Code Authentication
System and Information Integrity
NIST Control Text
Implement cryptographic mechanisms to authenticate the following software or firmware components prior to installation: [Assignment: organization-defined software or firmware components].
NIST Discussion
Cryptographic authentication includes verifying that software or firmware components have been digitally signed using certificates recognized and approved by organizations. Code signing is an effective method to protect against malicious code. Organizations that employ cryptographic mechanisms also consider cryptographic key management solutions.
Parameter Values
Assignment (components): All code executing on AI accelerators within Weight Enclaves, including operator binaries
SL5 Supplemental Guidance
AI accelerators verify that code is cryptographically signed before execution. This extends beyond firmware to operator binaries composing workload execution.
The organization ensures that approved workloads cannot be exploited by a compromised host to exfiltrate confidential information. Beyond verifying that individual operations do not leak data, this requires preventing composition attacks where small operations are sequenced to construct exfiltration channels.
Example approaches include task sequence verification, where firmware ensures operations execute in an approved sequence preventing a host from constructing malicious workflows, and restricting workloads to fused kernels that have been verified to not exfiltrate data individually or through composition.