Glossary¶
- Azure Confidential Compute¶
Azure Confidential Compute protects the confidentiality and integrity of your data and code while it’s processed in the public cloud.
- Azure DCAP¶
Intel SGX Data Centre Attestation Primitives which allows SGX attestation to be used within Microsoft Azure.
- Constitution¶
JavaScript module that defines possible governance actions, and how members’ proposals are validated, resolved and applied to the service.
- Commit Evidence¶
A unique string produced per transaction, and included in the Merkle Tree along with the Write Set digest and the claims_digest. The reveal of that string guarantees the transaction is committed.
- CFT¶
Crash Fault Tolerance is a type of fault tolerance that allows the system to tolerate network and node failures up to a given limit. CFT however does not account for any nodes behaving maliciously. Read more on CFT here.
- Enclave¶
Trusted Execution Environments, allowing fully encrypted and auditable execution without direct access from the host machine.
- FLC¶
Flexible Launch Control is a feature of the Intel SGX architecture.
- Intel SGX PSW¶
Intel SGX Platform SoftWare which manages SGX enclaves loading as well as communication with architectural enclaves. More details here.
- Members¶
Constitute the consortium governing a CCF network. Their public identity should be registered in CCF.
- Merkle Tree¶
Tree structure which records the hash of every transaction and guarantees the integrity of the CCF ledger.
- Microsoft Azure¶
Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.
- Node identity¶
The public identity of a node in a service, represented as an X.509 certificate containing an endorsement from the Service Identity. It is used to issue transaction receipts. See here for more detail.
- Omission Fault¶
Type of failure where consensus messages exchanged between nodes are lost due to unreliable network. This may cause one or more nodes to be isolated from the rest of the network.
- Open Enclave¶
Open Enclave SDK is an SDK for building enclave applications in C and C++.
- Operators¶
Are in charge of operating a CCF network (e.g. adding or removing nodes). Their identities are not registered in CCF.
- QUIC¶
QUIC is a new protocol that uses multiple UDP streams in a single TLS 1.3+ encrypted connection to achieve speed and scalability for very large and complex traffic.
- Ring Buffer¶
The ring buffer is a data structure that allows communication between the (unprotected) host and the enclave. Data that is written to one side can be read on the other. Only specific types of messages are supported to make sure each package that goes across is read by the right process in the right way.
- REST¶
Representational state transfer is a set of constraints on web APIs, usually implemented over HTTP using JSON as request and response objects exchanged between a requesting client and an implementation server.
- RPC¶
Remote Procedure Call is a way to execute functions in remote machines. CCF uses REST host services to allow clients to execute programs inside the enclave via the ring buffer.
- Service identity¶
The public identity of the CCF service, represented as an X.509 certificate. It is used to authenticate the service to clients and other nodes. See here for more detail.
- SEV-SNP¶
AMD Secure Encrypted Virtualisation - Secure Nested Paging is a trusted execution environment platform. It is a technology used to isolate virtual machines from the hypervisor with strong memory integrity protection.
- SGX¶
Intel Software Guard Extensions is a trusted execution environment platform. It is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection.
- TCP¶
Transmission Control Protocol is a network protocol over IP that provides sessions and ordered streams, which we use to connect between nodes and external clients.
- TEE¶
Trusted Execution Environment is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. Often referred to as “enclave”.
- TLS¶
Transport Layer Security is an IETF cryptographic protocol standard designed to secure communications between a client and a server over a computer network.
- Transaction ID¶
Unique transaction identifier in CCF, composed of a View and a Sequence Number separated by a period. Sequence Numbers start from 1, and are contiguous. Views are monotonic. E.g. The transaction ID
2.15
indicates the View is2
and the Sequence Number is15
. Sequence Numbers are also referred to as accf::kv::Version
in the context of the Key-Value store.- Users¶
Directly interact with the application running in CCF. Their public identity should be voted in by members before they are allowed to issue requests.
- Write Set¶
The keys and values written to during a CCF transaction. The state of the Key Value store at a given Transaction ID is logically the successive application of all write sets up to that point.