confidential-computing / governance

Confidential Computing Consortium Governance Documents
69 stars 30 forks source link

2022 Google Summer of Code #86

Closed brianwarner closed 2 years ago

brianwarner commented 2 years ago

We received an email a few days ago that the GSoC application period for open source projects will be Feb 7 - Feb 21.

If this is something we want to participate in as the CCC, we'll need to assemble the following:

This year projects can be for 175 hours or 350 hours. This corresponds roughly to five or nine weeks, plus a three week bonding period between student acceptance and the beginning of the work.

I'd like to recommend the following process. Please add any ideas or indicate willingness to be a mentor in comments on this thread prior to February 7. If we have enough ideas (per Google, at least four) and paired mentors on February 7th to form a viable application, I will assemble the suggestions into an ideas page and submit the application prior to the program deadline.

Here are some reference documents regarding GSoC:

Finally, if projects in the CCC community want to apply to GSoC directly, this is of course wonderful and encouraged, especially if they have an internal process for matching ideas with mentors. The intent of this particular thread is to organize interest from any projects that don't plan to apply on their own and would like to use Consortium resources to help coordinate this process.

Ideas

If you have a project idea, here's a template with the questions we'll need to answer on the application:

### Project title/description

### More detailed description of the project (2-5 sentences)

### Expected outcomes

### Skills required/preferred

### Possible mentors 

### Expected size of project (175 or 350 hour)

### Difficulty (easy, medium, hard)

Mentoring

If you're willing to be a lead mentor or co-mentor for an idea someone else proposed, please add a comment to this thread and link to the idea you'd like to help with.

If you do volunteer, please ensure you can provide whatever level of mentorship you've offered should the idea be funded. This is to ensure we can meet our commitments to the students and to the program.

If you have any questions, please ask!

nickvidal commented 2 years ago

Hi @brianwarner, thank you very much for bringing this up! I would very much like to see all/most CCC projects involved with GSoC and other mentorship programs. I believe they'll help us to promote Confidential Computing and grow a healthy community!

Much like Outreachy, we are hoping to apply to GSoC as a Consortium if there's enough interest (instead of just Enarx alone):

https://github.com/enarx/outreach/issues/15

I'm also in touch with the leadership behind LFX Tools, who has been very supportive. I believe all CCC projects can benefit from LFX tools like Mentorship and Insights.

We just released a Fellowship Guide, which I tried to keep as generic as possible so that other CCC projects could use as a baseline:

https://enarx.dev/docs/Fellowship/Introduction

Some relevant blog posts are available here:

https://blog.enarx.dev/confidential-computing-fellowship/

https://blog.enarx.dev/welcome-outreachy-interns/

https://blog.enarx.dev/lfx-mentorship/

I'll be speaking more about this with @stephenrwalli next week.

@dthaler was also kind enough to add this topic as part of the TAC Tech Talk (just confirmed for the 10th of February).

Hopefully the CCC can establish a mentorship program as mature as CNCF's, which should serve as an inspiration:

https://github.com/cncf/mentoring

Please count on me to move this forward!

ankitaggarwal23 commented 2 years ago

@brianwarner @nickvidal I would like to contribute to your organization. Also, I have seen you are going to take part in GSOC, LFX Mentorship would like to join that program too. Is there any community channel?

Hoping to hear from you soon!

dreemkiller commented 2 years ago

Project title/description

Attested SSH

More detailed description of the project (2-5 sentences)

With the move within the industry to blind hypervisors, there is going to be a trend where cloud providers provision customer provided VM images into realms. However, how can the customer be sure that the VM they are communicating with (typically via SSH, at least to start) is inside a realm and the image they provided? This proposal will integrate an attestation flow into the SSH protocol, to assure users of these facts. As a first step, this should be done with AWS Nitro enclaves (as this is likely the easiest), but can be extended to other technologies, such as AMD SEV, Intel SGX, or Arm CCA. Ideally, the solution will utilize the Proxy Attestation infrastructure from the Veracruz project.

Expected outcomes

Users should have the option of transparently SSHing into protected VMs and automatically be assured that it is protected and is their image. It should be as easy as SSH is today, to encourage client take-up.

  1. Platform-specific details must be transparent to the user of the SSH client
  2. Details in addition to the typical SSH workflow should be as minimal as possible (I see no way to prevent the user from having to provide a hash of the VM image, however)
  3. It should be possible, but not required, to perform attestation on each SSH connection. Caching of attestation data, or even saving the enclave public key, may be beneficial.

The usability of the SSH connection should be the same as one without attestation.

Skills required/preferred

Difficulty (easy, medium, hard)

medium

brianwarner commented 2 years ago

Unfortunately we received notice yesterday that our projects weren't accepted this year. Thank you mentors for offering to be a part of this!

Separately, @nickvidal notes that CCC has been accepted for Outreachy (thanks for coordinating this, Nick). We can handle that in a separate discussion. I'll close this issue for now.

thomas-fossati commented 2 years ago

Unfortunately we received notice yesterday that our projects weren't accepted this year. Thank you mentors for offering to be a part of this!

hi Brian, quick question: was the reject reason communicated in some way?

nickvidal commented 2 years ago

Hi @thomas-fossati, this is the message that we got:

Thank you for applying to be a Google Summer of Code 2022 mentor organization. Sadly, we were unable to accept Confidential Computing Consortium this year. We had many more applications than available slots. We hope you will apply again in the future!

This is the official blog post from GSoC:

https://opensource.googleblog.com/2022/03/Google-Summer-of-Code-2022-mentoring-orgs-revealed.html

After reviewing over 350 mentoring organization applications, we are excited to announce that 203 open source projects have been selected for Google Summer of Code (GSoC) 2022. This year we are welcoming 32 new organizations to mentor GSoC contributors.

The first time an organization is approved for GSoC, it can select 2 interns maximum. Ideally we want to achieve a state where every CCC project can receive 1 intern.

I hope we can try again next year.

But we have been accepted for Outreachy and the good news is that in this case we can have up to 6 interns overall.

I'm glad to see that Arm has some mentors available. I've been able to speak with folks from Veracruz about this.

Let's schedule a call to move this forward.