with Enarx Trusting untrusted systems
Transcript of with Enarx Trusting untrusted systems
Towards a Safe and Secure Smart World
Trusting untrusted systems with Enarx
Mike BursellOffice of the CTO, Red Hat
axel simonOffice of the CTO, Red Hat
https://enarx.io
The Problem
The Need for Confidentiality and Integrity● IoT● Smart transport● Smart energy● Edge
● Routers● Pumping stations● Wind farms● Bus stops● Pico-cells● Drones● Smart meters
Virtualization Stack
Container Stack
https://xkcd.com/2166/
ConfidentialComputingConsortium
Confidential Computing Consortium
Linux Foundation project
Premier members
Confidential Computing Consortium
Linux Foundation project
Premier members
General members
Enarx: the Plan
Enarx: the Principles
Don’t trust the hostDon’t trust the host ownerDon’t trust the host operatorAll hardware cryptographically verifiedAll software audited and cryptographically verified
Trusted Execution Environments
TEE
TEE is a protected area within the host, for execution of sensitive workloads
Host
TEE provides:● Memory Confidentiality● Integrity Protection● General compute● HWRNG
Trusted Execution Environments
TEE
TEE is a protected area within the host, for execution of sensitive workloads
Host
How does Enarx use a TEE?
14
Enarx Keep
App + runtime
Host
Open hybrid cloud and Enarx
15
Enarx
Step 1: on premises
TrustedSemi-trustedUntrusted
Internal Internet
Internal dev
Step 1: on premises
TrustedSemi-trustedUntrusted
Internal Internet
Internal dev
Owned host
Step 2: private cloud
Orchestrator
Image repository
TrustedSemi-trustedUntrusted
Internal Internet
Internal dev
Owned host
Workload
Step 2: private cloud
Orchestrator
Workload
Workload
Image repository
TrustedSemi-trustedUntrusted
Internal Internet
Internal dev
Owned host
Workload
Step 2: private cloud
Orchestrator
Workload
Workload
Image repository CheckVendor Image
repository
TrustedSemi-trustedUntrusted
Internal Internet
Internal dev
Owned host
Workload
Step 3: public cloud
Orchestrator
Workload
Workload
Image repositoryVendor Image
repository
TrustedSemi-trustedUntrusted
Internal Internet
Internal dev
CSP host
Workload
Step 4: hybrid cloud
Workload
Workload
Image repositoryVendor Image
repository
TrustedSemi-trustedUntrusted
Internal Internet
Internal dev Orchestrator
Check
Workload
Workload
Workload
CSP hostOwned host
Workload
Step 5: hybrid multicloud
Workload
Workload
Image repositoryVendor Image
repository
TrustedSemi-trustedUntrusted
Internal Internet
Internal dev Orchestrator
Check
Workload
Workload
Workload
Workload
Workload
Workload
CSP host
CSP host
Owned host
How does Enarx fit here?
24
Enarx Keep
App + runtime
Untrusted host
Workload
Step 6: Enarx hybrid multicloud
Workload
Workload
Image repositoryVendor Image
repository
TrustedSemi-trustedUntrusted
Internal Internet
Internal dev Orchestrator
Check
Workload
Workload
Workload
Workload
Workload
Workload
CSP host
CSP host
Owned host
Enarx Keep
New options for workloads with Enarx
Mix and match for different workload types & Enarx
Image repositoryVendor Image
repository
TrustedSemi-trustedUntrusted
Internal Internet
Internal dev Orchestrator
Check
Sensitive workload
CSP host
Owned host ? CSP host
Mix and match for different workload types & Enarx
Image repositoryVendor Image
repository
Internal Internet
Internal dev Orchestrator
Check
CSP host
Owned host
Sensitive workload
CSP host
TrustedSemi-trustedUntrusted
Mix and match for different workload types & Enarx
Image repositoryVendor Image
repository
Internal Internet
Internal dev Orchestrator
Check
CSP host
Owned host
Sensitive workload
Sensitive workload
CSP host
TrustedSemi-trustedUntrusted
Enarx Keep
Standard workload
Mix and match for different workload types & Enarx
Sensitive workload
Image repositoryVendor Image
repository
Internal Internet
Internal dev Orchestrator
Check
Sensitive workload
CSP host
Owned host ? CSP host
TrustedSemi-trustedUntrusted
Enarx Keep
Standard workload
Mix and match for different workload types & Enarx
Sensitive workload
Standard workload
Image repositoryVendor Image
repository
Internal Internet
Internal dev Orchestrator
Check
WorkloadSensitive workload
CSP host
Owned host CSP host
TrustedSemi-trustedUntrusted
Enarx Keep
On which technology do I build my application?
Introducing Enarx
Enarx is a Development Deployment Framework
Choose Your Language / Tools
Compile to WebAssembly
Develop Application
Choose Host
Instance Configuration
Enarx is a Development Deployment Framework(Example components)
Choose Your Language / Tools
Compile to WebAssembly
Develop Application
Choose Host
Instance Configuration
Dev tooling
IBM Cloud, Azure, AWS, ...Openshift
Enarx Project Principles
1. We don’t trust the host owner2. We don’t trust the host software3. We don’t trust the host users4. We don’t trust the host hardware
a. … with the exception of CPU + firmware
Enarx Design Principles
1. Minimal Trusted Computing Base2. Minimum trust relationships3. Deployment-time portability4. Network stack outside TCB5. Security at rest, in transit and in use6. Auditability 7. Open source8. Open standards 9. Memory safety
10. No backdoors
38
Enarx architectural componentsHost Client
Enarx runtime
Enarx host agent
Enarx client agent
Keep
39
Enarx architectural components
Enarx runtime
Enarx host agent
Enarx client agent
Enarx Keep - trustedMeasured and attestedWebAssembly+WASI runtimeInside a TEE instance
Enarx host agent - untrustedActs a proxy between Enarx client agent and:
● CPU/firmware● Enarx Keep
Enarx client agent - trustedWorks with orchestration/CLI Manages attestationApplies policyEncrypts and transports workload
40
Enarx architectural componentsHost Client
Orchestrator(e.g. Openshift/k8s,
Openstack)
Enarx runtime
Application
CPU + firmware
Enarx host agent
Enarx client agent
CLIKeep
Enarx Keep Architecture
VM-BasedKeep
Process-BasedKeep
SGX
Sanctum
SEV
PEF
WebAssembly
WASI
Language Bindings (libc, etc.)
W3Cstandards
Application
MKTME
Enarx: the Fit
Don’t trust the hostDon’t trust the host ownerDon’t trust the host operatorAll hardware cryptographically verifiedAll software audited and cryptographically verified
Well suited to microservicesWell suited to sensitive data or algorithmsEasy development integrationSimple deploymentStandards based: WebAssembly (WASM)
The vision● IoT● Smart transport● Smart energy● Edge
● Routers● Pumping stations● Wind farms● Bus stops● Pico-cells● Drones● Smart meters
Allow sensitive applications to be:● Written using existing tools● Deployed simply● Take advantage of audited, open
source infrastructural components● Executed transparently on different
hardware● Run anywhere!
We Need Your Help!
44
Website: https://enarx.io
Code: https://github.com/enarx
Gitter: https://gitter.im/enarx/
Master plan: https://github.com/enarx/enarx/issues/1
License: Apache 2.0
Language: Rust
Daily stand-ups open to all! Check the website wiki for details.
46
Enarx architectural components
Attestation
Code + Data(Encrypted)
Host Client
Orchestrator(e.g. Openshift/k8s,
Openstack)
Enarx runtime
Application
CPU + firmware
Enarx host agent
Enarx client agent
CLIKeep
Client/ host agent
comms
6
2, 4
1, 5
1, 5
3,7
Enarx attestation process diagram
Client Host
CLI / Orchestrator
Enarx client agent
Enarx host agent CPU/firmware Enarx Keep
1. Request workload placement
Enarx attestation process diagram
Client Host
CLI / Orchestrator
Enarx client agent
Enarx host agent CPU/firmware Enarx Keep
1. Request workload placement
2. Request Keep
Enarx attestation process diagram
Client Host
CLI / Orchestrator
Enarx client agent
Enarx host agent CPU/firmware Enarx Keep
1. Request workload placement
2. Request Keep
3. Create Keep, load Enarx runtime
Enarx attestation process diagram
Client Host
CLI / Orchestrator
Enarx client agent
Enarx host agent CPU/firmware Enarx Keep
1. Request workload placement
2. Request Keep
3. Create Keep, load Enarx runtime
4. Measurement of Keep + Enarx runtime
Enarx attestation process diagram
Client Host
CLI / Orchestrator
Enarx client agent
Enarx host agent CPU/firmware Enarx Keep
1. Request workload placement
2. Request Keep
3. Create Keep, load Enarx runtime
4. Measurement of Keep + Enarx runtime
5. OK/not-OK
Enarx attestation process diagram
Client Host
CLI / Orchestrator
Enarx client agent
Enarx host agent CPU/firmware Enarx Keep
1. Request workload placement
2. Request Keep
3. Create Keep, load Enarx runtime
4. Measurement of Keep + Enarx runtime
5. OK/not-OK
6. Code + Data (encrypted)
Enarx attestation process diagram
Client Host
CLI / Orchestrator
Enarx client agent
Enarx host agent CPU/firmware Enarx Keep
1. Request workload placement
2. Request Keep
3. Create Keep, load Enarx runtime
4. Measurement of Keep + Enarx runtime
5. OK/not-OK
6. Code + Data (encrypted)
7. Load Code + Data into Keep