FOSDEM - 2022-02-05

[nickvidal]

Info:

• FOSDEM
• Dates: 2022-02-05 - 2022-02-06
• Location: Online
• https://fosdem.org/2022/

CFP:

• 2021-11-15: deadline for developer room proposals
• 2021-11-20: accepted developer rooms announced
• 2021-11-30: developer rooms issue Calls for Participation
• 2021-12-31: developer rooms publish complete schedules

Link: https://fosdem.org/2022/news/2021-11-02-devroom-cfp/

[jovanbulck]

Dear Enarx community,

I was looking for a way to let you know about our upcoming TEE devroom at FOSDEM22 and stumbled across this issue, so replying here for you to consider: you're warmly invited to submit Enarx-related talk proposals to the devroom!

Submission deadline: December 24

CFP: https://falder.org/fosdem22-cfp

[nickvidal]

Hi @jovanbulck, we are definitely going to participate! Thank you for sharing the link!

[nickvidal]

Title:

WebAssembly + Confidential Computing Enarx first release brings WebAssembly to Confidential Computing

Abstract:

The Enarx project reached a huge milestone: its first official release, featuring WebAssembly runtime. WebAssembly and Confidential Computing are a great match because WebAssembly offers developers a wide range of language choices, it works across silicon architectures, and it provides a sandboxed environment. This presentation will highlight the benefits of WebAssembly to Confidential Computing and showcase some demos.

Full Abstract:

After 3 years since its inception, the Enarx project finally had its first official release, bringing WebAssembly to Confidential Computing.

Enarx is a deployment framework for running applications in TEE instances – which we refer to as “Keeps” – without the need to trust lots of dependencies, without the need to rewrite the application, and without the need to implement attestation separately.

The WebAssembly runtime, based on wasmtime, offers developers a wide range of language choices for implementation, including Rust, C, and C++. It is designed to work across silicon architectures transparently to the user so that the application can run equally simple on Intel platforms (SGX or the recently-announced TDX), AMD platforms (SEV) or forthcoming platforms such as Arms’ Realms and IBM’s PEF - all without having to recompile the application code. WebAssembly's sandbox model offers an extra layer of protection, isolating the application from the host.

[nickvidal]

Title:

Logging, debugging and error management in Confidential Computing Challenges around maintaining confidentiality and integrity when logging

Abstract:

Debugging applications is an important part of the development process. However, error messages and general logging can leak sensitive data, and in some cases even compromise your whole stack, as developers worldwide have recently learned from the log4j vulnerability.

With Confidential Computing, the world gets much more complicated, as every piece of information that a malicious entity on the host (including the host itself!) can gather may be leaking vital information about your workload. This talk details some of the problems that arise, and discusses some options to address them whilst considering real life workloads and application lifecycles.

Full Abstract:

Log entries and other error messages can be very useful, but they can also provide information to other parties - sometimes information which you’d prefer they didn’t have. This is particularly true when you are thinking about Confidential Computing: running applications or workloads in environments where you really want to protect the confidentiality and integrity of your application and its data.

This talk examines some of the issues that we need to consider when designing Confidential Computing frameworks, the applications we run in them, and their operations. Designers and architects of the TEE infrastructure and even, to a lesser extent, of potential workloads themselves, need to consider very carefully the impact of host gaining access to messages associated with the workload and the infrastructure components. It is, realistically, infeasible to restrict all communication to levels appropriate for deployment, so it is recommended that various profiles are created which can be applied to different stages of a deployment, and whose use is carefully monitored, logged (!) and controlled by process.

[nickvidal]

These 2 sessions were accepted:

• Logging, debugging and error management in Confidential Computing - Mike
• WebAssembly + Confidential Computing - Nick

[nickvidal]

Videos are up:

Logging, debugging and error management in Confidential Computing - Mike https://fosdem.org/2022/schedule/event/tee_logging/

WebAssembly + Confidential Computing - Nick https://fosdem.org/2022/schedule/event/tee_enarx/