| (window.webpackJsonp=window.webpackJsonp||[]).push([[11],{324:function(e,t,i){e.exports=i.p+"assets/img/teaclave-meetup-3-zoom.46d629fd.jpg"},325:function(e,t,i){e.exports=i.p+"assets/img/public-cloud-attestation-services.894d309e.png"},326:function(e,t,i){e.exports=i.p+"assets/img/public-cloud-attestation-services-teaclave.8a228054.png"},327:function(e,t,i){e.exports=i.p+"assets/img/public-cloud-attestation-services-summary.38e5d26d.png"},373:function(e,t,i){"use strict";i.r(t);var a=i(11),o=Object(a.a)({},(function(){var e=this,t=e.$createElement,a=e._self._c||t;return a("ContentSlotsDistributor",{attrs:{"slot-key":e.$parent.slotKey}},[a("p",[e._v("In March 25, we gathered in Zoom for the third monthly Teaclave meetup. In this\nmeetup, we're glad to have two speakers talking about some initial progress of\nTeaclave verification and comparison of public cloud attestation services.")]),e._v(" "),a("p",[a("img",{attrs:{src:i(324),alt:"Teaclave Meetup #3"}})]),e._v(" "),a("h2",{attrs:{id:"schedule"}},[a("a",{staticClass:"header-anchor",attrs:{href:"#schedule"}},[e._v("#")]),e._v(" Schedule")]),e._v(" "),a("ul",[a("li",[e._v("Recent Update of Teaclave, Mingshen (3m)")]),e._v(" "),a("li",[e._v("Teaclave Verification, Sean (15m)")]),e._v(" "),a("li",[e._v("Comparison of Public Cloud Attestation Services, Mengyuan Li (45 m)")])]),e._v(" "),a("h2",{attrs:{id:"teaclave-verification"}},[a("a",{staticClass:"header-anchor",attrs:{href:"#teaclave-verification"}},[e._v("#")]),e._v(" Teaclave Verification")]),e._v(" "),a("p",[e._v("In this session, Sean talked introduced the plan of Teaclave verification.\nThe main ideas is to create formal descriptions, specifications, and proofs for\nsome core components of Teaclave.")]),e._v(" "),a("p",[e._v("The initial effort on this field is trying to formally describe the access\ncontrol module in Teaclave. And then prove it with requirements defined in\n"),a("a",{attrs:{href:"https://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R5.pdf",rel:"noopener noreferrer"}},[e._v("Common Criteria for Information Technology Security Evaluation")]),e._v(".\nThe security objective of access control module is to prevent unauthorized users\nfrom accessing the critical data through tasks and functions. By achieving the\nsecurity objective, the threats of runtime tasks and functions abuse are\neliminated under the assumptions identified in security problem definition.\nWith these objectives, we can find some corresponding requirements in Common\nCriteria, e.g., FIA_UAU.2 for user authentication before any action.")]),e._v(" "),a("p",[e._v("The initial work has been accepted as a separate project in Teaclave.\nIf you are interested in this topic, please see\n"),a("a",{attrs:{href:"https://github.com/apache/incubator-teaclave-verification",rel:"noopener noreferrer"}},[e._v("https://github.com/apache/incubator-teaclave-verification")]),e._v(" to learn more.")]),e._v(" "),a("h2",{attrs:{id:"comparison-of-public-cloud-attestation-services"}},[a("a",{staticClass:"header-anchor",attrs:{href:"#comparison-of-public-cloud-attestation-services"}},[e._v("#")]),e._v(" Comparison of Public Cloud Attestation Services")]),e._v(" "),a("p",[e._v("Then, Mengyuan talked his recent research on attestation, especially, on public\ncloud attestation services.")]),e._v(" "),a("p",[a("img",{attrs:{src:i(325),alt:"Public Cloud Attestation Services"}})]),e._v(" "),a("p",[e._v("Here the abstract of the talk:")]),e._v(" "),a("p",[e._v("Confidential computing is an emerging security feature provided by more and more\npublic cloud service providers (e.g., Amazon AWS, Microsoft Azure, and Google\nCloud) in order to help customers protect their sensitive data in the cloud\nenvironment. Some popular confidential computing services include Intel Software\nGuard Extensions (SGX) enclaves and AMD Secure Encrypted Virtualization (SEV)\nVMs. These services are usually atop different hardware-based Trusted Execution\nEnvironments (TEE) technologies.")]),e._v(" "),a("p",[e._v("Meanwhile, to help convince the customers the trustworthiness of the platform\nhardware and the integrity of codes inside the TEE, cloud services providers\nalso offer remote attestation services. In this talk, we will first cover the\nremote attestation workflow provided by some famous cloud TEE services,\nincluding Azure Open Enclave, Nitro Enclave, Google confidential computing VM\nand Fortanix. From the perspective of customers, we also focus on the\nattestation reports the customers can get. We then introduce Teaclave's current\nattestation design and discuss the attestation report standard Teaclave should\nfollow.")]),e._v(" "),a("p",[e._v("He also discussed the attestation design of Teaclave.")]),e._v(" "),a("p",[a("img",{attrs:{src:i(326),alt:"Public Cloud Attestation Services of Teaclave"}})]),e._v(" "),a("p",[e._v("In the end, he also summarized the roles in the attestation ecosystem and\npositions of services/products discussed in this talk.")]),e._v(" "),a("p",[a("img",{attrs:{src:i(327),alt:"Public Cloud Attestation Services Summary"}})]),e._v(" "),a("p",[e._v("At last, thanks for attending this meetup. I'll continue to drive this meetup\nand make it a monthly activity for the community. If you want to speak in the\nnext time, please post your proposed topic in the mailing list. I'll help you to\nschedule the time.")])])}),[],!1,null,null,null);t.default=o.exports}}]); |