Skip to main content

37 posts tagged with "Event"

View All Tags

Nick Vidal

Title: Confidential Computing: the next frontier for data protection
Author: Nick Vidal
Date: June 6, 2022

As organizations from different sectors move their computing workloads across multiple environments, from on-premises to public cloud to Edge, they require greater assurances that their sensitive code and data are protected.

There are three states in which data can be protected: at rest, in transit, and in use. Encrypting data at rest and in transit have become a common practice in cloud computing, while encrypting data in use (the core idea behind Confidential Computing) is still an emerging concern.

Enarx is a leading open source project part of the Confidential Computing Consortium that encrypts and provisions applications and data, providing a hardware-based solution to this need to maintain data confidentiality and integrity in use, regardless of who might own or have access to the host system on which the application is running. We plan to demonstrate how Enarx accomplishes this.

The Confidential Computing Consortium (CCC) is a project community at the Linux Foundation dedicated to defining and accelerating the adoption of confidential computing. It embodies open governance, open collaboration, and open source software.

As a member of the Confidential Computing Consortium and as a community manager of the Enarx project, I hope to demonstrate how Confidential Computing can help organizations - from sectors like healthcare, government & public sector, and human rights - to take advantage of the Cloud while still maintaining data confidentiality and integrity.

Source: RightsCon 2022

Link: https://www.rightscon.org/program/

Nick Vidal

Profian is attending KubeCon + CloudNativeCon Europe, in Valencia, Spain. Around 7500 attendees from across the world are participating. Profian is a Gold sponsor of Wasm Day, a co-located event in its third edition, bringing together the WebAssembly community specially interested in using Wasm on the server-side.

Source: Profian's Blog

Link: https://blog.profian.com/wasm-day-at-kubecon-cloudnativecon-europe-2022/

Nathaniel McCallum
Harald Hoyer

Title: WASI Networking: Towards a World Wide WebAssembly
Author: Nathaniel McCallum, Harald Hoyer
Date: May 16, 2022

The advancement of WASI, the WebAssembly System Interface, is key to pushing WebAssembly beyond the browser - from the Cloud to the Edge - allowing developers to build applications that are capable of running in a wide range of architectures and interfacing with an array of systems. One of the most exciting developments has been WASI’s networking support, which will unleash a whole new set of applications. In this session, we’ll explore the current state of WASI networking and cover the recent implementation of sock_accept(). Next, we’ll demonstrate a Wasm server using the Rust mio framework, along with some examples of networked applications. Finally, we’ll discuss the next steps towards building a full fledged networking API and the future of network-enabled WebAssembly applications, including some considerations with regards to deploying network identities and security implications.

Source: KubeCon / Wasm Day Europe 2022

Link: https://blog.profian.com/wasi-networking/

Mike Bursell

Title: Building an open company around an open source project
Author: Mike Bursell
Date: March 29, 2022

Enarx is an open source security project in Confidential Computing. About 2 years after its inception, we decided to start a company around it – and we wanted to make the company open, too. What were the challenges, and how did we address them? How to balance community growth against product development? Should design and development stay in the open? How should we manage issues, PRs, documentation?

We made some mistakes along the way, we’ve done some things right, and we’re still learning, but come along to understand and join us on our journey.

Source: Open Source 101 2022

Link: https://opensource101.com/sessions/building-an-open-company-around-an-open-source-project/

Nick Vidal

Title: From zero to hero: making Confidential Computing accessible
Author: Nick Vidal
Date: February 17, 2022

How can we make Confidential Computing accessible, so that developers from all levels can quickly learn and use this technology? In this session, we welcome three Outreachy interns, who had zero knowledge of Confidential Computing, to showcase what they've developed in just a few months.

Source: OC3 2022

Link: https://www.oc3.dev

Mike Bursell

Title: Understanding trust relationships for Confidential Computing
Author: Mike Bursell
Date: February 17, 2022

Confidential Computing requires trust relationships. What are they, how can you establish them, and what are the possible pitfalls? Our focus will be cloud deployments, but we will look at other environments such as telecom and Edge.

Source: OC3 2022

Link: https://www.oc3.dev

Mike Bursell

Title: Logging, debugging and error management in Confidential Computing
Author: Mike Bursell
Date: Saturday, February 5, 2022, 13:25 AM - 13:50

Debugging applications is an important part of the development process. However, error messages and general logging can leak sensitive data, and in some cases even compromise your whole stack, as developers worldwide have recently learned from the log4j vulnerability.

With Confidential Computing, the world gets much more complicated, as every piece of information that a malicious entity on the host (including the host itself!) can gather may be leaking vital information about your workload. This talk details some of the problems that arise, and discusses some options to address them whilst considering real life workloads and application lifecycles.

Full Abstract

Log entries and other error messages can be very useful, but they can also provide information to other parties - sometimes information which you’d prefer they didn’t have. This is particularly true when you are thinking about Confidential Computing: running applications or workloads in environments where you really want to protect the confidentiality and integrity of your application and its data.

This talk examines some of the issues that we need to consider when designing Confidential Computing frameworks, the applications we run in them, and their operations. Designers and architects of the TEE infrastructure and even, to a lesser extent, of potential workloads themselves, need to consider very carefully the impact of host gaining access to messages associated with the workload and the infrastructure components. It is, realistically, infeasible to restrict all communication to levels appropriate for deployment, so it is recommended that various profiles are created which can be applied to different stages of a deployment, and whose use is carefully monitored, logged (!) and controlled by process.

Source: FOSDEM 2022

Link: https://fosdem.org/2022/schedule/track/hardware_aided_trusted_computing/

Nick Vidal

Title: WebAssembly + Confidential Computing
Author: Nick Vidal
Date: Saturday, February 5, 2022, 10:55 AM - 11:20 AM

The Enarx project reached a huge milestone: its first official release, featuring WebAssembly runtime. WebAssembly and Confidential Computing are a great match because WebAssembly offers developers a wide range of language choices, it works across silicon architectures, and it provides a sandboxed environment. This presentation will highlight the benefits of WebAssembly to Confidential Computing and showcase some demos.

Full Abstract

After 3 years since its inception, the Enarx project finally had its first official release, bringing WebAssembly to Confidential Computing.

Enarx is a deployment framework for running applications in TEE instances – which we refer to as “Keeps” – without the need to trust lots of dependencies, without the need to rewrite the application, and without the need to implement attestation separately.

The WebAssembly runtime, based on wasmtime, offers developers a wide range of language choices for implementation, including Rust, C, and C++. It is designed to work across silicon architectures transparently to the user so that the application can run equally simple on Intel platforms (SGX or the recently-announced TDX), AMD platforms (SEV) or forthcoming platforms such as Arms’ Realms and IBM’s PEF - all without having to recompile the application code. WebAssembly's sandbox model offers an extra layer of protection, isolating the application from the host.

Source: FOSDEM 2022

Link: https://fosdem.org/2022/schedule/track/hardware_aided_trusted_computing/

Mike Bursell

Title: Dr CloudLove, or how I learned to trust my CSP (not)
Author: Mike Bursell
Date: Tuesday, December 7, 2021, 11:00 AM - 11:45 AM

The Cloud is just somebody else’s computer. So when you run a workload on a cloud host, anyone who owns (or pwns) that system can look into it or change the data or event the application itself. You have no confidentiality or integrity protection from your Cloud Service Provider, rogue sysadmins or just anyone who compromises their machines. Confidential computing uses hardware-based trusted execution environment (e.g. Intel SGX, AMD SEV or Arm 9 Realms) to provide these protections, but it’s difficult to use and complex to understand.

This session will introduce the problem at a technical level, explain some of the solutions, and discuss why confidential computing is on its way – but not an easy fix (yet). Come and be amused, horrified, and excited; all in one presentation.

Source: SecurityWeekly Unlocked 2021

Link: https://events.securityweekly.com/unlocked2021