Skip to main content

43 posts tagged with "Event"

View All Tags

Richard Zak

Title: Enarx & Steward Attestation Author: Richard Zak
Date: March 28, 2024

A discussion on how Enarx and Steward use Certificate Signing Requests (CSRs) to provide remote attestation of a Keep. Steward is a Confidential Computing-aware Certificate Authority which signs CSRs if and only if all attestation checks are successfully validated. This way, the signed certificate, which is part of the Steward CA certificate chain, becomes a token for third parties to ensure that an application secured with Enarx really is secured.

Source: EuroProofNet 2024 Working Group 3

Link: https://europroofnet.github.io/wg3-dresden24/

PDF: Enarx_Steward_Attestation_EuroProofNet24.pdf

Jen Wike Huger

Title: Modern Community Management: A lesson through acronym
Author: Jen Wike Huger
Date: November 2, 2022

Learning how to start and run open source community programs starts with m-a-i-n-t-a-i-n-e-r-s. In this talk, find out what each letter in this acronym means for you, whether you’re interested in the field, just getting started in your new role, or a season community manager looking for some new tips!

Source: All Things Open 2022

Link: https://2022.allthingsopen.org/sessions/2-for-1-the-secret-to-sustainable-open-source-create-your-open-source-project/

Nathaniel McCallum

Title: Unlocking the Cloud with Confidential Computing
Author: Nathaniel McCallum
Date: November 1, 2022

CPUs (and even GPUs) which support Confidential Computing are rapidly making inroads into the Cloud, unlocking the Cloud to organizations from sectors like healthcare and finance, who require greater assurances that their sensitive code and data are protected, and who have so far been unable to benefit from the Cloud’s many advantages.

In this session, we’ll define Confidential Computing, explain how process-based and VM-based TEEs (Trusted Execution Environments) differ, describe the importance of attestation, and explore existing and upcoming CPUs (and GPUs) that support Confidential Computing: from Intel’s SGX2 and TDX, AMD’s SEV-SNP, IBM’s PEF, Arm’s Realms, RISC-V’s Sanctum, to NVIDIA’s A100.

We’ll use Enarx, an open source project which is part of the Linux Foundation, to illustrate how Confidential Computing works, and we’ll showcase some examples to demonstrate why Confidential Computing is key to unlocking the Cloud’s true potential.

Source: All Things Open 2022

Link: https://2022.allthingsopen.org/sessions/unlocking-the-cloud-with-confidential-computing/

Jarkko Sakkinen

Title: State of Intel SGX in Linux
Author: Jarkko Sakkinen
Date: September 16, 2022

We go through the current state of the Intel SGX support in the Linux kernel and userland. The topics covered include the kernel interface and its features, and available confidential computing run-times supporting SGX. Since getting into the mainline kernel late 2020, the SGX software ecosystem has started to get mature enough for production, and is the only cloud-scale confidential computing technology fully in the mainline kernel so far.

Source: Linux Security Summit Europe 2022

Link: https://lsseu2022.sched.com/event/18f5s/state-of-intel-sgx-in-linux-jarkko-sakkinen-profian-inc

Mike Bursell

Title: Confidential Computing and Privacy-Enhancing Technologies - The Landscape
Author: Mike Bursell
Date: September 13, 2022

“If the cloud is just somebody else’s computer, then how can I trust my sensitive apps and data to it?” This question – which inhibits adoption of public cloud computing for many organizations in security-sensitive or highly regulated industries – finally has some answers, provided by a variety of technologies. This session covers the (TLA-laden) landscape of key technologies, from FHE (Fully Homomorphic Technologies) to TEEs (Trusted Execution Environments, the basis for Confidential Computing), and beyond. We will compare the various approaches, the underlying technologies, and the properties that they can offer to organizations working out how to manage the risks associated with deploying to the cloud, the Edge and beyond. We will also look at why open source is playing such an important role in some of the projects embracing these technologies, including a demo of a sensitive application using the Enarx project, an open source project which is part of the Confidential Computing Consortium (Linux Foundation). This talk does not require deep technical knowledge, though it will lead pointers. Nor will it try to paint any technology as “the answer”, but will provide some guidelines about which approaches may be best suited to your organization’s environment and requirements.

Source: Open Source Summit Europe 2022

Link: https://osseu2022.sched.com/event/15z7a/confidential-computing-and-privacy-enhancing-technologies-the-landscape-mike-bursell-profian

Richard Zak
Nick Vidal
Tom Dohrmann

Title: Cryptle: a secure multi-party Wordle clone with Enarx
Author: Richard Zak, Nick Vidal, Tom Dohrmann
Date: August 13, 2022

Wordle is a popular web-based game, where a single player has to guess a five-letter word in six attempts, with yellow/green colored titles shown as hints in each round, indicating letters that match with the secret word.

We’ve created an open source clone of Wordle called Cryptle, with the goal of demonstrating data encryption in use, where the processing of the data is done in a Trusted Execution Environment (TEE), and only accessible to the Cryptle application. Cryptle is similar to Wordle but one important difference is that it is multi-party and the secret words are suggested by the players themselves. Each player proposes words that are most likely to match those sent by others. The words are sent to the Cryptle application deployed and running in an Enarx Keep (a specific TEE instance) and are only revealed to the players when there’s a match between the secret words.

The standard way to engage with the game is for players to guess the secret words by playing Cryptle from the client side. However, we will also be allowing an alternative: players may write an open source application which runs with root privileges on the host side and attempts to derive or otherwise guess the secret words. Since Cryptle makes use of Confidential Computing, players shouldn't be able to read what's in memory, even with root access. We'll provide an overview of an exploit of Enarx and we'll explain how we were able to fix it. Attendees will be invited to find new vulnerabilities as part of the Cryptle Hack Challenge.

Source: DEF CON 30

Link: https://defcon.org

PDF: DEFCON30_Cryptle.pdf

Richard Zak
Nick Vidal

Title: Owned or pwned? No peekin' or tweakin'!
Author: Richard Zak, Nick Vidal
Date: August 12, 2022

The Cloud is just somebody else's computer. So when you run a workload on a cloud host, anyone who owns (or pwns) that system can peek or tweak the data or even the application itself. You have no confidentiality or integrity protection from your Cloud Service Provider, rogue sysadmins, or just anyone who compromises their machines.

But being pwned does not necessarily mean it’s endgame. Confidential Computing uses hardware-based Trusted Execution Environments to provide confidentiality and integrity even in the most vulnerable scenarios.

This session will define Confidential Computing at a technical level and discuss current and upcoming hardware that have support for it. Later, we’ll introduce Enarx, an open source Linux Foundation project, and present a live demo to showcase Confidential Computing in a system that has been “pwned.”

Source: DEF CON 30

Link: https://defcon.org

PDF: DEFCON30 Owned or pwned.pdf

Nathaniel McCallum

The Southern California Linux Expo (SCaLE) is an annual open source conference held in Los Angeles, California, since 2002.

Last weekend, Enarx co-founder Nathaniel McCallum gave two talks at SCaLE:

  • Confidential Computing: why it HAS to be open source
  • Wyrcan: the Container Bootloader Saga

Source: Enarx's Blog

Link: https://blog.enarx.dev/enarx-at-scale/