NOTE: The event will be held in Central Daylight Time (CDT), UTC -5.

View More Details for Open Source Summit + Embedded Linux Conference North America 2020
Registration Information.
Back To Schedule
Thursday, July 2 • 12:45pm - 1:30pm
Automatically Securing Linux Application Containers in Untrusted Clouds - Anjo Vahldiek-Oberwagner, Intel & Dmitrii Kuvaiskii, Intel Labs

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Computing on secret data is challenging with today’s cloud service provider (CSP) offerings. CSP have full visibility into their client’s workloads and data while run in a VM or container and shielding against other tenants. On the contrary, confidential computing (CC) techniques (e.g., Intel Software Guard Extension (SGX)) offer a reverse sandbox. These techniques shield the workload and data from accesses by the underlying system software (e.g., OS or VMM) and hardware attacks. Thus, preventing CSPs from accessing secrets. In addition, CC provides remote attestation to verify the integrity of applications.

In this talk we will present Graphene Secure Containers, a technique to automatically wrap an unmodified Linux application packaged in a container image to execute inside Intel SGX using the Graphene LibraryOS and allow users to verify application integrity via remote attestation.

avatar for Anjo Vahldiek-Oberwagner

Anjo Vahldiek-Oberwagner

Research Scientist, Intel Labs
Anjo Vahldiek-Oberwagner is a Research Scientist at Intel Labs where he focuses on analyzing, designing, building and evaluating secure software and hardware systems. In particular, techniques protecting data confidentiality and integrity of data center workloads. He received a PhD... Read More →

Dmitrii Kuvaiskii

Research Scientist, Intel Labs

Thursday July 2, 2020 12:45pm - 1:30pm CDT
Linux Security Summit Theater