Establishing trust in confidential computation and communication systems

Abstract

Modern confidential computation and communication systems aim to safeguard data in-use and protect metadata, extending privacy beyond the limits of conventional approaches. Trust is foundational to their security and adoption, yet difficult to establish due to strict privacy requirements, technical complexity, and conflicting stakeholder incentives. Anonymity networks provide metadata-private communication, protecting information such as who is talking to whom. Current anonymity systems require users to manually exchange key material and network information, a cumbersome operation which hinders adoption. This dissertation presents Pudding, a user discovery protocol that automates trust establishment through email addresses, hides usernames from unauthorised parties, and provides fault-tolerance. Confidential Computing uses Trusted Execution Environments (TEEs) built for secure and isolated computation to protect data privacy and integrity during processing. As TEEs combine specialised hardware and software from multiple vendors, users must trust a complex and often opaque ecosystem. This dissertation introduces the Confidential Computing Transparency framework as a structured, progressive model to help users make informed decisions by increasing transparency and accountability. A user study, involving over 800 participants, is conducted, demonstrating higher transparency improves trust, and that detailed explanations further increase willingness to share sensitive data. TEEs can also be used to support dynamic peer-to-peer networks, such as vehicle-to-vehicle communication systems for semi- or fully-autonomous driving, where machine-to-machine trust is essential for collaboration. This dissertation presents Careful Whisper, a gossip-based protocol for establishing trust in such environments. The protocol can reduce attestation cost from quadratic to linear, allows cross-protocol interoperability, and performs reliably in unreliable networks. These contributions demonstrate practical, scalable ways to build more trustworthy confidential computing and communication. In doing so, they provide some of the foundations required for future secure and private computer systems.