with Enarx Trusting untrusted systems

Towards a Safe and Secure Smart World

Trusting untrusted systems with Enarx

Mike BursellOffice of the CTO, Red Hat

axel simonOffice of the CTO, Red Hat

https://enarx.io

https://enarx.io

The Problem

The Need for Confidentiality and Integrity● IoT● Smart transport● Smart energy● Edge

● Routers● Pumping stations● Wind farms● Bus stops● Pico-cells● Drones● Smart meters

Virtualization Stack

Container Stack

https://xkcd.com/2166/

https://xkcd.com/2166/

ConfidentialComputingConsortium

Confidential Computing Consortium

Linux Foundation project

Premier members

Confidential Computing Consortium

Linux Foundation project

Premier members

General members

Enarx: the Plan

Enarx: the Principles

Don’t trust the hostDon’t trust the host ownerDon’t trust the host operatorAll hardware cryptographically verifiedAll software audited and cryptographically verified

Trusted Execution Environments

TEE

TEE is a protected area within the host, for execution of sensitive workloads

Host

TEE provides:● Memory Confidentiality● Integrity Protection● General compute● HWRNG

Trusted Execution Environments

TEE

TEE is a protected area within the host, for execution of sensitive workloads

Host

How does Enarx use a TEE?

14

Enarx Keep

App + runtime

Host

Open hybrid cloud and Enarx

15

Enarx

Step 1: on premises

TrustedSemi-trustedUntrusted

Internal Internet

Internal dev

Step 1: on premises


Internal Internet

Internal dev

Owned host

Step 2: private cloud

Orchestrator

Image repository


Internal Internet

Internal dev

Owned host

Workload


Orchestrator

Workload

Workload

Image repository


Internal Internet

Internal dev

Owned host

Workload


Orchestrator

Workload

Workload

Image repository CheckVendor Image

repository


Internal Internet

Internal dev

Owned host

Workload

Step 3: public cloud

Orchestrator

Workload

Workload

Image repositoryVendor Image

repository


Internal Internet

Internal dev

CSP host

Workload

Step 4: hybrid cloud

Workload

Workload


repository


Internal Internet

Internal dev Orchestrator

Check

Workload

Workload

Workload

CSP hostOwned host

Workload

Step 5: hybrid multicloud

Workload

Workload


repository


Internal Internet


Check

Workload

Workload

Workload

Workload

Workload

Workload

CSP host

CSP host

Owned host

How does Enarx fit here?

24

Enarx Keep

App + runtime

Untrusted host

Workload

Step 6: Enarx hybrid multicloud

Workload

Workload


repository


Internal Internet


Check

Workload

Workload

Workload

Workload

Workload

Workload

CSP host

CSP host

Owned host

Enarx Keep

New options for workloads with Enarx

Mix and match for different workload types & Enarx


repository


Internal Internet


Check

Sensitive workload

CSP host

Owned host ? CSP host



repository

Internal Internet


Check

CSP host

Owned host

Sensitive workload

CSP host




repository

Internal Internet


Check

CSP host

Owned host

Sensitive workload

Sensitive workload

CSP host


Enarx Keep

Standard workload


Sensitive workload


repository

Internal Internet


Check

Sensitive workload

CSP host

Owned host ? CSP host


Enarx Keep

Standard workload


Sensitive workload

Standard workload


repository

Internal Internet


Check

WorkloadSensitive workload

CSP host

Owned host CSP host


Enarx Keep

On which technology do I build my application?

Introducing Enarx

Enarx is a Development Deployment Framework

Choose Your Language / Tools

Compile to WebAssembly

Develop Application

Choose Host

Instance Configuration

Enarx is a Development Deployment Framework(Example components)

Choose Your Language / Tools

Compile to WebAssembly

Develop Application

Choose Host

Instance Configuration

Dev tooling

IBM Cloud, Azure, AWS, ...Openshift

Enarx Project Principles

1. We don’t trust the host owner2. We don’t trust the host software3. We don’t trust the host users4. We don’t trust the host hardware

a. … with the exception of CPU + firmware

Enarx Design Principles

1. Minimal Trusted Computing Base2. Minimum trust relationships3. Deployment-time portability4. Network stack outside TCB5. Security at rest, in transit and in use6. Auditability 7. Open source8. Open standards 9. Memory safety

10. No backdoors

38

Enarx architectural componentsHost Client

Enarx runtime

Enarx host agent

Enarx client agent

Keep

39

Enarx architectural components

Enarx runtime

Enarx host agent

Enarx client agent

Enarx Keep - trustedMeasured and attestedWebAssembly+WASI runtimeInside a TEE instance

Enarx host agent - untrustedActs a proxy between Enarx client agent and:

● CPU/firmware● Enarx Keep

Enarx client agent - trustedWorks with orchestration/CLI Manages attestationApplies policyEncrypts and transports workload

40

Enarx architectural componentsHost Client

Orchestrator(e.g. Openshift/k8s,

Openstack)

Enarx runtime

Application

CPU + firmware

Enarx host agent

Enarx client agent

CLIKeep

Enarx Keep Architecture

VM-BasedKeep

Process-BasedKeep

SGX

Sanctum

SEV

PEF

WebAssembly

WASI

Language Bindings (libc, etc.)

W3Cstandards

Application

MKTME

Enarx: the Fit

Don’t trust the hostDon’t trust the host ownerDon’t trust the host operatorAll hardware cryptographically verifiedAll software audited and cryptographically verified

Well suited to microservicesWell suited to sensitive data or algorithmsEasy development integrationSimple deploymentStandards based: WebAssembly (WASM)

The vision● IoT● Smart transport● Smart energy● Edge

● Routers● Pumping stations● Wind farms● Bus stops● Pico-cells● Drones● Smart meters

Allow sensitive applications to be:● Written using existing tools● Deployed simply● Take advantage of audited, open

source infrastructural components● Executed transparently on different

hardware● Run anywhere!

We Need Your Help!

44

Website: https://enarx.io

Code: https://github.com/enarx

Gitter: https://gitter.im/enarx/

Master plan: https://github.com/enarx/enarx/issues/1

License: Apache 2.0

Language: Rust

Daily stand-ups open to all! Check the website wiki for details.

https://enarx.io

https://github.com/enarx

https://gitter.im/enarx/

https://github.com/enarx/enarx/issues/1

Questions?

https://enarx.io

https://enarx.io

46

Enarx architectural components

Attestation

Code + Data(Encrypted)

Host Client

Orchestrator(e.g. Openshift/k8s,

Openstack)

Enarx runtime

Application

CPU + firmware

Enarx host agent

Enarx client agent

CLIKeep

Client/ host agent

comms

6

2, 4

1, 5

1, 5

3,7

Enarx attestation process diagram

Client Host

CLI / Orchestrator

Enarx client agent

Enarx host agent CPU/firmware Enarx Keep

1. Request workload placement


Client Host

CLI / Orchestrator

Enarx client agent



2. Request Keep


Client Host

CLI / Orchestrator

Enarx client agent



2. Request Keep

3. Create Keep, load Enarx runtime


Client Host

CLI / Orchestrator

Enarx client agent



2. Request Keep


4. Measurement of Keep + Enarx runtime


Client Host

CLI / Orchestrator

Enarx client agent



2. Request Keep



5. OK/not-OK


Client Host

CLI / Orchestrator

Enarx client agent



2. Request Keep



5. OK/not-OK

6. Code + Data (encrypted)


Client Host

CLI / Orchestrator

Enarx client agent



2. Request Keep



5. OK/not-OK

6. Code + Data (encrypted)

7. Load Code + Data into Keep

with Enarx Trusting untrusted systems

Documents

Transcript of with Enarx Trusting untrusted systems