A list of past events is available at:
Title: Package Transparency for WebAssembly Registries
Authors: Kyle Brown, Nathaniel McCallum
Date: February 1, 2023
WebAssembly (Wasm) is a significant advancement in the portability and security of code, but for Wasm to be useful we need a way to publish and distribute it. This presents a unique opportunity to correspondingly advance the state of the art in supply chain security. That's why the Bytecode Alliance, a Wasm-focused non-profit, is working on developing a new registry protocol for Wasm packages, with security at the center, called warg. Warg is designed to offer "Package Transparency" by building on verifiable data structures from the field of Certificate Transparency. This means that the entire state of a registry can be validated by monitors, replicated by mirrors, and operator compromise can easily be detected. Come attend the talk to learn more about it from two Registry SIG members and implementors!
Source: CloudNative SecurityCon 2023
Title: Building a secure network of trusted applications on untrusted hosts
Authors: Roman Volosatovs
Date: February 4, 2023
Deploying to "the cloud" is incredibly convenient, but that convenience normally comes at a cost. The host necessarily becomes a major part of the applications trust domain, and a compromised host means a compromised application or a network of thereof. This prevents several highly-regulated sectors, such as medical or financial, from directly deploying to "the cloud" as opposed to building their own infrastructure. Solutions to this problem exist, but most require a custom and correct implementation tied to a particular hardware vendor and SDK. I will present a hardware-agnostic and cloud provider-agnostic solution to this issue, which, with minimal changes to the implementation, can be used to secure a network of applications and demonstrate strong trust assertions produced by doing so.
Source: FOSDEM 2023
Title: We need a Let's Encrypt movement for Confidential Computing
Authors: Nick Vidal, Patrick Uiterwijk
Date: February 5, 2023
Most CISOs and a great majority of developers are not aware of the importance of encrypting data in use (the core idea behind Confidential Computing). Confidential Computing is evolving rapidly and is starting to gain adoption by CSPs, but user adoption is still slow. But what if encrypting data in use became the default way to deploy applications, both in the Cloud and even on premises? In this session, we’ll discuss what are the main roadblocks towards this vision, what we can do about it, and what are the main implications if encrypting data in use becomes the norm.
Source: FOSDEM 2023
State of Open Con 2023
Title: What's the big deal with Confidential Computing?
Authors: Mike Bursell
Date: February 8, 2023
In this session, we will introduce attendees to Confidential Computing and how it encrypts "data in use" within a secure hardware environment called a Trusted Execution Environment (TEE) by restricting access to the applications running on a host to the CPU only. Attendees will also learn how our team combines the power of open source Enarx technology with our third-party attestation service to achieve encrypted workloads using a vendor, language, and hardware-neutral platform.
Source: State of Open Con 2023