted computing based on encrypted sources, create certification via which all can trust the delivered object code without revealing the unencrypted sources to any party. Furthermore, we describe a realization of TCPA with trusted execution environments (TEE) that enables general and efficient computation. We have implemented the TCPA protocol in a system called TCWasm for web assembly architectures. In our evaluation with 33 benchmark cases, TCWasm managed to finish the analysis with relatively slight overheads.