If you’re designing a project where security is uppermost, but you want to make it easy to use and compatible with multiple platforms (existing and future), what principles should you follow, and how do they translate into an architecture and actual code. We’ll present the 10 security design principles of the Enarx project, and discuss why they led us to where we are today: a Rust-based open source project with a WebAssembly run-time.
Source: FOSDEM 2021
As the requirement for confidential computing increases, there is a need for portability of workloads between clouds, the Edge and beyond.Enter Enarx. Coded in Rust from the ground up to provide confidential computing and portability. Enarx is a platform built to operate across hardware platforms and run any code compiled in WebAssembly. Enarx is a completely open source project, working across hardware solutions and welcoming contributors up and down the stack. Find out about where we are now, what you might be able to help with next, and learn how it might fit in your deployment plans.
Source: Confidential Computing Consortium
What does Confidential Computing mean? https://www.ukrise.org/wp-content/uploads/2020/11/Confidential%20Computing%20v01.pdf
Source: UK RISE Annual Conference 2020
Deploying applications to the Cloud (or IoT, or the Edge) is all very well ... until you start running sensitive workloads. Can you trust the OS? The hypervisor? The stack? The cloud provider? The host owner? We all know that the answer to all of these is not always "yes": Enarx is a project using the hardware-based secuirty of TEEs (Trusted Execution Environments), to reduce the number of components and parties you need to trust. Find out how it works, why it uses WebAssembly for your runtime, and how to contribute.
Source: DevConf 2020
A presentation with demos to show the latest state of the Enarx project, shown at DevConf.US in September 2020.
Source: DevConf US 2020
Traditionally, when you run a workload in a VM, container or in a serverless environment, that workload is vulnerable to interference by any person or software with hypervisor, root or kernel access. That turns out to be quite a few people one has little choice but to trust, both in the cloud, of course, but also on one’s own hardware. The Enarx project aims to mitigate this by leveraging the hardware-based security properties offered by the Trusted Execution Environments (TEEs) found on recent CPUs. Enarx will make it simple to deploy workloads to a variety of TEEs in the public cloud, making it possible to deploy confidential workloads to third party servers without needing to relinquish trust to those who operate them.
Source: Pass the SALT
Link: https://passthesalt.ubicast.tv/videos/2020-enarx-secured-attested-execution-on-any-cloud/
Running Sensitive Workloads on Untrusted Hosts: Project Enarx
Source: Embedded Linux Conference North America 2020
Encryption in transit: done. Encryption at rest: done. Encryption in use? That's what Enarx aims to solve using TEEs and by providing a practical application deployment system plus hardware attestation. This demo from Mike Bursell and Nathaniel McCallum will show basic Enarx functionality on actual hardware.
Source: Red Hat Community Central
How fully can you trust the host you run your applications on—not just the software stack, but the sysadmins, BIOS, firmware and more? This webcast will show you how Enarx, a Red Hat open-source project, uses trusted execution environments to allow you to run sensitive applications on fundamentally untrusted hosts.
Source: RSA Conference 2020
In this talk, we will explain the security and confidentiality implications of current software deployment, the possibilities offered by Trusted Execution Environments as well as the new challenges they create, and present Enarx, a project supported by Red Hat and part of the Confidential Computing Consortium, which works to streamline secure software deployment while maintaining the highest security standards.
Source: DevConf.CZ 2020