Skip to main content

Nick Vidal

We're pleased to announce that Profian has joined the Confidential Computing Consortium, a Linux Foundation community dedicated to defining and accelerating the adoption of Confidential Computing. Profian believes that working together with the Linux Foundation and other organizations to make Confidential Computing accessible, well understood, and built in a standardized way is not only important, but key to bringing cryptographic proof and verifiable trust to general computing. By joining the Confidential Computing Consortium, it reaffirms its commitment to advance this technology that will have a major impact across all industries.

Source: Profian's Blog

Link: https://blog.profian.com/profian-joins-confidential-computing-consortium/

  • axel
  • Ben
  • Mike
  • Nick
  • Shaun

Agenda

General discussion

Blog

Enarx's Blog is now live. Nick is coordinating with Ashley and the Linux Foundation to configure DNS for blog.enarx.dev. First post about the New Custodian was published yesterday at:

https://enarx.ghost.io/

Enarx Keeploader

As we are getting ready for our first release, Nathaniel has recommended that we give more visibility to enarx-keepldr. We also heard feedback from new users who couldn't find their way around running enarx just by looking at the current enarx/enarx github repo. That's because there is no actual enarx code there, just documentation. So the proposal is to move the enarx/enarx-keepldr code to enarx/enarx, and keep the documentation on enarx/enarx under the wiki. Here's a brief action plan:

  1. Move keepldr code to enarx/enarx (maintains git history)
  2. Remove docs folder from enarx/enarx, and move it to the wiki
  3. Move keepldr wiki (2 pages) to enarx/enarx wiki
  4. Transfer keepldr issues to enarx/enarx
  5. Transfer enarx/enarx non-code issues to enarx/outreach
  6. PRs can still get merged across repos (from keepldr to enarx/enarx)

Vulnerability Disclosure and Embargo Policy

The CCC has again urgently requested that all CCC projects have a disclosure policy. I sent a PR to adopt the Vulnerability Disclosure and Embargo Policy proposed by axel:

https://github.com/enarx/rfcs/tree/master/00002-vulnerability-disclosure-and-embargo-policy

CCC

The TAC has approved Enarx and other CCC projects to be part of the Outreachy program. Besides the benefits of the program itself, another benefit is bringing the CCC projects closer together to collaborate and grow their communities.

Outreachy

The Outreachy community application deadline was extended to October 6. Nick and Ashley already filled out the application.

https://github.com/enarx/outreach/issues/15

https://www.outreachy.org/

Hacktoberfest

Hacktoberfest's website is now live. We are aiming to build simple demos on top of Enarx.

https://github.com/enarx/outreach/issues/14

https://hacktoberfest.digitalocean.com/

Events

Open Source Summit

Some CCC US-based members are currently at the OSS. Mike was in a panel (virtual):

https://osselc21.sched.com/event/lAUA/panel-discussion-evolving-the-confidential-computing-consortium-non-profit-collaboration-for-growth-stephen-walli-aeva-black-microsoft-mike-bursell-congruus

Enigma / Usenix

Results for Enigma will come on the 30th:

https://www.usenix.org/conference/enigma2021/call-for-participation

Cloud Security Alliance

Rolling CFP till 2021-December-31. Let's create a proposal in October/November.

https://www.cvent.com/c/abstracts/6e04faab-fd38-4df4-b2a3-2e2780b7c24b

Nick Vidal

The Enarx project has a rich history around openness and collaboration. It was a key project in the foundation of the Confidential Computing Consortium from the Linux Foundation and played an important role in the Bytecode Alliance, the nonprofit behind the WebAssembly standard. The Enarx project was born when Mike Bursell and Nathaniel McCallum came together in November 2018 with an idea to build a architecture-neutral framework to run applications within Trusted Execution Environments (TEEs).

Source: Enarx's Blog

Link: https://enarx.ghost.io/enarx-and-a-new-custodian/

The Confidential Computing Consortium launched under the Linux Foundation umbrella two years ago. It continues to grow and thrive. This panel looks at why various partners joined and continue to join, the deal for partners, the challenges of managing a non-profit, and the importance of establishing culture early. It tackles it from multiple perspectives (start-ups and well established public companies, and levels of membership). The panel participants have broad experience across a number of non-profit organizations in the broad open source community. The group also represents a diversity of perspectives of the workings of the committees of the Consortium.

Source: Open Source Summit 2021

Link: https://osselc21.sched.com/event/lAUA/panel-discussion-evolving-the-confidential-computing-consortium-non-profit-collaboration-for-growth-stephen-walli-aeva-black-microsoft-mike-bursell-congruus?iframe=no

  • axel
  • Ben
  • Mike
  • Nick
  • Shaun

Agenda

General discussion

Blog

Enarx's Blog is now live and the first drafts are being created. The final URL will be: http://blog.enarx.dev

CCC

The TAC has approved Enarx and other CCC projects to be part of the Outreachy program. Besides the benefits of the program itself, another benefit is bringing the CCC projects closer together to collaborate and grow their communities.

Outreachy

The Outreachy community application deadline was extended to September 17. Nick and Ashley will fill out the application on the 15th.

https://github.com/enarx/outreach/issues/15

https://www.outreachy.org/

Hacktoberfest

Hacktoberfest's website is now live. We are aiming to build simple demos on top of Enarx.

https://github.com/enarx/outreach/issues/14

https://hacktoberfest.digitalocean.com/

Events

Open Source Summit

Several CCC members will be presenting at the OSS, but participating will mostly be virtual. Mike will participate in a panel:

https://osselc21.sched.com/event/lAUA/panel-discussion-evolving-the-confidential-computing-consortium-non-profit-collaboration-for-growth-stephen-walli-aeva-black-microsoft-mike-bursell-congruus

Cloud Security Alliance

Rolling CFP till 2021-December-31. Let's create a proposal in October/November. https://www.cvent.com/c/abstracts/6e04faab-fd38-4df4-b2a3-2e2780b7c24b

Book

Mike announced his upcoming book Trust in Computer Systems and the Cloud with a chapter dedicated to Confidential Computing.

As an emerging technique for confidential computing, trusted execution environment (TEE) receives a lot of attention. To better develop, deploy, and run secure applications on a TEE platform such as Intel's SGX, both academic and industrial teams have devoted much effort to developing reliable and convenient TEE containers. In this paper, we studied the isolation strategies of 15 existing TEE containers to protect secure applications from potentially malicious operating systems (OS) or untrusted applications, using a semi-automatic approach combining a feedback-guided analyzer with manual code review. Our analysis reveals the isolation protection each of these TEE containers enforces, and their security weaknesses. We observe that none of the existing TEE containers can fulfill the goal they set, due to various pitfalls in their design and implementation. We report the lessons learnt from our study for guiding the development of more secure containers, and further discuss thetrend of TEE container designs. We also release our analyzer that helps evaluate the container middleware both from the enclave and from the kernel.

Source: arXiv.org

Link: https://arxiv.org/abs/2109.01923

  • Nick
  • Shaun

Agenda

General discussion

Meetings

Thanks to axel, meetings are now using Jitsi so anyone can participate (no need to request access): https://meet.jit.si/EnarxOutreach

Blog

We'll likely be using Ghost as the blogging platform for Enarx. It's open source, based on Node.js, and has managed hosting. We also looked into WordPress - which is the "standard - but one key advantage of Ghost is that it provides native support for email newsletters. It manages members and subscriptions and allows you to segment the user base. Other advantages of Ghost include: a) native markdown support, b) a more minimalist approach, and c) a more modern architecture. It also provides webhooks and a REST API for integrations. By the next meeting, we should have the Enarx Blog up and running.

CCC

Ashley and Ben both added the Outreachy proposal to the agenda of the CCC Outreach and TAC meetings. The TAC will make a decision by September 9 (TAC's next meeting). The Outreachy community application deadline is September 10.

Outreachy

Nick and Shaun agreed that we should have the Outreachy application ready for both cases, where CCC supports us, or where we apply on our own as Enarx. https://github.com/enarx/outreach/issues/15

Hacktoberfest

We should start planning for Hacktoberfest, with a focus on building simple demos to demonstrate Enarx. Nick will work with Will next week to get this going: https://github.com/enarx/outreach/issues/14

Events

Enigma / Usenix

Proposal sent to Enigma successfully: https://www.usenix.org/conference/enigma2021/call-for-participation

Cloud Security Alliance

Rolling CFP till 2021-December-31. Let's create a proposal in October/November. https://www.cvent.com/c/abstracts/6e04faab-fd38-4df4-b2a3-2e2780b7c24b

Enarx Sticker Design

Added Enarx sticker design to the image assets. Who's traveling to Open Source Summit? Given COVID and the Delta variant, we don't think we'll make it. Should we send stickers to people anyways? To whom? Perhaps a marketing campaign to go along with the CCC Survey Report. https://github.com/enarx/enarx.github.io/tree/master/assets/images

Recently, Confidential computing plays an important role in next-generation cloud technology along with the development of trusted execution environments(TEEs), as it guarantees the trustworthiness of applications despite of untrusted nature of the cloud. Both academia and industry have actively proposed commercialized confidential computing solutions based on Intel SGX technology. However, the lack of clear criteria makes developers difficult to select a proper confidential computing framework among the possible options when implementing TEE-based cloud applications. In this paper, we derive baseline metrics that help to clarify the pros and cons of each framework through in-depth comparative analysis against existing confidential computing frameworks. Based on the comparison, we propose criteria to application developers for effectively selecting an appropriate confidential computing framework according to the design purpose of TEE-based applications.

Source: Journal of the Korea Institute of Information Security & Cryptology

Link: https://www.koreascience.or.kr/article/JAKO202125141277154.page

Although WebAssembly brings languages other than HTML, CSS and JavaScript to the browser, it’s not a JavaScript replacement and it takes a very different approach from Flash, Active X plugins and other techniques that encapsulated non-web code for browsers. Think of it as a small, fast, efficient and very secure, stack-based virtual machine that doesn’t care what CPU or OS it runs on, that’s designed to execute portable bytecode β€” compiled from code originally written in C, C++, Rust, Python or Ruby β€” at near-native speed. WebAssembly doesn’t only run in the browser: It started on the client, but is proving very useful on the server.

Source: The New Stack

Link: https://thenewstack.io/what-is-webassembly/