Loading…
NOTE: The event will be held in Central Daylight Time (CDT), UTC -5.
View More Details & Registration
Back To Schedule
Thursday, July 2 • 12:45pm - 1:30pm
Automatically Securing Linux Application Containers in Untrusted Clouds - Anjo Vahldiek-Oberwagner, Intel & Dmitrii Kuvaiskii, Intel Labs

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
WATCH NOW
Computing on secret data is challenging with today’s cloud service provider (CSP) offerings. CSP have full visibility into their client’s workloads and data while run in a VM or container and shielding against other tenants. On the contrary, confidential computing (CC) techniques (e.g., Intel Software Guard Extension (SGX)) offer a reverse sandbox. These techniques shield the workload and data from accesses by the underlying system software (e.g., OS or VMM) and hardware attacks. Thus, preventing CSPs from accessing secrets. In addition, CC provides remote attestation to verify the integrity of applications.

In this talk we will present Graphene Secure Containers, a technique to automatically wrap an unmodified Linux application packaged in a container image to execute inside Intel SGX using the Graphene LibraryOS and allow users to verify application integrity via remote attestation.
Speakers
DK

Dmitrii Kuvaiskii

Research Scientist, Intel Labs
avatar for Anjo Vahldiek-Oberwagner

Anjo Vahldiek-Oberwagner

Research Scientist, Intel Labs
Anjo Vahldiek-Oberwagner is a Research Scientist at Intel Labs where he focuses on analyzing, designing, building and evaluating secure software and hardware systems. In particular, techniques protecting data confidentiality and integrity of data center workloads. He received a PhD... Read More →

wo narration lss2020 shielding containers in cloud pptx
Thursday July 2, 2020 12:45pm - 1:30pm CDT
LSS Room 1
  Refereed Presentation