Graphene: Securing Unmodified Linux Applications with Confidential Computing

Abstract

Confidential computing is a new form of computing that allows securing data “in use” via Trusted Execution Environments (TEEs). Intel® SGX is one such TEE for Confidential Computing. There is a strong desire to protect legacy applications by running in TEEs to shield themselves from untrusted system software (OS/VMM) with minimal developer intervention. Graphene is a Library OS that provides a flexible and modular architecture for securing unmodified Linux applications/binaries on Intel SGX. Graphene not only supports “Lift” and “Shift” for Linux applications/binaries, but also provides tools and framework for delivering end to end secure solution by automatically supporting remote attestation for verifying application integrity, protected file system for data confidentiality and integration with Docker containers for easy deployment in cloud environments. Graphene is a community maintained open source project and already supports many unmodified Linux applications.

Learn more about Graphene project at our website https://grapheneproject.io/ and Github https://github.com/oscarlab/graphene/

Key Topics

  • Graphene Project Summary
  • End to End Use Cases
  • Graphene Remote Attestation
  • Docker Container Integration

Speakers

Don Porter

Associate Professor of Computer Science at UNC Chapel Hill

Don is an Associate Professor of Computer Science at The University of North Carolina at Chapel Hill. His research develops better abstractions for managing concurrency and security, primarily in the operating system, and extends these abstractions to other portions of the technology stack as appropriate.

Read More

Jesse Schrater

Director of Data Center Security Marketing at Intel

Jesse is the Director of Data Center Security Marketing at Intel Corporation. His wide range of experience developing, supporting, and managing in big-enterprise IT ranges from server system administration, database engineering, network engineering, software development, Web applications, mobile clients, cloud/virtualization, people management, to programs/projects.

Read More

Mona Vij

Principal Engineer at Intel Labs

Mona Vij is a Principal Engineer and Cloud and Data Center Security Research Manager at Intel Labs, where she focuses on Scalable Confidential Computing for end-to-end Cloud to Edge security. Mona leads the research engagements on Trusted execution with a number of universities.

Read More

Stephen Walli

Governing Board Chair

Stephen is a principal program manager working in the Azure team at Microsoft and leads the Governing Board for the Confidential Computing Consortium. Prior to that he was a Distinguished Technologist at Hewlett Packard Enterprise.

Read More