INTEL CONFIDENTIAL Metodología de programación paralela Intel Software College.
SCONE Confidential Computing - Intel
Transcript of SCONE Confidential Computing - Intel
![Page 1: SCONE Confidential Computing - Intel](https://reader031.fdocuments.in/reader031/viewer/2022021823/620eb7dc08da2375df52db39/html5/thumbnails/1.jpg)
SCONE Confidential Computing
Contact [email protected]
Products https://sconedocs.github.io https://scontain.com
![Page 2: SCONE Confidential Computing - Intel](https://reader031.fdocuments.in/reader031/viewer/2022021823/620eb7dc08da2375df52db39/html5/thumbnails/2.jpg)
SCONE Platform 2
Overview
SCONE Platform for Confidential Computing
1. Binary Runtime Encryption of applications: execute existing applications inside of SGX enclaves
2. Compiler-based Runtime Encryption of applications: SCONE supports to cross-compile applications to maximize safety and performance
3. Secrets management - provide an application with • assurance that services satisfy their security policies
• attests code, files, platform, … • provision services with secrets guided by security policies
Encryption at run-time, at rest, and in transit of data, code and keys.
![Page 3: SCONE Confidential Computing - Intel](https://reader031.fdocuments.in/reader031/viewer/2022021823/620eb7dc08da2375df52db39/html5/thumbnails/3.jpg)
[email protected] // SCONE Platform 3
Overview
Binary Runtime Encryption
• Binary Runtime Encryption of applications: • execute existing applications inside of SGX enclaves
• Alpine containers: • SCONE supports musl-based applications
• Ubuntu (native, containers): • SCONE supports glibc-based applications
• Shields: filesystem encryption, network encryption, …
![Page 4: SCONE Confidential Computing - Intel](https://reader031.fdocuments.in/reader031/viewer/2022021823/620eb7dc08da2375df52db39/html5/thumbnails/4.jpg)
[email protected] // SCONE Platform 4
SCONE & Kubernetes
Confidential Cloud-Native Applications
• helm-based deployment of confidential applications on Managed Confidential Kubernetes
• Install confidential apps like native apps with Kubernetes helm
• Supports standard management applications and Kubernetes dashboards
• Supports many standard programming languages for confidential apps: Python, Java, JavaScript, Go, C#, C++, C, Rust, Lua, R, Erlang, Fortran, …
• Simple integration in cloud-native development process
![Page 5: SCONE Confidential Computing - Intel](https://reader031.fdocuments.in/reader031/viewer/2022021823/620eb7dc08da2375df52db39/html5/thumbnails/5.jpg)
[email protected] // SCONE Platform
1. Confidential Machine Learning TensorFlow, TensorFlow Lite, PyTorch, OpenVino, …
2. Confidential Managed Databases Single instances, replicated, or horizontal scaling across cluster. MariaDB, MongDB, Redis, SQLite, MySQL, Cassandra, ScyllabDB, …
3. Confidential Standard Services Standard services like nginx, apache, memcached, squid, mongoDB, LDAP, … available as confidential application installed via helm
4. Multi-Party Service Policy-support for establishing trusted between entities like Federated Machine Learning
SconeApps:
Simple Confidential Application Deployment
![Page 6: SCONE Confidential Computing - Intel](https://reader031.fdocuments.in/reader031/viewer/2022021823/620eb7dc08da2375df52db39/html5/thumbnails/6.jpg)
SCONE
Key Management
Problem Key Management - How to provide code with secrets without knowing any secrets yet? - No change of App required
SCONE Platform 6
![Page 7: SCONE Confidential Computing - Intel](https://reader031.fdocuments.in/reader031/viewer/2022021823/620eb7dc08da2375df52db39/html5/thumbnails/7.jpg)
SCONE Platform 7
SCONE
Configuration and Attestation Service
Approach Attestation & Key Management The key to get access to keys is the code itself
![Page 8: SCONE Confidential Computing - Intel](https://reader031.fdocuments.in/reader031/viewer/2022021823/620eb7dc08da2375df52db39/html5/thumbnails/8.jpg)
SCONE Platform 8
SCONE
Confidential Peer-to-Peer Apps
Problem Mutual Attestation
How to can we establish trust between peers (managed by different CASes)?
![Page 9: SCONE Confidential Computing - Intel](https://reader031.fdocuments.in/reader031/viewer/2022021823/620eb7dc08da2375df52db39/html5/thumbnails/9.jpg)
SCONE Platform 9
SCONE
Configuration and Attestation Service
Approach Mutual attestation via CAS Secure exchange of TLS (CA) certificates
![Page 10: SCONE Confidential Computing - Intel](https://reader031.fdocuments.in/reader031/viewer/2022021823/620eb7dc08da2375df52db39/html5/thumbnails/10.jpg)
SCONE Platform 10
SCONE
Roadmap: Integration of Graphene-SGX with CAS
Approach Attestation & Key Management supporting other frameworks
![Page 11: SCONE Confidential Computing - Intel](https://reader031.fdocuments.in/reader031/viewer/2022021823/620eb7dc08da2375df52db39/html5/thumbnails/11.jpg)
SCONE Platform
GRAPHENE -SGX
11
SGX-LKL
native SCONE
TEEMon: Monitoring
REDIS Performance
![Page 12: SCONE Confidential Computing - Intel](https://reader031.fdocuments.in/reader031/viewer/2022021823/620eb7dc08da2375df52db39/html5/thumbnails/12.jpg)
SCONE Platform 12
connection105M
78M
TEEMon:
REDIS Page Faults Per Node