https://security.apple.com/blog/private-cloud-compute/
We set out to build Private Cloud Compute with a set of core requirements:
- Stateless computation on personal user data. ...we want a strong form of stateless data processing where personal data leaves no trace in the PCC system.
- Enforceable guarantee. Security and privacy guarantees are strongest when they are entirely technically enforceable, which means it must be possible to constrain and analyze all the components that critically contribute to the guarantees of the overall Private Cloud Compute system.
- No privileged runtime access. Private Cloud Compute must not contain privileged interfaces that would enable Appleās site reliability staff to bypass PCC privacy guarantees, even when working to resolve an outage or other severe incident.
- Non-targetability. An attacker should not be able to attempt to compromise personal data that belongs to specific, targeted Private Cloud Compute users without attempting a broad compromise of the entire PCC system.
- Verifiable transparency. Security researchers need to be able to verify, with a high degree of confidence, that our privacy and security guarantees for Private Cloud Compute match our public promises.
Back to feed