Skip to main content

37 posts tagged with "Event"

View All Tags

Richard Zak
Nick Vidal

Title: Cryptle: a secure multi-party Wordle clone with Enarx
Author: Richard Zak, Nick Vidal, Tom Dohrmann
Date: August 13, 2022

Wordle is a popular web-based game, where a single player has to guess a five-letter word in six attempts, with yellow/green colored titles shown as hints in each round, indicating letters that match with the secret word.

We’ve created an open source clone of Wordle called Cryptle, with the goal of demonstrating data encryption in use, where the processing of the data is done in a Trusted Execution Environment (TEE), and only accessible to the Cryptle application. Cryptle is similar to Wordle but one important difference is that it is multi-party and the secret words are suggested by the players themselves. Each player proposes words that are most likely to match those sent by others. The words are sent to the Cryptle application deployed and running in an Enarx Keep (a specific TEE instance) and are only revealed to the players when there’s a match between the secret words.

The standard way to engage with the game is for players to guess the secret words by playing Cryptle from the client side. However, we will also be allowing an alternative: players may write an open source application which runs with root privileges on the host side and attempts to derive or otherwise guess the secret words. Since Cryptle makes use of Confidential Computing, players shouldn't be able to read what's in memory, even with root access. We'll provide an overview of an exploit of Enarx and we'll explain how we were able to fix it. Attendees will be invited to find new vulnerabilities as part of the Cryptle Hack Challenge.

Source: DEFCON 2022

Link: https://defcon.org

Richard Zak
Nick Vidal

Title: Owned or pwned? No peekin' or tweakin'!
Author: Richard Zak, Nick Vidal
Date: August 12, 2022

The Cloud is just somebody else's computer. So when you run a workload on a cloud host, anyone who owns (or pwns) that system can peek or tweak the data or even the application itself. You have no confidentiality or integrity protection from your Cloud Service Provider, rogue sysadmins, or just anyone who compromises their machines.

But being pwned does not necessarily mean it’s endgame. Confidential Computing uses hardware-based Trusted Execution Environments to provide confidentiality and integrity even in the most vulnerable scenarios.

This session will define Confidential Computing at a technical level and discuss current and upcoming hardware that have support for it. Later, we’ll introduce Enarx, an open source Linux Foundation project, and present a live demo to showcase Confidential Computing in a system that has been “pwned.”

Source: DEFCON 2022

Link: https://defcon.org

Nathaniel McCallum

The Southern California Linux Expo (SCaLE) is an annual open source conference held in Los Angeles, California, since 2002.

Last weekend, Enarx co-founder Nathaniel McCallum gave two talks at SCaLE:

  • Confidential Computing: why it HAS to be open source
  • Wyrcan: the Container Bootloader Saga

Source: Enarx's Blog

Link: https://blog.enarx.dev/enarx-at-scale/

Nathaniel McCallum

Title: Wyrcan: the Container Bootloader Saga
Author: Nathaniel McCallum
Date: July 31, 2022

Wyrcan is a bootloader that boots into a container. That's all it does.

But of course, that's not the only thing that Wyrcan implies. Using Wyrcan to boot a container also means that you can use a tried and trusted software packaging ecosystem to have a bare-metal OS that is:

  • Stateless: Booting a container with Wyrcan means that nothing is installed on the disk. There is no state to manage except the state you put into your container. You never have to worry about whether packages are updated: you can schedule reboots to make sure you always have the latest OS. And if all your mounts of local storage are noexec, you can just reboot when compromised.
  • Memory-Resident: The full operating system is resident in RAM. That means it is fast. However, you can also set up swap in your container so that unused pages are written to disk, saving memory for your application.
  • Declarative: Your bare-metal operating system is developed using the same delarative tooling that you have come to expect from the container development pipeline. But your OS config in git. Host it in your favorite git forge (GitHub, GitLab, Bitbucket, etc). Build the images automatically. Host them in your favorite container repo.

Source: SCALE 19x 2022

Link: https://www.socallinuxexpo.org/scale/19x/presentations/wyrcan-container-bootloader-saga

Nathaniel McCallum

Title: Confidential Computing: why it HAS to be open source
Author: Nathaniel McCallum
Date: July 30, 2022

Confidential Computing is the use of hardware-based TEEs (e.g. Intel's SGX and AMD's SEV) to protect data and applications in use: that means that you can run workloads on a compromised or malicious system while still be assured that their confidentiality and integrity is protected. Setting this all up and deploying it is complex and has lots of moving parts. This session will discuss the core components, and look at the impact of who's running them, who supplied them, and whether they're open source. It will use the Enarx project (https://enarx.dev) as an example open source project to show what choices can be made to prioritise security and the importance of openness (in not just the code, but it's development) to the project and its success.

Source: SCALE 19x 2022

Link: https://www.socallinuxexpo.org/scale/19x/presentations/confidential-computing-why-it-has-be-open-source

Nick Vidal

Title: Bootstrapping a Community through Mentorship
Author: Nick Vidal
Date: June 25, 2022

We'll be presenting the strategies that we used to bootstrap our community. Enarx is an open source project part of the Confidential Computing Consortium from the Linux Foundation. Confidential Computing is a relatively new area which most developers are not familiar with. The Enarx project partnered with Outreachy (a diversity initiative from the Software Freedom Conservancy) and LFX Mentorship (from the Linux Foundation) to welcome five interns, who had zero knowledge of Confidential Computing. During just a few of months, they learned the basics and started building demos, from simple to more complex. They had the opportunity to showcase their demos at their first conference (Open Confidential Computing Conference), and have helped the Enarx project to be part of conferences in Africa (Open Source Festival) and Asia (FOSSASIA) for the first time. By creating a mentorship program, we were able to grow our community in a healthy and diverse way, where everyone helped each other to learn more about this new area and to promote it at conferences around the world.

Source: Open Source Summit NA 2022

Link: https://ossna2022.sched.com/event/11Nh2/bootstrapping-a-community-through-mentorship-nick-vidal-profian