Welcome to the August/September 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.
Confidential Computing Mini Summit
MONDAY, SEPTEMBER 18 | 13:30 – 17:00
Location: Euskalduna Bilbao
In Person Registration Cost: $10
Virtual Registration Cost: $0
Confidential Computing protects data in use by performing computation in a hardware-based, attested Trusted Execution Environment (TEE). The Confidential Computing is bringing together hardware vendors, cloud providers, and software developers to accelerate the adoption of TEEs through collaboration in open source software.
- 13:30 – Introductions – Paul O’Neil
- 13:40 – PETs of the world unite! Conquer the middle ground in the performance vs security spectrum – Dr. Sven Trieflinger
- 14:20 – Formal specification of attestation mechanisms in Confidential Computing – Muhammad Usama Sardar
- 15:00 – Break
- 15:15 – secGear: openEuler native confidential computing framework – Zhenyu Zheng
- 15:45 – Use case deep dive: Secure and privacy-preserving cyber threat intelligence exchange – Nicolae Paladi
- 16:15 – Securing the Unseen: Vulnerability Research in Confidential Computing– Josh Eads
- 16:45 – Wrap Up – Mike Bursell
Date: Monday, September 18, 2023
Time: 13:30 – 17:00 CEST
Location: Euskalduna Conference Centre, Level 5, Room 5A, map.
Joining Sessions Virtually
All mini summit sessions will be streamed live on the Linux Foundation YouTube Channel. There will be no virtual platform for this event. For more information on how to join sessions virtually, please visit our Virtual Attendance webpage. Please note: Virtual attendees will only be able to watch the live session – there will be no speaker Q&A and no virtual attendee audio function. However, chat will be enabled on the YouTube live stream.
The mini summit will be recorded and posted to the Linux Foundation YouTube channel 2 weeks after the event.
Recap of Diana Initiative
By Deirdre Cleary
The Diana Initiative (TDI) is a conference whose aim is to help those underrepresented in Information Security and this year’s event took place on August 7th at the Westin in Las Vegas. I was sponsored by Evervault to attend and give a talk entitled Spilling the TEE.
This was my first time attending and I found The Diana Initiative to be a really welcoming environment for newcomers. The day offered a mix of talks, workshops, and hands-on villages, all of which built on this year’s theme of Lead the Change. The conference is well-timed at the start of Hacker Summer Camp and leaves attendees feeling confident in themselves and their abilities as they take on the many other events the week has to offer.
As a speaker, I gave a 30-minute talk entitled Spilling the TEE. The session was aimed at those who had no previous experience with Trusted Execution Environments, but were curious to learn what they’re all about. I discussed why we need TEEs, the features they offer, the types of TEEs available today, and gave some examples of applicable use cases.
One use case we dove into a little deeper was that of rebuilding trust in period tracking apps. Post Roe v. Wade there was a lot of discussion about whether it is safe to be sharing this very personal data with apps on your phone, having little knowledge of, or control over, what the data can be used for. At TDI I explored how TEEs could be part of the solution. In combination with open sourcing, TEEs can offer users confirmation of exactly what actions are being performed on their data, thanks to attestation. I demonstrated this using Evervault’s open source project (Cages)[https://github.com/evervault/cages] to deploy a simple attestable period prediction tool on (AWS Nitro Enclaves)[https://aws.amazon.com/ec2/nitro/nitro-enclaves].
While this is not the typical example we give for TEEs, it resonated well with the attendees on the day, and goes to show that the more diverse the people involved in confidential computing, the more diverse the solutions we can build together.
Recap of DEFCON
By Nick Vidal
On Friday and Saturday August 11-12, I attended DEFCON, the largest hacker conference in the world, held across 3 different Caesars’ convention centers, with over 30,000 attendees. The conference is so big that they have to split it into what they call villages, which are still very large on their own. I spent most of my time in the following villages:
The CCC was sponsoring the IoT Village. This was a very well attended village, and I was surprised by the enthusiasm and knowledge of the attendees. Many arrived early in the morning, and only left the large room late in the afternoon, spending their time trying to break into IoT devices. Many thanks to the IoT Village organizers who received me, Rachael Tubbs and Sara Pickering, MS, PHR, SHRM-CP.
The AI Village was one of the most popular ones, and was dedicated to DARPA’s AI Cyber Initiative. Thousands of hackers tried to find vulnerabilities in Large Language Models. This initiative was officially announced at the main auditorium:
DARPA Announces an AI Cyber Initiative – by Dave Weston, Vice President of Enterprise and OS Security at Microsoft; Heather Adkins, Vice President of Security Engineering at Google; Matthew Knight, Head of Security at OpenAI; Michael Sellitto, Head of Geopolitics and Security Policy at Anthropic; Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF); and Perri Adams, AixCC Program Manager at DARPA.
The Policy@DEFCON room was also well attended, and brought together government officials and specialists interested in safeguarding critical infrastructure, with a particular focus on open source software security. I really liked Kemba Walden’s fireside chat with Jeff Moss at the main auditorium:
Fireside Chat with the National Cyber Director Kemba Walden – by Kemba Walden, Acting National Cyber Director at the Office of the National Cyber Director, the White House; Jeff Moss, Founder of DEFCON.
Crypto & Privacy Village
The Crypto & Privacy Village is one of my favorites, and last year we gave two talks there. This time, I was only attending. I especially enjoyed the entertaining privacy talk from Anthony about how privacy laws are evolving in the U.S.:
Is 2023 the Year of Privacy: How History and States are Posed to Change Privacy? – by Anthony Hendricks
The Confidential Computing Consortium