►
From YouTube: Secure Container with SGX: Protecting Secret in Cloud Environment - Isaku Yamahata & Xiaoning Li
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Secure Container with SGX: Protecting Secret in Cloud Environment - Isaku Yamahata & Xiaoning Li
In cloud computing container is widely adapted, but its isolation is weak. It's important to protect secrets even from cloud service provider. Software Guard Extention(SGX) provides Trusted Execution Environment(TEE) where only Intel and SGX implementation is trusted with untrusted OS/VMM/BIOS. It requires to modify applications which is sometimes difficult for various reasons. Ideally unmodified user binary can run in SGX enclave. In this talk, Library OS to allow unmodified binary to run within SGX TEE is introduced. It hooks system call by replacing shared library. Go is most popular language for cloud native applications with uniqueness to use static link. We enhanced Graphene LibOS to support golang binary and hardened it for production use. We will share our experience to add golang support to Graphene-SGX LibOS and our future plan.
https://sched.co/Nrp9
A
B
A
Not
these
days.
These
desecrater
environment
is
quite
widely
adopted
and
its
model
is
to
trust
your
cloud
service
provider,
crud
crud
service
providers
set
up
set
up
Connie
OS
kernel
hypervisor,
so
that
any
user
can
run.
You
are
a
pre
camera
in
the
application
in
the
same
same
physical
hardware,
and
so
user
can
do
anything
so
cloud
service
provider
has
to
protect
them
tables,
in
this
case
OS
kernel
hypervisor,
so
that
they
can
users
can't
do
bad
thing.
A
However,
you
know
this
miss
Connie
hypervisor
is
a
huge,
complex
software,
so
there
are
green,
green
Bremner
abilities
it's
so
so
once
Congress
compromised
for
system
is
green
ever
so
your
data
is
in
danger,
so
it
was
maybe
maybe
the
are
cambia
Maris's
cloud
administrator,
so
he
can
configure
harbour
control
canada.
So
in
this
case
he
can
simply
inject
Natasha
pre
compromised
the
Carney
wife.
By
by
that,
without
any
bloom
they
are
pretty
recently.
C
A
A
One
protection
so
that
notion
of
trusted
execution,
valid
environment
can
see
basically
yeah.
We
have
a
what
is
called
unplayed
and
that
is
a
sort
of
protected
area,
so,
even
if
maybe
canary
a
hypervisor,
if
sometimes
even
family
is
compromised,
your
on
crib,
it
can
still
protect.
It
probably
permeate,
can't
read
any
memory
in
okay,
so
that
concept
of
trusted
exaction,
environment
under
environment.
A
Special
special
encrypted
tend
to
be
included,
baited
the
memory
region
in
user
space
and
its
memories,
and
repeated
so
Indira,
o
a
memory,
bus,
the
data
and
competitive.
So
if
you
look
into
memory
or
DRAM
memory
bus
it,
you
can
read
jack
and
also
its
exact
to
start
with
a
measurement.
So
we
can't
guarantee
that
it's
unplayable
starts
with
a
with
no
state,
so
no
one
can
no
one
can
modify
it
starting
starting
stage.
So
we
know
we
know
it's
state
is
non
state
and
also
to
help
uncrate
to
keep
in
safety.
Yeah.
A
A
Exception
so
risks
is
very
good,
so
how
can
I
adapt
it?
So
basically,
the
earth
is
modifying
your
application
at
the
source
code
level.
So
we
have
to.
We
have
to
identify
which
data
we
directive
protect
and
split
your
source
source
code
into
trusted
mode.
Trust
is
trusted
code
and
also
protect
untrusted
code.
A
Sgx
SDK
libraries
provided
so
we
can
use
a
we
can
use
library
so
that
under
hard
work
of
using
less
is
to
using
it
correctly
is
done
by
like
its
library,
but
still
we
have
to
modify
our
application
at
source
code
already.
So
it's
an
application
cost
is
too
high,
so
we
want.
We
want
yet
another
option
at
low
cost.
So
you
know:
do
you
remember
that
Greek
gkh
said
that?
Is
he
not
no
one
uses
DX?
A
So
I'm,
that
is,
that
that
isn't
why
I'm
working
on
this
so
as
I
still
did
provide
low
cost
option.
So
what
means
low
cost
to
users?
It
means
you
can
bring
your
unmodified
balance
so
that
you
can
shippi
run
your
binary
machine
uncle
agree.
So
your
so
your
data
will
be
protected,
so
the
problems
have
so
big.
One
of
the
solution
is
to
use
library
OS.
You
know,
I
said
SEM
and
levies
restrict
it.
So,
for
example,
system
court
cannot
be
used
because
we
don't
trust
connect.
A
So
we
have
to
do
something
under
library
always
provides
a
basically
provides
a
sort
of
Linux
system
called
emulation,
and
so
that
so
that
unmodified
application
can
be
run
inside
inside
the
exam
clip.
But
it's
a
there
is
a
trade
off
with
me
using
a
we.
If
we
use
BlackBerry
OS
yeah,
it's
really
a
big
software,
because
yeah
we
need
to
emulate
to
the
system
code,
so
trusted
computing
base
beside
will
be
plush,
but
it's
costly
is
wrong.
On
the
other
hand,
if
we
we
use
a
CX
negatively
yeah,
it's
trust.
It's
PC.
A
Besides,
we
really
potentially
very
small,
but
its
cost
is
high,
so
this
is
a
very
trade-off
so
which
choice
is
better
for
you
is
depends
on.
You
are
requirement,
so
maybe
yeah.
We
have
a
bit
friction
on
budget.
We
have
a
restriction
on
engine
grease
off
property.
We
have
a
pressure
on
schism,
so
we
directed
we
need
to
choose
based
on
those
parameters,
and
probably
this
is
not
exclusivity
plumbery.
If
we
have
to
do
something
agile,
yeah,
we
can
use
this
low
cost
of
this
solution
so
that
we
can.
A
A
Unreal
right
now,
yeah
this
option
is
missing
so
I'd
like
to
provide
this
this
option,
so
basically
how
lobular
always
support
and
modify
the
binary
inside
I'm
Craig-
and
this
is
a
just-
a
Jarek
discussion,
a
mystery
yeah.
It's
called
basically
library,
always
targets
C
or
C++
application
and
the
usually
it
uses.
Ribisi
are
just
a
driver,
so
shared
library,
deep
divisions,
a
shared
library,
can
be
replaced
easily.
So
typically
library
OS
provide
a
modified
deep
sea
so
which
depressed
Cisco
instruction
with
function
called
interlibrary
OS.
A
So
when
application
requests
a
system
call
actually
it
go
see,
it
goes
into
libraries
and
then
the
system,
Cory
emulation,
will
happen
inside
inside
libraries
and
it
really
needs
a
host
system
code
up,
for
example,
file
system.
I
io
112,
I
oh
yeah.
We
have
to
use
what
was
correct,
so
in
that
case,
yeah
we
exit
and
grave
under
it
will
pass
the
request
to
untrusted
code
and
then
untrusted
code
proxy
system
call
into
host
:,
which
is
untrusted
under
in
this
case.
A
Its
applicable
range
is
much
wider
because,
for
example,
python
see
puzzle
is
between
C,
so
we
can
run
Python
with
rival
us
in
aggregate.
So
we
cannot
pass
on
inside.
Ok
under
how
about
Java
I'm
sorry,
open
JDK
is
between
C,
so
we
can
also
run
open
JDK
with
so
Java
and
Python
and
many
other
language
language
is
between
C.
So
many
we
can
apply
this
this
this
architecture
to
many
languages,
so
so
that
questions
go
language.
A
You
know
it's
no
doubt
golem,
which
is
one
of
the
most
popular
language
for
cloud
native
application,
and
this
is
a
citation
from
from
github.
It
ranks
number
number
3d
twist
on
the
you
know
go
wrong
which
is
ranked
as
forward
so
yeah.
We
have
to
yeah
Mira
we
without
to
reduce
support
for
language
and
without
vomit
yep.
A
We
need
we,
we
would
loose
many
new
debase,
but
go
along,
which
is
very
unique
under
its
short
technically,
it
shows
taken
out
thick
technical
changes
to
support,
to
support
to
support
for
libraries
after
a
bore,
doesn't
use
the
machine
and
it
has
its
own
run
time
between
go
language,
and
it's
long
time
is
statically
dict.
So
it's
very
hard
to
replace
replaced
its
just
call
with
system
call
instruction
with
function
called
under
saw.
A
Well,
you
know,
ball.
Routing
is
a
very
unique
feature
for
go
and
it
has
a
very
small
stock
size,
and
so,
if
we
simply
function
for
interlibrary,
it
is
very
likely
to
to
likely
to
overthrow
each
stock.
So
we
have
to
do
something,
and
also
because
of
its
small
small
stud
size.
It
requires
accurate
emulation
of
the
protocol
signals.
In
fact,
in
C
or
C++
case,
unique
signal
ammunition
can
be
very
inaccurate,
even
wrong
emulation,
yeah
application
camera,
but
god
doesn't
like
that.
A
A
So
far,
yeah
I
have
discussed.
I
have
discussed
generic
thing,
so
attractive,
move
onto
concrete
discussion,
a
concrete
project,
and
actually
we
picked
a
graphene
library,
OS
project.
This
is
a
open
source
project
and
in
Essex
Community
this
is
very
known
and
very
popular
one
under
it
is
it
stopwatch.
It
is
a
library
always
for
unmodified
applications,
but
go
is
not
supported
and
it
imitates
new
system
called
under
it
supports
much
process.
This
is
very
unlike
unique.
Rk
unicorn
in
case
unique
honor
typically
doesn't
support
much
process.
A
D
A
D
A
A
And
on
top
of
it,
we
have
a
modified
of
Geneva
C
and
it
converts
it
folks
system
core
instruction
into
function
system
code.
So
actually,
when
application
request
code
after
it
is,
it
will
become
a
normal
function
pouring
into
level
voice,
and
on
top
of
it
we
have
a
modified
application.
Typically,
it's
its
own
battery.
Under
it
comes
it's
shared
red-eyes.
A
A
System
called
eppley
ammunition,
if
even
if
application
areas,
sister
McCrory
structure,
yeah
we
trap
and
immunity
under,
so
it's
very
slow
because
it
because
sort
of
unclear
exit
or
enter
so
we
it's
very
catastrophic
to
its
Hamas.
So
we
have
a
fat
optimization
under
Sonya.
We
like
to
be
yes
so
we'd
like
to
have
VDS.
Oh
yeah,
it's
because
it's
optimization
under
so
we
introduce
a
dedicated
to
stuck
to
run
library.
B
A
Code
because
ball
start
is
very
small,
so
we
don't
want
a
stack
of
overflow
under
Sonya.
We
implemented
a
create
a
mission
of
project
Sigma
like
cigarette
stock
and
so
on,
and
we
get
many
system
correlation
issues
and
we
are
fixing
it.
We
have
fixed
many
things
and
we
are
fixing
issues,
meaning
issues.
I'm,
sorry,
yeah
library
always
sees
like
well
the
problem
of
library,
oasis
its
ammunition
to
implement
system.
Color
emulation
is
a
hard
work.
It
requires
meaning
much
engineering
resource,
so
yeah
plus
spot
meter
will
increase,
will
continue.
A
So
now
we
have
a
small,
simple
hero
while
the
example
on
exempt
under
yeah,
just
it
uses
that
go
routine
and
it
prints
hello
world
and
there
it's
very
sick
to
understand
under
under
now.
Next
step
is
to
measure
its
application
so
that
we
can
have
a
measurement
and
there
when
we
run
this
application
and
I
s
exactly
yeah.
We
can
guarantee
it's
not
modified
by
summer.
A
A
A
Yeah
first
measurement
is
done
under
yeah,
we
know
measurement
is
correct
and
then
it
starts
many
things
and
yeah.
It
does
many
things
because
you
know
reaching
to
main
function.
Yeah.
There
are
many
things
to
be
done
to
initialize
:
time
under
go
under
and
them
actually
many
things
need
to
be
done
and
then
it
and
it
exit
memory
under
actually
yeah.
It
took
many
long
time
to
reach
me
main
function.
A
It's
adaptation
barrier
is
very
high,
so
we
directed
provider
lower
cost
option
under
library,
always
the
one
with
a
solution
for
it,
and
we
are
working
on
gravity
X
to
support
it
under
and
that
communities
right
now
working
hard
to
stabilize
it,
and
we
are
planning
to
release
1.0
in
dry
so
dry.
So
please
give
it
a
try
right
now:
yeah,
it's
in
quality
is
very
stubborn
attic
and
also,
if
you
are
developer
yeah,
please
contribute
to
it,
because
this
is
a
library
OS
and
it's
sort
of
funny
beast.
D
A
D
D
D
A
Is
we
should
not
modify
balance?
So?
Yes,
so
ya
assumptions,
sis
core
instruction
is
embedded
in
target
binary.
Yes,
so
what
we
have
two
approaches?
One
is
trap
and
image
because
she
score
instruction
is
not
allowed
in
and
grade
so
it
triggers
a
nudey
exception,
so
we
can
chop
it
on
the
immunity,
but
it
in
it
in
Casa,
Enclave
a
widget
on
enter
Monday's
overhead
is
very,
very
high.
Yes,
so
we
are
incrementing
by
an
Apache
to
replace
Sasori.
C
A
E
Hi
I
had
a
question
about
the
Iago
attacked,
so
OD
Iago
attacks,
yeah,
so
Micra.
We
we
did
a
similar
acceleration
right
there
with
library
operating
system.
So
this
was
like
base
of
the
scone
paper
and
we're
looking
at
the
Iago
attacks,
and
then
we
were
trying
to
figure
out.
How
do
you
do
shielding
right,
disco
people
mentioned
shielding,
but
they
don't
really
say
how
to
do
it.