Big tech companies are adopting a new security model called confidential computing to protect data while it’s in use

Source: IEEE Spectrum

Link: https://spectrum.ieee.org/what-is-confidential-computing

Wasm offers the sort of platform-independence and easy integration that security-conscious developers and enterprises are looking for.

Source: Opensource.com

Link: https://opensource.com/article/20/5/wasm-security

Demoing the same binary in very different TEEs.

Source: Alice, Eve and Bob – a security blog

Link: https://aliceevebob.com/2020/04/28/an-enarx-milestone-binaries/

Encryption in transit: done. Encryption at rest: done. Encryption in use? That's what Enarx aims to solve using TEEs and by providing a practical application deployment system plus hardware attestation. This demo from Mike Bursell and Nathaniel McCallum will show basic Enarx functionality on actual hardware.

Source: Red Hat Community Central

Link: https://www.youtube.com/watch?v=5wrQSe-IdMI

How fully can you trust the host you run your applications on—not just the software stack, but the sysadmins, BIOS, firmware and more? This webcast will show you how Enarx, a Red Hat open-source project, uses trusted execution environments to allow you to run sensitive applications on fundamentally untrusted hosts.

Source: RSA Conference 2020

Link: https://www.youtube.com/watch?v=AQD5enwA6aM

In this talk, we will explain the security and confidentiality implications of current software deployment, the possibilities offered by Trusted Execution Environments as well as the new challenges they create, and present Enarx, a project supported by Red Hat and part of the Confidential Computing Consortium, which works to streamline secure software deployment while maintaining the highest security standards.

Source: DevConf.CZ 2020

Link: https://www.youtube.com/watch?v=0MPCT2ocFIo

Cloud-based services have introduced a new kind of workload composed mainly by short-lived, ephemeral processes. This is a significant departure from traditional virtualization workloads, where VMs (Virtual Machines) are expected to run uninterrupted for a large amount of time, even surviving Host migrations. New needs called for new optimization techniques, which in turn triggered the creation of specialized VMMs (Virtual Machine Monitors) and the adaptation of the existing ones, alongside with the development of new isolation techniques.

Source: DevConf.CZ 2020

Link: https://www.youtube.com/watch?v=ZXSCIYbop0g

Over the past few years, it's become difficult to find a website that is just "http://…" This is because the industry has finally realised that security on the web is "a thing," and also because it has become easy for both servers and clients to set up and use HTTPS connections. A similar shift may be on its way in computing across cloud, edge, Internet of Things, blockchain, artificial intelligence, machine learning, and beyond. We've known for a long time that we should encrypt data at rest (in storage) and in transit (on the network), but encrypting it in use (while processing) has been difficult and expensive. Confidential computing—providing this type of protection for data and algorithms in use using hardware capabilities such as trusted execution environments (TEEs)—protects data on hosted systems or vulnerable environments.

Source: Opensource.com

Link: https://opensource.com/article/20/1/confidential-computing

This year has, for me, been pretty much all about the Enarx project.  I’ve had other work that I’ve been doing, including meeting with customers, participating in work with IBM (who acquired the company I work for, Red Hat, in July), looking at Kubernetes security, interacting with partners and a variety of other important pieces, but it’s been Enarx that has defined 2019 for me from a work point of view.

Source: Alice, Eve and Bob – a security blog

Link: https://aliceevebob.com/2019/12/31/2019-a-year-of-enarx/

Many CISOs, CSOs, and CIOs continue to struggle to protect data from sophisticated cross-cloud orchestration and cross-tenant attacks, among others. It’s a modern variation of a familiar challenge: balancing security and privacy with usability. While placing and processing intellectual property on shared servers is fraught, experts say the risk can and must be managed. That’s the aim of a new cross-industry effort, the Confidential Computing Consortium. Founded in 2019, the collaboration operates within The Linux Foundation. Its mission is defining and promoting adoption of confidential computing, which protects sensitive data within system memory, a new favored target for attackers. Backers include industry heavyweights Alibaba, ARM, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, and Tencent.

Source: VentureBeat

Link: https://venturebeat.com/2019/12/31/protecting-public-cloud-and-edge-data-with-confidential-computing/