by Marcio A. Silva, George Almási, James Bottomley, Lily Sturmann, Michael Peters | Apr 25, 2023 | Security
Remote attestation answers the (slightly paraphrased) question: “It’s 3pm, do you know what the systems in your data center are doing?” Going with this premise, durable attestation answers a similar question about 3pm yesterday. In this article we describe the...
by Lily Sturmann | Apr 21, 2022 | Security
Rekor, sigstore’s transparency log, recently reached an important milestone in its v0.6 release: it now supports log sharding. Log sharding means that the entries associated with a single Rekor server can now be distributed among multiple backend logs, which...
by Lily Sturmann | Jun 18, 2021 | Security
What does it mean for a system or component to be “trusted” in the world of computer systems? And why does it matter? In this post, we’ll provide an overview of what a Trusted Computing Base (TCB) is and provide a framework for how to evaluate a TCB’s security....
by Axel Simon, Lily Sturmann | Dec 2, 2019 | Security
If you run software on someone’s servers, you have a problem. You can’t be sure your data and code aren’t being observed, or worse, tampered with — trust is your only assurance. But there is hope, in the form of Trusted Execution Environments (TEEs) and a new...
