Secure Container with SGX: Protecting Secret in Cloud Environment - Isaku Yamahata, Intel & Xiaoning Li, Alibaba

less than 1 minute read

Abstract

In cloud computing container is widely adapted, but its isolation is weak. It’s important to protect secrets even from cloud service provider. Software Guard Extention(SGX) provides Trusted Execution Environment(TEE) where only Intel and SGX implementation is trusted with untrusted OS/VMM/BIOS. It requires to modify applications which is sometimes difficult for various reasons. Ideally unmodified user binary can run in SGX enclave. In this talk, Library OS to allow unmodified binary to run within SGX TEE is introduced. It hooks system call by replacing shared library. Go is most popular language for cloud native applications with uniqueness to use static link. We enhanced Graphene LibOS to support golang binary and hardened it for production use. We will share our experience to add golang support to Graphene-SGX LibOS and our future plan.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Secure Container with SGX: Protecting Secret in Cloud Environment - Isaku Yamahata, Intel & Xiaoning Li, Alibaba

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google