43 posts tagged with "Event"

Title: Building an open company around an open source project
Author: Mike Bursell
Date: March 29, 2022

Enarx is an open source security project in Confidential Computing. About 2 years after its inception, we decided to start a company around it – and we wanted to make the company open, too. What were the challenges, and how did we address them? How to balance community growth against product development? Should design and development stay in the open? How should we manage issues, PRs, documentation?

We made some mistakes along the way, we’ve done some things right, and we’re still learning, but come along to understand and join us on our journey.

Source: Open Source 101 2022

Link: https://opensource101.com/sessions/building-an-open-company-around-an-open-source-project/

Title: From zero to hero: making Confidential Computing accessible
Author: Nick Vidal
Date: February 17, 2022

How can we make Confidential Computing accessible, so that developers from all levels can quickly learn and use this technology? In this session, we welcome three Outreachy interns, who had zero knowledge of Confidential Computing, to showcase what they've developed in just a few months.

Source: OC3 2022

Link: https://www.oc3.dev

Title: Understanding trust relationships for Confidential Computing
Author: Mike Bursell
Date: February 17, 2022

Confidential Computing requires trust relationships. What are they, how can you establish them, and what are the possible pitfalls? Our focus will be cloud deployments, but we will look at other environments such as telecom and Edge.

Source: OC3 2022

Link: https://www.oc3.dev

Title: Logging, debugging and error management in Confidential Computing
Author: Mike Bursell
Date: Saturday, February 5, 2022, 13:25 AM - 13:50

Debugging applications is an important part of the development process. However, error messages and general logging can leak sensitive data, and in some cases even compromise your whole stack, as developers worldwide have recently learned from the log4j vulnerability.

With Confidential Computing, the world gets much more complicated, as every piece of information that a malicious entity on the host (including the host itself!) can gather may be leaking vital information about your workload. This talk details some of the problems that arise, and discusses some options to address them whilst considering real life workloads and application lifecycles.

Full Abstract

Log entries and other error messages can be very useful, but they can also provide information to other parties - sometimes information which you’d prefer they didn’t have. This is particularly true when you are thinking about Confidential Computing: running applications or workloads in environments where you really want to protect the confidentiality and integrity of your application and its data.

This talk examines some of the issues that we need to consider when designing Confidential Computing frameworks, the applications we run in them, and their operations. Designers and architects of the TEE infrastructure and even, to a lesser extent, of potential workloads themselves, need to consider very carefully the impact of host gaining access to messages associated with the workload and the infrastructure components. It is, realistically, infeasible to restrict all communication to levels appropriate for deployment, so it is recommended that various profiles are created which can be applied to different stages of a deployment, and whose use is carefully monitored, logged (!) and controlled by process.

Source: FOSDEM 2022

Link: https://fosdem.org/2022/schedule/track/hardware_aided_trusted_computing/

Title: WebAssembly + Confidential Computing
Author: Nick Vidal
Date: Saturday, February 5, 2022, 10:55 AM - 11:20 AM

The Enarx project reached a huge milestone: its first official release, featuring WebAssembly runtime. WebAssembly and Confidential Computing are a great match because WebAssembly offers developers a wide range of language choices, it works across silicon architectures, and it provides a sandboxed environment. This presentation will highlight the benefits of WebAssembly to Confidential Computing and showcase some demos.

Full Abstract

After 3 years since its inception, the Enarx project finally had its first official release, bringing WebAssembly to Confidential Computing.

Enarx is a deployment framework for running applications in TEE instances – which we refer to as “Keeps” – without the need to trust lots of dependencies, without the need to rewrite the application, and without the need to implement attestation separately.

The WebAssembly runtime, based on wasmtime, offers developers a wide range of language choices for implementation, including Rust, C, and C++. It is designed to work across silicon architectures transparently to the user so that the application can run equally simple on Intel platforms (SGX or the recently-announced TDX), AMD platforms (SEV) or forthcoming platforms such as Arms’ Realms and IBM’s PEF - all without having to recompile the application code. WebAssembly's sandbox model offers an extra layer of protection, isolating the application from the host.

Source: FOSDEM 2022

Link: https://fosdem.org/2022/schedule/track/hardware_aided_trusted_computing/

Title: Dr CloudLove, or how I learned to trust my CSP (not)
Author: Mike Bursell
Date: Tuesday, December 7, 2021, 11:00 AM - 11:45 AM

The Cloud is just somebody else’s computer. So when you run a workload on a cloud host, anyone who owns (or pwns) that system can look into it or change the data or event the application itself. You have no confidentiality or integrity protection from your Cloud Service Provider, rogue sysadmins or just anyone who compromises their machines. Confidential computing uses hardware-based trusted execution environment (e.g. Intel SGX, AMD SEV or Arm 9 Realms) to provide these protections, but it’s difficult to use and complex to understand.

This session will introduce the problem at a technical level, explain some of the solutions, and discuss why confidential computing is on its way – but not an easy fix (yet). Come and be amused, horrified, and excited; all in one presentation.

Source: SecurityWeekly Unlocked 2021

Link: https://events.securityweekly.com/unlocked2021

The Confidential Computing Consortium launched under the Linux Foundation umbrella two years ago. It continues to grow and thrive. This panel looks at why various partners joined and continue to join, the deal for partners, the challenges of managing a non-profit, and the importance of establishing culture early. It tackles it from multiple perspectives (start-ups and well established public companies, and levels of membership). The panel participants have broad experience across a number of non-profit organizations in the broad open source community. The group also represents a diversity of perspectives of the workings of the committees of the Consortium.

Source: Open Source Summit 2021

Link: https://osselc21.sched.com/event/lAUA/panel-discussion-evolving-the-confidential-computing-consortium-non-profit-collaboration-for-growth-stephen-walli-aeva-black-microsoft-mike-bursell-congruus?iframe=no

Panel discussion

Source: Linaro Connect 2021

Link: https://connect.linaro.org/resources/armcca/confidential-compute-panel-discussion/

In the "arms race" of security, new defensive tactics are always needed. One significant approach is Confidential Computing: a technology that can isolate data and execution in a secure space on a system, which takes the concept of security to new levels. This SNIA Cloud Storage Technologies Initiative (CSTI) webcast provides an introduction and explanation of Confidential Computing and features a panel of industry architects responsible for defining Confidential Compute

Source: SNIA

Link: https://www.youtube.com/watch?v=HnLfKUI0_Y4

How fully can organizations trust the host on which they run their applications? Not just the software stack, but the sysadmins, BIOS, firmware, and the rest? Project Enarx uses TEEs to allow companies to run sensitive applications on fundamentally untrusted hosts, with a minimum trusted compute base. Learn how Enarx combines TEEs, Rust, and WebAssembly to protect workloads.

Source: RSA Conference 2021

Link: https://www.youtube.com/watch?v=ajYWSAwIyPs