We need a Let’s Encrypt movement for Confidential Computing
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 542 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/61699 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
00:00
World Wide Web ConsortiumBitField (computer science)Right angleOpen sourceMereologyNeuroinformatikData managementProjective planeComputer animation
00:34
Quantum stateCoprocessorEncryptionComputer networkData integrityCodeAuthorizationInformation securityIntegrated development environmentComputer hardwareTelecommunicationService (economics)Hard disk driveData integritySemiconductor memoryBefehlsprozessorControl flowRootMereologyPhysical systemCodeNeuroinformatikGroup actionWordCASE <Informatik>Projective planePoint cloudRegulator geneInformation securityServer (computing)INTEGRALQuantum stateSoftware developerLaptopType theoryCartesian coordinate systemWeb browserEncryptionSensitivity analysisService (economics)TelecommunicationExploit (computer security)Computer animation
05:46
TelecommunicationService (economics)CollaborationismComputer hardwarePoint cloudSoftware developerSoftwareCanonical ensembleSelf-organizationWebsitePublic key certificateEncryptionTransport Layer SecurityInformation securityInternetworkingGoogle ChromeFacebookImplementationClient (computing)Data managementIntegrated development environmentCommunications protocolServer (computing)Sensitivity analysisFreewareNeuroinformatikMereologyCloud computingGroup actionDefault (computer science)Public key certificateSoftware developerProcess (computing)Open sourceComputer hardwareOpen setCartesian coordinate systemProjective planeWeb 2.0SoftwareCommunications protocolServer (computing)Internet service providerArmVideoconferencingPoint cloudVector potentialTerm (mathematics)Information securityEncryptionRootGame theoryMultiplication signVulnerability (computing)BlogPhysical system
10:56
EncryptionSoftwareCommunications protocolClient (computing)ImplementationData managementIntegrated development environmentPublic key certificateServer (computing)EncryptionDefault (computer science)Web 2.0Projective planePublic key certificateContrast (vision)Computer animation
11:50
EncryptionPoint cloudService (economics)Computer hardwareSoftwareSource codeLattice (order)Computer hardwareContext awarenessInternet service providerBitRight angleCloud computingOpen sourceNeuroinformatikSoftwareArmTerm (mathematics)Software developerCartesian coordinate systemMereologyDefault (computer science)Projective planeComplex (psychology)Endliche ModelltheorieServer (computing)Touch typingEmailLattice (order)Multiplication signEncryption
17:40
Physical lawMereologyComputer animation
18:22
Group actionComputer animation
18:40
Program flowchart
Transcript: English(auto-generated)
00:05
first session and I wanted to give you like Explain a bit more give an overview of the fields rights for those learning So I'm Nick Vidal part of the anarx Community manager and anarx. It's part of the confidential computing consortium. It's an open source project
00:25
I'm also serving as the chair of the outreach committee from the confidential computing consortium, and it's a pleasure to be here So let's start out with Talking about the states of data protection. This is very basic. I mean
00:41
Everybody knows about protecting arrests protecting data arrests protecting data in transit But now protecting in use this is something that it's relatively new So what exactly is protecting data arrests when you have your hard drive encrypted? So your laptop you're traveling you get lost
01:04
that data is safe as long as your your hard drive is encrypted and Nobody can get in there in transit when you open up your browser and you just type HTTPS and you access some website the data that's flowing between your browser and the server
01:23
if that's using HTTPS that's encrypted and Nobody can tamper into that data That's secure. However, there's a third way that the data can also be Accessible and that's directly on the CPU
01:42
This is something that people Most mostly are not aware of developers even security Professionals and they they are not aware that When you have Some type of application or data running at the CPU in memory if for some reason that system is compromised
02:07
Somebody can get access to that data Let's suppose that there is an exploits somebody gains roots access they'll be able to see what's in the in memory and And confidential computing allows you to encrypt data while in use while in the CPU
02:27
Even if somebody breaks down, even if somebody Gains access roots access to their system They won't have access to that data because it's just like the hard drive example
02:40
It's just like the the data in transit example. So The Confidential computing protects data and the codes both Confidentiality and integrity so confidentiality means you can not actually read what
03:02
the data and Integrity you cannot mess up the temper with that data or with that codes. So for confidential computing to To have to achieve confidential computing You have to at least provides data confidentiality
03:21
Data integrity and codes integrity. How about the codes? As part of the confidential computing consortium's definition of confidential computing That's not necessary. But some projects like the Enerx projects. We provide that all those protections
03:45
So this is the definition the official definition by the confidential computing consortium Confidential computing protects data in use by performing computation in a hardware-based attested trust
04:19
Managed sensitive and regulated data. I wanted to read that
04:24
Because the CCC worked to a whole bunch of group of people work together during one year To define this definition and Another year to add one word attested. So I wanted to read very clearly to make this definition
04:43
So I wouldn't make a mistake, right? I Don't want to memorize them and forget something so What's confidential computing? What's the case study? Where can it be used? Actually, it has many uses right now We have some very some sectors that are very much regulated. They have a lot of sensitive data and
05:07
In fact, they cannot use the clouds as of today They simply can't the policies won't allow them to benefit from the clouds So we have for example banking financial services insurance. Of course, they have a lot of sensitive financial data
05:27
We also have health care there are there's the HIPAA for example in the u.s. It's a regulation regarding health care We have telecom edge IOT
05:41
Governments a whole bunch of sectors that currently do not use the clouds because they can't Because they have a lot of sensitive data because it's very much regulated by government's policies so confidential computing Will open the clouds the IOT the edge
06:03
should these sectors they have a lot of sensitive data and that's That's the huge potential of this technology If we can open up this the clouds Should these sectors you grow a lot. That's why one of the reasons why cloud service providers are
06:24
Currently this year and this past year they have they have offered confidential computing and this is going to grow immensely So I talked about the company confidential computing consortium We are part of the Linux Foundation
06:42
We so we bring together hardware vendors like Intel AMD arm and video cloud service providers like Azure Google clouds And so many others startups as well and software developers
07:02
We have a whole bunch of members here as you can see all the major players are betting on this because in some ways this is the future of the cloud in terms of security and We have currently we have seven open source projects
07:22
We invite as many open source projects if you are working with competition computing and you have a nice project We welcome you to the CCC. So I work at the an arts, but we have Grammy and we have Veracruz Veracruz own a lot of very great technology here, which is fully open source
07:45
Now let's step back and look at the let's encrypt movement, okay Not many people are aware of Confidential computing and its importance of protecting data while in use
08:01
If we go back 10-15 years ago That was the same challenge that we had regarding protecting data in transits People were like, hey, I'm not an e-commerce. I'm not like a bank or why should I use HTTPS, right? We kind of left right now, hey
08:22
HTTPS is just the default, right? It's very easy why we shouldn't have this as the default Everyone from whatever you have your own blog It doesn't have any sensitive data, but even so you're going to use HTTPS because it's easy It's convenient and it's just more secure
08:41
This same mindset is what we need and what we need to change For people to start Really thinking about data in use of protecting data in use and it will make everything so much secure it doesn't matter if your system gets hacked if
09:03
Everyone has access, roots access to it, even so it's not a game over Your data is still secure. We hear in the news all the time about all the vulnerabilities and This could have been prevented by using confidential computing. So land secrets, it was
09:28
Started in 2012 by four people, two from Mozilla One from the Electronic Frontier Foundation and from the University of Michigan It's world's largest
09:41
certificate authority, it provides free TLS encryption and The goal is to really make the web safer using HTTPS They have a lot of sponsors and partners As I mentioned, they're part of the Linux Foundation, the Linux Foundation helps them, is a partner
10:01
Also the Mozilla Foundation, EFF There's a whole group of people that see the importance of having HTTPS by default today and What makes it possible is that they have developed software that's very easy to use That makes it
10:21
just It's a very easy process to enable HTTPS so they have the ACMA protocol and They have those who have provided Open up Searchbots, you know what that is? That's the Python application that
10:43
creates a certificate, right? And on the server side they have Boulder and these technologies, this software and this protocol, they make it really easy to achieve HTTPS by default
11:00
so I'm not sure if you can see really well here. The contrast is not really good, but you can see the growth here So this is the... Yeah, so this is the start of the project I believe, I can't see actually see the years here, but
11:24
But as you can see it's growing, right? It has grown a lot Especially here. I'm not sure what happened here, but This is the how much, how many certificates they have given, right?
11:42
Yeah, and so it's very successful. Let's Encrypt is one of the most successful achievements to help secure the web And how did they accomplish this? What can the confidential computing community learn from the Let's Encrypt movements? So here are some key ideas
12:05
That I thought about, but you can also explore this and this can be an open discussion as well. So first of all Bring, make a campaign that bring this awareness around the importance of encrypting data while in use
12:23
The same way that Let's Encrypt did this for data in transits For us, HTTPS is just the default way. We can't think of any other way of doing this Why would we use HTTP only, right? Even for a blog or whatever. It just makes sense
12:45
So adoption by TEs, by cloud service providers This is happening right now So all the major cloud service providers are really making this available Generally available, and they should, they're a bit expensive right now, but they should become
13:03
More affordable in the future Of course all the hardware developers, they have made the technologies available So Intel, Arm, Arm is still going to release this But you have AMD as well. They have invested a lot
13:22
Sometimes even a decade, right, in terms of Intel as X We have to develop software that makes it really easy to deploy confidential computing So one of the projects is Anarcs We make it really easy We use WebAssembly to allow developers to deploy applications, and it's really nice if you want to check that out
13:47
We have to abstract the complexities. Complex computing is really complex. You have to know about encryption You have to learn about attestation About the different models that exist
14:01
to achieve confidential computing and The software has to abstract all those complexities if you want to gain a market share, right? It has to be CSP neutral. It has to be hardware neutral preferably the developer
14:21
Doesn't have to know if his application is going to run on AMD or Intel or whatever. It just should work He's going to deploy this application and confidential computing will just Everything will be encrypted And he doesn't have to care about attestation or whatever. It just works. Just like Let's Encrypt
14:44
Promotes open source software. I believe open source plays a very important role here and the confidential computing consortium Has this as part of its mission to promote open source software. That's why we adopted Setting open source projects here. We have to make it affordable and
15:02
Right now it's very niche But we have to see that maybe in five years This is just going to be the default way, right? And maybe eventually it might even be free So we want to commoditize confidential computing at some point, right? To make this a reality by default
15:24
And so with that I would like to thank you for hearing me You can get in touch with us at the confidential computing consortium Using this email and I invite you to join our tech meetings It happens every every other week and also our outreach
15:43
meetings If you if you want to really learn or share your ideas your technical ideas I recommend joining the tech committee and Outreach if you want to expand this idea and and promote it. So thank you very much and that's it
16:11
Do we have some time for questions?
16:30
I have the feeling that the infrastructure was already there. It was just a problem of it was too complicated And with confidential computing as a developer, I don't really even know where to start like the infrastructure is coming
16:44
The CSP is there really adopting competition computing We have heard some announcements especially last year of making this technology generally available But really the the prices need to drop in even you must make it really easy for people to adapt
17:07
It's a most confidential computing it's mostly targeted for the server side or the edge or IOT There are some the Intel SGX for the PC or for the laptop
17:25
In fact, they were kind of degraded Intel is not supporting this anymore Yeah, you're right
18:01
Decided on Yeah, so attestation was not part of the first definition The reason why is because attestation is really complex and maybe it wasn't given as much importance as before but once
18:21
attestation became a really big discussion after And in fact, they created a special interest group around attestation and that's when they decided to