Update term_specification_matrix.md

Updated CC definitions from Bursell

term_specification_matrix.md

@@ -4,18 +4,19 @@ This matrix provides an overview of key terms related to Confidential Computing,
 
 ## Matrix
 
-| Term                             | Definition (Summarized)                                                                                                                    | Linked Resources                                                                                                             | Underspecified?                                                                                                                  |
-|----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------|
-| **Confidential Computing**       | Protects data in use within a hardware-based, attested TEE, focusing on data confidentiality, integrity, and code integrity.                | [CCC](https://confidentialcomputing.io), [Intel](https://www.intel.com/content/www/us/en/develop/topics/confidential-computing.html), [IBM](https://www.ibm.com/topics/confidential-computing) | No                                                                                                                              |
-| **Workload Identity**            | Identity assigned to software workloads for authentication and access management across services and resources.                             | [Microsoft Learn](https://learn.microsoft.com/en-us/entra/workload-id/workload-identities-overview), [TechTarget](https://www.techtarget.com)                                           | Yes, different usages across cloud providers (Microsoft, AWS, Google Cloud).                                                     |
-| **Remote Attestation**           | Validates the integrity of a device or application, ensuring it operates in a trusted environment.                                         | [IETF RFC 9334](https://datatracker.ietf.org/doc/html/rfc9334), [CCC Blog](https://confidentialcomputing.io/2023/04/06/why-is-attestation-required-for-confidential-computing/)         | No                                                                                                                              |
-| **Enclave**                      | A protected area within a TEE safeguarding code and data from external access.                                                             | [CCC Technical Analysis](https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/03/CCC-A-Technical-Analysis-of-Confidential-Computing-v1.3_unlocked.pdf)                     | No                                                                                                                              |
-| **TEE**                          | Secure area of a processor designed to protect code and data, ensuring confidentiality and integrity.                                       | [CCC Technical Analysis](https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/03/CCC-A-Technical-Analysis-of-Confidential-Computing-v1.3_unlocked.pdf), [IEEE](https://ieeexplore.ieee.org/document/7345265) | No |
-| **TCB**                          | The set of critical components for a system's security, including hardware, firmware, and software.                                        | [NIST](https://csrc.nist.gov/glossary/term/trusted_computing_base), [Microsoft Azure](https://learn.microsoft.com/en-us/azure/confidential-computing/trusted-compute-base)             | Yes, broad in tech                                                                                                               |
-| **Memory Isolation**             | Security feature preventing unauthorized access to data in memory.                                                                         | [Microsoft Azure](https://learn.microsoft.com/en-us/azure/confidential-computing/choose-confidential-containers-offerings)                                                           | Yes, common in computing                                                                                                         |
-| **Measurements**                 | Process of assessing the state of a system or components to ensure integrity.                                                              | [NIST on Root of Trust](https://csrc.nist.gov/glossary/term/roots_of_trust)                                                    | Yes, varies in context                                                                                                           |
-| **Root of Trust**                | Fundamental functions trusted by the operating system to build security and trust.                                                         | [NIST](https://csrc.nist.gov/glossary/term/roots_of_trust)                                                                     | No                                                                                                                               |
-| **Attestation Verification Service** | Services that verify the integrity and authenticity of attestations in secure computing environments, playing a critical role in establishing trust. | [Azure Attestation](https://learn.microsoft.com/en-us/azure/attestation/overview), [Red Hat on Confidential Computing](https://www.redhat.com), [Veraison Project on GitHub](https://github.com/veraison) | Yes, application varies across technology stacks (e.g., Azure Confidential Computing, TPM-based systems, and broader confidential computing scenarios). |
+| Term                                  | Definition (Summarized)                                                                                                                    | Linked Resources                                                                                                             | Underspecified?                                                                                                                  |
+|---------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------|
+| **Confidential Computing**            | The protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment.                        | [CCC](https://confidentialcomputing.io)                                                                                      | No                                                                                                                              |
+| **Workload Identity**                 | Identity assigned to software workloads for authentication and access management across services and resources.                             | [Microsoft Learn](https://learn.microsoft.com/en-us/entra/workload-id/workload-identities-overview), [TechTarget](https://www.techtarget.com)                                           | Yes, different usages across cloud providers (Microsoft, AWS, Google Cloud).                                                     |
+| **Remote Attestation**                | A process whereby a system produces information about itself (typically cryptographically-backed) and another party verifies that information, allowing decisions to be made about what types of trust relationships are appropriate to the first system. | [IETF RFC 9334](https://datatracker.ietf.org/doc/html/rfc9334), [CCC Blog](https://confidentialcomputing.io/2023/04/06/why-is-attestation-required-for-confidential-computing/)         | No                                                                                                                              |
+| **Enclave**                           | A protected area within a TEE safeguarding code and data from external access.                                                             | [CCC Technical Analysis](https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/03/CCC-A-Technical-Analysis-of-Confidential-Computing-v1.3_unlocked.pdf)                     | No                                                                                                                              |
+| **TEE** (Trusted Execution Environment) | An environment that provides a level of assurance of data confidentiality, integrity, and code integrity by preventing unauthorized entities from viewing, altering, or tampering with data and code in use within the TEE. | [CCC](https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/03/CCC-A-Technical-Analysis-of-Confidential-Computing-v1.3_unlocked.pdf)                                      | No                                                                                                                              |
+| **TCB** (Trusted Computing Base)      | A set of components that can be known and defined, evaluated and verified by a trusting party or its agents, expected to continue in the same state, and used as the foundation for other services or systems. This represents the critical security components including hardware, firmware, and software. | [Wikipedia](https://en.wikipedia.org/wiki/Trusted_computing_base), [Bursell, Mike (2021) Trust in Computer Systems and the Cloud](https://www.wiley.com), [NIST](https://csrc.nist.gov/glossary/term/trusted_computing_base), [Microsoft Azure](https://learn.microsoft.com/en-us/azure/confidential-computing/trusted-compute-base) | Yes, broad in tech, with variations in trust relationships and confidential computing contexts.                                   |
+| **Memory Isolation**                  | Security feature preventing unauthorized access to data in memory.                                                                         | [Microsoft Azure](https://learn.microsoft.com/en-us/azure/confidential-computing/choose-confidential-containers-offerings)                                                           | Yes, common in computing                                                                                                         |
+| **Measurements**                      | Process of assessing the state of a system or components to ensure integrity.                                                              | [NIST on Root of Trust](https://csrc.nist.gov/glossary/term/roots_of_trust)                                                    | Yes, varies in context                                                                                                           |
+| **Root of Trust**                     | A static component in a system whereby an endorsing authority allows trustors to assume trust in the system in which the anchor is contained. Trust in the root of trust is assumed, based on the endorsing authority, rather than derived. | [Wikipedia on Trust Anchor](https://en.wikipedia.org/wiki/Trust_anchor), [Bursell, Mike (2021) Trust in Computer Systems and the Cloud](https://www.wiley.com)                         | No, but distinct from a trust anchor.                                                                                            |
+| **Attestation Verification Service**  | Services that verify the integrity and authenticity of attestations in secure computing environments, playing a critical role in establishing trust. | [Azure Attestation](https://learn.microsoft.com/en-us/azure/attestation/overview), [Red Hat on Confidential Computing](https://www.redhat.com), [Veraison Project on GitHub](https://github.com/veraison) | Yes, application varies across technology stacks (e.g., Azure Confidential Computing, TPM-based systems, and broader confidential computing scenarios). |
+
 
 ## Overview