 So top of the morning to you. He said in entire the rocks wrong accent, but welcome to Dublin. My name is Mike Bersal I'm CM co-founder of profium, but also Co-founder of the nArx project, which we'll be talking a bit about today I hope this is the talk you're expecting if it's not you're in the wrong place There's also being live-streamed and recorded. So hello to everyone in the future and elsewhere at the moment This is the abstract in case you missed it. So what are we talking about? We're going to talk about the problem we're addressing here It's really about isolation Then we're going to talk about various PETs Not in a huge amount of detail, but just to give you a comparison Talk about why open source is important and then hopefully a live demo So please have your mobile phones or laptops ready to participate in the live demo if it doesn't work It's Patrick's fault over there. He's right in the corner and he got it working this morning So I'm fingers crossed right Patrick. Yeah And then hopefully some time for questions as well So let me start with a story Once upon a time computing was simple. It was lovely and easy and this is what it looked like and then the British came along and I'm afraid that we messed it up Royally so possibly unfortunate given where we are, but I wrote these slides before then so And it's about tea and this is maybe a surprise to many of you But it's about tea TV is always good and cake and there was a a chain of tea shops and cake shops called Lions in the UK There aren't many left anymore, but there were and they had Logistics issues and so they They commissioned computers back in a day and Leo 3 was one of theirs I come what it stands for but it was that and it kind of looked like this or it's certainly the front end looked like this This is what a gooey used to look like and they came up with this idea of multi-tasking Where more than one person could be using a computer at a time. There are some seats here Do please come through and find places to sit and ever since people have been obsessed with sharing And in my view, this is a really bad thing not only because sharing cake is terrible But also sharing computing resources cause you some significant security issues So the problem isn't really the computers. It's really the workloads. So what we want to think about here security is isolation And isolation can mean a whole bunch of things, but I'm going to focus on three things confidentiality integrity and availability the CIA triad Confidentiality people can't see what you're doing integrity. They can't change that Availability can continue doing what you want now generally, please come in. There's still a few seats over here Do do come in Generally availability is easy observed and we're not going to talk about that You can generally see if your workload is running in this sort of context So we're not going to talk a huge amount about this, but there are three types of isolation I think one is workload from workload isolation that's stopping one at workload interfering with another and VMs containers now How to do this we've been doing this for quite a while The next is hosts from workload isolation again. We're pretty good at this with things like se linux or sec comp or you know hypervisors and all those sorts of lovely things However workload from host isolation is much much more difficult and classical virtualization Just doesn't like to do this because the hypervisor whatever is doing the sharing of Memory pages to applications can just see what's going on and there's not much you can do about it in the standard models So pts privacy enhancing technologies Look to solve some of these problems And here's a definition I found on Wikipedia said must be true Actually, I think it's okay in this in this particular case. It's not too bad. I'm not going to read it all out But they're talking about Fundamental data protection principles minimizing data use maximizing data security. I like that. I also like the empowering individuals I don't think we always think enough about that and those of us who work for corporates I mean, I'm we're only 14 of us But you know, I'm sure the people who work for a lot a lot larger companies But I think this is an important thing we need to be thinking about as a community generally I think it fits well with our open source ethos as well so You can think of two sets of privacy technologies One is is hard where there is no trusted third party. There's no one you trust to do stuff with your data And another is where actually there is certain people you can trust to do certain things, right? You can say at this corporation is company this organization is safe And we're going to be focusing on the ones on the left Which is frankly the harder problem and fits better with the isolation issues We were talking about before instead of cloud computing and edge and on-prem as well, frankly so this is a Picture that I lifted unashamedly, but with permission From a white paper by the confidential computing consortium Which kind of lists out some of the technologies and we're going to talk about the ones in bold a little bit fully homomorphic encryption multi-party computation and confidential computing because are the ones you hear most about when we're talking about PET's generally At the bottom you'll see some things which aren't confidential computing I don't want to spend too much time on this if you're interested. We can talk about it TPMs For instance aren't we're talking about general computing here rather than just be able to run certain specific operations So we'll we can come to that if we need to happy to take questions So before we do that I said I talk a little bit about open source In my view Everything should be open source again I don't think there's going to be many people disagreeing with that as a general principle here But in the security realm There is a very well-known dictum which is in the cryptography you make the protocols open and a key secret Because the protocols are the things that she protecting what's going on and they should be everyone should be looking at those Auditing them do mathematical checks on them all those sorts of things We've seen some very very interesting stuff in the in the well I hate to call it post-cryptom Quantum the essay quantum resistant or not so quantum resistant protocol realm over the last few months where people have been trying to write Protocols or primitives which they hope will be resistant to quantum computers Those discover that standard laptops without quantum computing can break them in under an under an hour in some cases So this is a really important thing. We need to make this stuff open and Open source security There's a couple of things. It's not just the the protocol, but it's also the implementation All right, so you want that let's give the example of elliptic curve cryptography or RSA Not only the protocols that you're and the primitives that you're implementing open source But you want to make sure that your actual implementations open source too because very easy to mess up an implementation of crypto I know They say that anyone can design a crypto protocol that they can't break I can also tell you that anyone can implement a Crypto protocol. They can't break which other people can so you need to do this very carefully and you want it to be open This allows people to audit do many eyes put quick fixes in although just a quick thing here Is everyone know about the many eyes principle? Just in case you don't the there's a it's sometimes the Linus's rule I think but it's here in a number of places in the open source world with enough eyes or bugs are shallow and It's kind of true the problem with security in particular is there aren't that many eyes with you know people belonging to people with this Deep security knowledge to be able to look at these things really take them apart And some of those people are Improved by people who don't want them to be doing this So many eyes only works if we as a community Sponsor and employ people to be doing this work. I believe really really strongly in that so The other thing about open source is commercialization can be difficult if you're trying to create an open source product open source company around Around security and it's open source. It can be tricky. I know that we're doing it right now It but it can be done lots of people to talk to about it about this in this this conference So let's let's carry on a bit So I want to briefly talk about about the three things on on my list The first one is is fully homomorphic encryption fully homomorphic encryption is magic If you're not a mathematician, I'm not a mathematician. It is hence magic as far as I'm concerned There's some very very clever mathematical principles being used to allow you to do operations Mathematical operations on data whilst it stays encrypted all of the time So you you encrypt stuff with a particular key and then you can do operations on it without having to decrypt out Decrypt it and stuff comes out the at the other end. Absolutely amazing You need to design your workload if you're going to be doing that very very carefully Because there's only certain operations you can do and only certain ways you can run it and the performance to use a technical term sucks In most use cases until recently you couldn't do division with fully homomorphic encryption It's at that sort of level of complexity Many of the implementations of fully homomorphic encryption are entirely closed source Google any Google people here today Well, if there are if there aren't it's fine I'm just gonna say good things about you Google has done some great work actually in open sourcing some of this work and there are other people as well But you'll find a lot of money out there and a lot of closed source stuff Which always makes me just worried from a security point of view, but it is amazing stuff and just kind of seems to work The next one is secure multi-party computation SM and PC or sometimes just NPC It's difficult to define this because actually there are lots of different techniques which kind of fit in this bucket a Lot of them are Mathematics based and there's things like zero knowledge proofs which can which can fit in this sort of bucket as well But again, you can't this isn't about general computers about taking a particular problem Let's say a voting problem a number of NPC Areas around use cases around voting anonymized or pseudonymized voting Or you look at pseudonymized data and applying it writing your application and running it so In some cases that it's fairly fast sometimes. It's fairly slow, but quite difficult to generalize If they're experts in the room about this, I'm sorry to have Glossed over some of the very clever things going on, but honestly, it's it's a very large field So the thing I know most about and what we're doing at profane and the enhanced project is trusted execution environments Hands-up who's heard of SGX or SEV or Confidential, okay, so most people so trusted execution environments are basically Capabilities of a CPUs currently CPUs you expect to see them in GPUs and other places as well soon In fact knock is announced some stuff around that already which allow you to encrypt memory pages of applications in use At the CPU level which means that even if you've got kernel access or hypervisor access or admin access Whatever or even access to the physical hardware to the you know to the buses, etc You can't look in again. It's magic, but it's hardware magic rather than mathematical magic as far as I'm concerned Um This does mean that you can't run these sorts of workloads workloads design for confidential computing on any old chip You do need specific chips But these are becoming pretty much available in you know You can go to many of the clouds these days you can buy machines off the shelf with these chips the epic chips from AMD and It's the no, sorry. It's the epics of the Intel ones What they call the AMD ones I it's Milan and onwards basically for For our friends at AMD and I slake on onwards the ones that we support for Intel But the nice thing is you can run generalized workloads. You don't need to be you know doing these Rewriting applications for you can take an existing workload And hopefully with no or small changes run it in these contexts So I wanted a bit of a comparison here. So on the left-hand side, we've got standard virtualization Right. So, you know containers and VMs and all those sorts of things on the right. We've got the other things And the first one obviously is that you can't there's it's a bigger chart Don't take pictures now because it's going to be a lot that's going to be more more lines Okay So you can't do do confidential computing on all chips But at the bottom, you know, we'll see Data confidentiality is what we're trying to meet here and that is provided by the lower level Now if we think back however to one of my first slides I talked about Isolation I talked about the CIA tried right so this is data confidentiality and you could ask the question What about data integrity and this is where start things start getting interesting because data integrity is not guaranteed by Fully have a morphic encryption and not necessarily by multi-party computation either It is by confidential computing Next is the workload itself. What if you care about the workloads? Confidentiality and its integrity and I put this I've realized I'll put it the wrong way around on the right It should be the green one should be a depends on implementation should be on Confidentiality confidentiality of the workload there. I'll change that in the slides that we put out. I do apology to apologize So basically when you have a workload, there are times in you care about the workload Maybe it's a risk management system or maybe it's an AI model you've been putting together And in fact the workload in itself is more more confidential than the data that's running in if we're doing a Thing to decide whether to buy stock for instance everyone has the same data going in which is you know prices of stock Everyone sees the data going out, which is you bought stock or you haven't but it's actually the decision-making process the workload itself Which you want to make sure is confidential and of course you want to make sure that no one can mess with it They say the integrity is also important So that's another thing that a comp that some confidential computing can provide and The last thing is attestation attestation is one of those terms, which is Sounds very complex and is actually very easy very easy. It's difficult to do, but it's easy to explain Attestation is a proof That what you're running is what you think you're running So if I go to you gentlemen the front row and I say please put this workload in a trusted Execution environment, and you say yeah, I've done that. I say well The whole reason I gave to you was so that you couldn't look at it, and you're just telling me you've done it How do I how can I trust that so trust that execution allows him to give me a proof? Which he can't mess with which allows me to check that's the case so for Intel sgx and MD sev and future things so arm cca. They've talked about there's other ones TDX from Intel etc part of what confidential computing involves is a is a cryptographic proof Provided by the CPU which can be checked by a third party, and that's really important because if let's say you're running on Azure or gcp or Equinix or OVH and you say to them Prove that you're running what what I think you're running and they say yes I am then it's kind of like they're marking their own homework right that you've kind of missed the point So you need a trusted third party to be doing that So apart from the fact that I messed up those two lines This is the this is the picture that you probably want to take but I will I will put an updated version of that so What I'm going to talk now a bit about is is n arcs n arcs is a confidential computing project Oh give hub star, please obviously we like those for 190 this morning if we get to 900 or even a thousand that should be very very But it's a completely open source project and it is part of the The confidential computer consortium. Let me talk a bit about it So the first thing is we support both SGX and a and amd's sev and What we allow you to do is to take a workload and run it on either of those now you think that's kind of easy Because it's just a x86 right but it turns out the way that they have implemented Confidential computing is almost completely different between the two Everything we do is completely open source It's all written in rust with a little bit of assembly language right at the bottom because we're talking siskals And we are very careful about which bits of unsafe code we have because rust is generally safe So we restrict very carefully the assembly pieces to an unsafe I should be very clear that I've written none of this code. They won't let me write code anymore Roman has so you can put Wave Roman. Yeah, Roman has so And we provide a we the runtime is web assembly So that means that Weathers who knows about web assembly? Okay, a few people it started off in browsers to kind of do JavaScript right but it's moved to to server wazzy is the web assembly systems interface and Basically, it's a very good fit for the sort of stuff with Try to do a server base made in microservices or those type of use cases So the thing about web assemblies that provides exactly the same runtime across all of these different Platforms so whether you're running on Intel SGX AMD's scv arm realms TDX from From Intel when that comes along even though some a little and some big Indian It's exactly the same executable and this is really helpful when we're talking about Integrity and checking that what you think is running is what you're running right because you can prove that it's the same thing so we provide web assembly to do that and We provide the attestation and that application integrity that I talked about And confidentiality that I talked about out of the box So it's we believe that you really need this to be to be doing things properly to be doing confidential computing We are a Linux foundation project We were the first Linux foundation project to be accepted first project to be accepted by the confidential computing consortium by about half an hour So we win over Microsoft's OE SDK But that means that profane of which I'm I'm the CEO with a custodian. We like to think of it. We don't own it It is absolutely a Linux foundation Project, which we think is the right way to be doing these things. So yay go the Linux foundation. Thank you very much indeed Um, so what I'm gonna do now. Um demo goes willing is an actual demo So Wish me luck and let's see if we can make this work So you can all try this yourselves. Don't do it now because I'm going to show you something else first The um, but I'll do not step and what we're going to do is connect to an actual Ah Put put an application into a trusted execution environment. Okay, um, so I'm gonna select a platform the I know that we have we have some problems with the with the display I'm sorry about that, but you should be able to see most of the things and I'm gonna choose. I'm gonna choose AMD. Okay Doesn't make a difference. It'll work right Patrick. Yeah. Yeah, he's nodding. That's good. Okay So the first thing I need to do is log in so I'm gonna log in It's just a github login as long as you've got a github login. You're good to go This is how we track what's going on We don't want people doing, you know Bitcoin mining on our on our platforms with nothing else, right? so it's that sort of thing so What I'm gonna do is I'm going to I'm going to deploy this thing here and this is a Wasm web assembly Application written in Rust um if you want to just upload your own web assembly You can do that or we've got a whole bunch of examples that you can try They're all open source and then you can load them into our registry Which is called the drawbridge and keep practicing with them and and see how they work etc etc etc We really encourage you to do that. I won't go through that in this demo. We don't have the time But let's do that so I'm going to deploy this so what is going on here is we've we've taken this web assembly. We've asked the the AMD box Which is in equinix to start up a workload. Okay, and There's a link here Which I'm going to follow and What's going on here is that we present a Certificate but this is not a certificate which has been signed by any of the browsers So don't be surprised to see this this is just for testing production environment are different But I'm going to I'm going to accept it for now I'm going to accept the risk and continue and Crypto is basically a a wordal clone but written in web assembly and deployed to a trust execution environment So let's take a guess at what the word might be. I honestly don't know it is it is random It's not an ox. Okay, so what I'm going to encourage you to do is to get your phones out and Have a go at this as well right now because you can you can connect to this thing Which is running a trustee execution environment the the URL you need is HTTPS colon slash slash SNP Dot try Dot n-arcs Dot profion Dot client, you know what I'm gonna make this bigger somehow. Let me just Let's try I'll do one too Can I make that big anyone I had to make that big okay, so where do we get to SNP try n-arcs profion dot cloud Colon three three four three seven. I'll say it again slowly HTTPS colon slash slash SNP Dot try Dot n-arcs Dot profion dot cloud Colon three three four three seven. Oh, that's very clever. Okay I'm not sure how to pass that around just pass the machine around hoping no one steals it He is a security guy he didn't fall for that. Oh, that's a good idea. Let's try it. Let's try that show me Not count Let's do right, so that's fine Okay There we go, that's better isn't it good good thinking by a Finnish gentleman at the back. I'm guessing there we go Geetos That's what one of my three words of a finish everyone I'm used to know how to order reindeer and beer in finish. Those are the only other things that are useful There's lots of other good things in Finland to be clear So hopefully and you will of course need to oh do you need to try and go back to that you will of course need to Accept the certificate, but hopefully you can you can connect I've people anyone actually managed to connect to the word will chrome Clone yeah, excellent Let me know if you if you guess the quest guess the actual thing But doesn't really make a difference the point is that this is an application written in rust compile to web assembly And you can you can go and you can do this yourself Try dot n-arcs dot dev any time you want okay? And we encourage you to do so the fact that it is actually working Suggested demo. God's has smiled on me and I The coffee that I bought for Patrick this morning was of the what needed to happen So, um, right, what's the people playing with that? We've got about 10 minutes of questions 10 even 15 minutes for questions. Is it? Excellent, so I I've let me just finally finish off the last couple of slides whilst people are playing with that and Oh Yes, I have a book out which talks about many of these things It's called trusty computer systems in the cloud published by Wiley in 2021 if you're interested in this sort of stuff kind of from first principles And you need a way to get sleep at night then feel free to to get hold of this N arcs dev is well where you'll find this Profit.com and that's my LinkedIn if anyone wants to do that in the meantime I'm open for questions, please and if there's any difficult questions I'll get Roman to answer them or Patrick. So that's great. Please excellent, thank you Okay, so the the the question said was this animal said says My cliff much. Yes. Sorry. I'm saying that he's not a trusted computing expert himself But as far as he's away, you need to be careful with things like branching, etc When you're doing these things So that depends partly on what you're doing. That's certainly very true of homomorphic encryption, for instance less true of Confidential computing Although there are some mitigations that you you you can be doing. It's not something we've Side-channel attacks are a concern in all of these use cases, of course, right? There are more concerns actually on things like constant time crypto, which is something that we're we're working on In in the implementations that we're doing we haven't implemented it yet, but we've we've designed it something we can do The again, one of the things that we do is we allow we allow you to make sure that your Application is confidential from the host so they can't tell what you're doing Which means it's much more difficult for them, of course to be guessing what you're doing particularly if it's a standard computing piece of computing Application so Yes, there are trickinesses there I think it's generally less of problem in the confidential computing world and particularly again if you're taking if you say that you want to make sure That what you're doing is confidential as well but is there's a lot of research going on this area and Yeah, keep an eye on it Like So saying that the the extensions the CPU is is basically a different set of Execution modes within the standard CPU Yes, exactly how they're implemented depends very much on On the chip manufacturer When they just provide separate chip, right? Yeah, so other other chip So arm had a mode called trust zone, which is a different again So that doesn't meet the trust on its own doesn't meet the requirements for being a trust execution environment on its own Although it is possible to build one Opti does something a bit like that. We chose not to support it because of a number of Restrictions on what we were looking to do and we spoke to one about it They said, yeah, we'll actually work wait for the CCA realm stuff and that's why we chose to do that Yeah, any other questions from anyone else, please Janne put in the back a tricky one. Okay So the question is For Intel SGX we rely on close source especially microcode from from Intel to provide some of the capabilities Do I know if Intel Will allow other people to provide that microcode? My answer that question is I don't know and even if I did it would be under NDA I think it's worth talking to Intel about this One thing I can say is I hardly recommend that all chip manufacturers who are providing this Open source all of it all the way down to the hardware of it all possible But certainly the microcode level and we are seeing that I think from arm for instance So I hardly recommend anyone Working for these chip people or if they have any say with them to encourage more open source down to the firmware level I think it's really important For us to be able to do this. I should be clear that the attestation Measurements that we do always do Do cryptographic measurements of both the hardware and that firmware and that micro so John all my microcode on all platforms So we can be sure it is the right stuff, but we can't be sure exactly what's in it because it's a generally close source Very good point. There's another question towards the front here. Yes Yeah, okay great great question so example of how attestation works So I've kind of glossed over that because I wanted to talk about the main platform rather than the broader thing So profane we are a commercial company and we're providing attestation SAS services as part of what we do So the the model we we do is that It works like this There are three pieces there is the n-arcs runtime which actually sits on the host Okay, and that's the bit that sets up the trust execution from there was something Oh, yeah, we call that a keep we're we use castle metaphors and the keep is the sort of central part of a castle the safest bit place right we provide an attestation service called The the steward which is the person who hands out the keys in the castle And then we have a registry think docker hub type type thing called the drawbridge and that is where you put your applications They're encrypted so we can't see them other people can't see them So that's the drawbridge and that's where things are so first thing you do is you put your application in there, okay? You then contact the the host By running the n-arcs binary you might have got it there using a container You might have used whatever it is, but you've got it there It might just be a an OS provided package But you you started up with a slug with a basic URI pointing at a drawbridge instance and the particular application in that and the Cryptographic hash which is associated with that so as n-arcs runtime starts up It knows what to load, but it doesn't load it yet It starts up a trusted execution environment and puts part of itself into that Including the web assembly runtime, okay? So we now have a trusted execution environment where SGX or SEV or in the future realms or whatever it may be So we have that running, okay? It then asks the OS for an attestation measurement You're going to shout at me if I get this wrong out you Roman, please do So it asks it for an attestation measurement that is provided as a signed certificate chain basically with some information as well to the To the keep the keep then contacts the steward the attestation SAS service With a CSR with a certificate signing request Okay, which includes that attestation measurement and that you all right that slug Okay, so it then goes to this to the SAS service the steward the steward checks it gets known good versions of the keep a Chip Manufacturer information a whole bunch of stuff, right? So it checks that what's in there is what should be in there and what it provided it is what should have provided it if that is good it signs that certificate and Sends it back to the keep the keep then sends that certificate as part of an ACTPS or TLS Communication to the drawbridge the drawbridge uses the information in that a that it was correctly signed And therefore is running in a keep and be that it is a an application It knows about to release that application over that encrypted link to the keep the keep is then then ploys that application So we now know that we have the keep running With the application you want and that we've proved that what it is now that the final piece of cleverness here Is that we use that same certificate for all further communications transparent encrypting network comms? Which means that if you are another application or another component of an application Talking to that application in the keep, you know two things about it You know one that it is running in a keep because it's been signed by the attestation service and two You know that the application that you're talking to is the application you thought it it was So you can you've got some Really good to high levels of assurance about what you're talking to and the safety Confidentiality and integrity of that So that's kind of the the quick story, but that's that's what we're about We can run that in sort of air gap mode, etc. But generally it's a these are SAS services and if you're a large company You'd probably have your own drawbridge instance, but we'd be providing the SAS service Got another I think four minutes. Do we have? Five minutes more questions, please. I'm loving this The question was what's on the critical path between now and large-scale adoption? Well, we moved to Minimal viable product last month so customers So There's a number of things I guess so We are implementing a multi-threading Which isn't there at the moment Some of the networking is getting nicer and easier to use There's some crypto implementations that we want to make sure are tighter in the in the keeps themselves Web assembly needs to keep getting more mature, but it's doing very well there There's another thing which was an issue and isn't anymore and that's availability of the chips They're just out there now. You can get hold them pretty easily. Oh, sorry get hold of them pretty easily Both in clouds or you can buy by them for yourself final one is Upstreaming so the SGX Kernel pieces went in in 520 so they need to be I mean we can all go all of them But unless you know we need to get those into the into the distros obviously and the scv Stuff is not all up streamed We have if you want to be running this yourself at the moment Then we have kernel patches and compile kernels you can use to do that But we're working with the various people to make sure that all that stuff get gets upstream We we have you know kernel maintain it on the on the team who's working with those sorts of things So I think those are the main things anything else. I've missed I think those are the probably the things it runs now You can you can play with it now you can just do it and please please do and there's a If you delve further back into nrx.dev and oh, yeah, please give us a star You'll see that there's Lots of examples in different languages that you can play with I think this is probably the last question. I think let's Do do does that they need to be? Coded and web assembly about three people in the world coding web assembly It's it's it's it's a bytecode representation basically the answer is you code it in Almost any language you want and we have example C C++ JavaScript type script assembly script Rust go Python Blah and you compile it and for most of those languages are very easy to compile There's some quite a bit of work and we're working with upstream on those for some of them as well But no you can write in many different languages Compile to web assembly and you're good to go and you'll find instructions instructions on nrx.dev So oh what very very quick question Yeah example of work like that runs on nrx it's early day still but The sort of things we we have customers looking at is if they've got a large a large stack and Microsoft's in their particular parts that are dealing with for instance, PII personal identifiable information or credit cards or risk management or fraud management or Those sorts of things running them in in those sorts of use cases is a good one their number actually one thing I should have talked about is that actually some really interesting hopefully homomorphic encryption and Multi-party computation use cases which are really complimentary and work really really well with confidential computing And we're definitely talking about those sorts and so things like research Pharmaceutical research where they're taking lots of patient data, but the patient data can't be given to them We can do those sorts of things as well. That's some really exciting stuff Anyway, thank you so much for your time had great great time great questions any questions Find me linked in find me later on find me around the conference and thanks for your time