Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
Now anyone can look inside the system and test it for strength.
Apple has introduced a Virtual Research Environment (VRE) for public access to the Private Cloud Compute (PCC) security test. In addition, the company has opened the source code of some key components for review by researchers to confirm the reliability of the architecture and its compliance with security and privacy requirements.
PCC is a cloud-based system for processing data using artificial intelligence, ensuring its protection with end-to-end encryption. This ensures that data transferred from Apple devices to PCC remains inaccessible to the company and is only accessible by the user.
Previously, access to the PCC was restricted to individual researchers and auditors so that they could verify its compliance with stated privacy standards. Now anyone can examine this system and check it for the declared safety parameters.
Along with VRE, Apple published the Private Cloud Compute security guide, which describes the system's architecture and its key components. A virtual environment allows you to run a PCC node in a virtual machine, investigate software, and identify vulnerabilities.
The source code of the following components is available to researchers:
Apple has also expanded its bounty program to include new categories for PCC. The maximum premium is $1 million for remote code execution with privileges based on user request data. You can get up to $250,000 for exposing user data, and from $50,000 to $150,000 for attacks through an elevated network.
The company states that it considers any problems that can significantly affect the security of PCC, even if they do not meet the declared categories.
Apple claims that Private Cloud Compute is the most advanced security architecture for AI-powered cloud computing, but hopes to help researchers further improve it.
Source
Apple has introduced a Virtual Research Environment (VRE) for public access to the Private Cloud Compute (PCC) security test. In addition, the company has opened the source code of some key components for review by researchers to confirm the reliability of the architecture and its compliance with security and privacy requirements.
PCC is a cloud-based system for processing data using artificial intelligence, ensuring its protection with end-to-end encryption. This ensures that data transferred from Apple devices to PCC remains inaccessible to the company and is only accessible by the user.
Previously, access to the PCC was restricted to individual researchers and auditors so that they could verify its compliance with stated privacy standards. Now anyone can examine this system and check it for the declared safety parameters.
Along with VRE, Apple published the Private Cloud Compute security guide, which describes the system's architecture and its key components. A virtual environment allows you to run a PCC node in a virtual machine, investigate software, and identify vulnerabilities.
The source code of the following components is available to researchers:
- CloudAttestation—responsible for creating and validating PCC host attestations.
- Thimble - Includes the privatecloudcomposed daemon that supports transparency using CloudAttestation.
- splunkloggingd — filters logs to prevent accidental data leaks;
- srd_tools - Provides tools for working with VRE.
Apple has also expanded its bounty program to include new categories for PCC. The maximum premium is $1 million for remote code execution with privileges based on user request data. You can get up to $250,000 for exposing user data, and from $50,000 to $150,000 for attacks through an elevated network.
The company states that it considers any problems that can significantly affect the security of PCC, even if they do not meet the declared categories.
Apple claims that Private Cloud Compute is the most advanced security architecture for AI-powered cloud computing, but hopes to help researchers further improve it.
Source
