 Okay, hi guys on the open instructor summit Welcome to join us in this session. How are you today? This is Yoon-Tung from Alibaba Cloud I have attended many of the open stack and open structure summit before But this is like the first time the summit is on virtual Thanks for the foundation to make this happen in this very difficult and special time I'm honored to be here with my colleague Tian Liang and Hongjia to present this topic Towards in-clave as a container with in-clave containers and Ocrum We will start with talk about the current status and the challenges of the security with container and then introduce a new open source project in cloud containers and How this project will help address the security of container and Then Hong Liang will talk about the Ocrum and how to use Ocrum in in-clave to achieve in-clave as a container solution Finally, we will have a demo from Tianjia will show the in-clave as a container solution works We are in a cloud cloud computing era as the cloud computing moving fast and more and more key service and High-value data are moving into cloud from on premises to public and to to edge The security of data in the cloud has become a real challenge Security is a top-of-one challenge when deploy containers as well as Ensuring the security of data to have a better security of container There are many open source project in the industry I believe that many of you know Kata container project. It's also an open-stack foundation project Kata container build a security container runtime with a lightweight virtual machine to have a stronger Workload isolation as a secondary of defense it has the speed of container and The security of virtual machine Kata container is a very successful project and it's been used widely by many of our end user Chivisa is another project with another method to improve the isolation of containers By providing each container with its own application kernel Chivisa limit is the attack service of the host and the other containers Chivisa runs a modified binary and integrated with container orchestration ecosystem such as a Docker and the Kubernetes Well, there are many other project over source project We don't need to go through each of them But we get a general idea The security Of content the secure container is all about isolation It assumes that the workload in the secure container is untrusted And then enhance the isolation by either virtual machine or a separate kernel Which will protect other application in other containers especially under multi tennis in the cloud But when it comes to how to protect the sensitive or high value data in the container It's a very different requirement Well, the workload is trusted And Confidential container is to protect that the trusted application cannot be steered and substituted by malicious application and protect high value and sensitive data So what is confidential containers and how it can protect the data in container We know that the that data has a straight status throughout it is like cycle at rest Which data is static? In transit Which data is in transmitting And in use which data is in calculation To protect the security of data at rest or in transit can be relatively easy Encrypt the files or encrypt the entire storage File storage can protect data at rest Data in transit means the data Move is moving from one place to another place through the public or private network User can encrypt files before transmission Or use a security transmission protocol such as HTTPS SSL TRS However Data in the user state has not been protected very well for a very long time until the emergency of confidential computing Confidential computing as the CCC status Is protect data in use by performing computation in a hardware-based trusted execution environment Which we call GE This security and isolated environment prevent and Solarized as access or modification of application and data while in use Therefore increasing the security assurance of sensitive data The security and isolated environment to use to run the trust application is called Encrypt The encrypt of The core function of confidential computing Is to protect the confidentiality Integrity and the security of data in use Now what is the encrypt? Encrypt in general means a territory that is entirely surrounded by the territory of one other state Which means there's no way that the other state can visit an enclave by illegal methods How the enclave works? Let's take an inter-SJX TE for example An application is separated in two parts A security one and a non-security one The application launches the enclave which is placed in a protected memory When the enclave function is called only the code within the enclave can see its data External access are always denied When it returns enclave data stays in the protected memory To build an enclave rely on the trust execution environment in hardware Each platform may have a different solution For example, Intel has SJX on Skylake platform ARM has trust resumed AMD has set TE solution Well, confidential computing Have many use cases Such as blockchain Key management Financial AI Multi-party calculation Data lease Edge computing Take a multi-party calculation for example Different users or vendors share their data with each other in order to Calculation together But they don't Want to disclose their own data to each other Confidential computing can protect the shared data running in the TE And the data is encrypt in memory to ensure that the data will not be leaked and shared by Each other Confidential computing Is going to be a key technology to help customers move their critical workload with sensitive data to the cloud And enclave containers Is able to bring the confidential computing into cloud into container ecosystem And simplify the deployment, deliver and management of trust application Enclave container is an open source project that is initiated by Alibaba cloud and Glove and Intel It implements an enclave OCI runtime Enclave is a Latin word of enclave Enclave is a Latin word of enclave Enclave container has three key components Shimruanyi And Shim On top of that Is an enclave runtime API With that API, the enclave runtime like Occlum, Graphany Can be integrated with Enclave containers Enclave runtime like Occlum is a live OS That the trust application will build on that Recently, with approved by all CITOB Enclave container is now officially an OCI runtime implementation just like RunC and Cutter containers This is the architecture of enclave Enclave containers Enclave container can be integrated with Kubernetes and doc similes Let's take Kubernetes for example Kubernetes will call kubelat kubelat will call the container D And container D will interact with Shimruanyi Shimruanyi is a shame for Enclave OCI runtime It implements Shimruanyi v2 API And works between container D and RunE Besides a typical Shimwork Shimruanyi also conducts Enclave signature and remote attestation Shimruanyi and RunE can compose a basic Enclave container stack for the cloud native ecosystem And Shimruanyi will interact with RunE RunE is an Enclave OCI container runtime Which is responsible for loading and running protected applications inside Enclave The interface between RunE and Enclave runtime is Enclave runtime for API With this API that Enclave runtime like Libos can be Integrate with Enclave containers One typical Enclave runtime implementation is based on Libos Currently, the default Enclave runtime of the RunE is Occlub Occlub is a memory-safe, multi-process library OS for inter-SJAX In addition, you can write your own Enclave runtime with any program language and SDK And as long as it implements Enclave runtime for API Enclave runtime also supports Kubernetes runtime class features Which is for selecting RunE container runtime in Kubernetes and Docker by configuration Enclave container project kick-offed in December last year and open sourced in this mail It is first release way 0.1. In this release, it implements OCI runtime called RunE and support Occlub With co-operation from Intel, it supports Intel as JAX TE solution The project has a monthly release Since then, in October, it achieves a milestone of v0.5 release In this release, it supports key management and Enclave container orchestration by Kubernetes Moving forward, in the next April, it will achieve another milestone It will achieve another milestone with 1.0 In this release, it will have three key features The first one is it will support virtual machine-based TE solution like C, Intel, TDS The second one is it will support Kubernetes cluster signature and attestation And the third one is it will support TE language like Wasserman, as JAX Confidential computing create a step Create a trusted execution running time And Enclave container build a container on top of that To achieve a real Enclave as a container, Occlub will pay a key role in this solution The next Hongliang will give us an introduction of Occlub Thanks, Yingtong Hello, everyone. I'm Hongliang Tian. I will present the next section So like other container run times, Enclave containers relies on OS to run programs One such OS is Occlub, a multi-process Enclave OS especially suited for Intel SJS Thanks to the Enclave, the trusted apps inside the Enclave are strongly isolated from whatever outside the Enclave, including the potentially malicious host OS, for example Linux. As the host OS is entrusted, the apps inside the Enclave cannot and should not use the host OS directly. This is why an Enclave OS like Occlub is needed Occlub provides the much needed system calls to the trusted apps Occlub implements most of the common OS functionalities like virtual memory management, process management, inter-process communication, file systems, network, etc. These functionalities are either implemented completely inside Enclave or partially dedicated to the host OS without harming the security of the Enclave. For example, file IO to the host OS is encrypted to prevent data leakage. Occlub has four major features. The first one is easy to use Occlub enables a beginner to get started with confidential computing by just learning a few simple commands. With Occlub, a user can now port an app into Enclave without modifying its source code. This greatly reduces the development cost of Adobe Enclave technologies The second one is efficient multitasking. Occlub offers lightweight processes that have low startup latency and efficient inter-process communication. The third one is the support of various file systems including encrypted file system, integrity protected file system, in-memory file system, host file system, etc. The fourth one is memory safety. Occlub is the first and still the only Enclave OS that is written in a memory-safe program language like Rust. The memory safety means that a wide range of common security vulnerabilities like buffer overflow is eliminated for free. We believe the memory safety of Occlub is important to Enclave-based apps due to their nature of being security critical. The Occlub product was open sourced in March 2019. A companion research paper was published in March 2020 to report the normal aspect of this product. The product itself is being developed rapidly, releasing a new version each month. Last month, this project has reached an important milestone. We have contributed the project to the Confidential Computing Consortium or CCC, which is a Linux Foundation project and community that is dedicated to Confidential Computing. By contributing the product to CCC, we believe Occlub can benefit more users and gain more momentum to its development. Well, thanks, Hongliang. Now we have a demo from Tianjia. This demo will show us how to achieve Enclave-based container with Enclave and Occlub solution. Hello, everyone. I'm Tianjia Zhang. Let me show a demo for you. This demo shows the use of runtime to run a dog image of a web server. At first, log into a machine with a basic environment. This demo consists of three steps. The first step is to build an Occlub image. First, enter the dog image provided by Occlub project, taking a web server and an example. It will provide a web server on port 8090 and respond to JSON-formatted data upon own requesting PIN. Here is the server code implemented with Golang. Then compile it and generate binary file, build and run. The Occlub image will be built before running. Okay, you can see the image build and run have been successful. The second step is to build the dog image. We output the Occlub image and the raw material for building the dog image. This is the dog file. The container is very simple. Just copy the Occlub image on a basic image and set a corresponding entry point. Execute the dog build to build the dog image. The third step is to run newly built dog image and make port 8090 in dog to the host. Here we run dog in the background. Use the card to send the request. You can see the expected output. Okay, let's complete our web server in SGX. So simple, so amazing. Thanks. Thanks, Tanya, for the great demo. Well, we have the ambition to we have the ambition to bring computation computing into cloud ecosystem and simplify the development, development and management of trust application. But this is not an easy job. From this system architecture, we can see that a cloud native computation computing environment involves the whole system stack. From the bottom T solution of hardware to operating system and visualization. From the resource management of Kubernetes to container runtime like in cloud containers. From the live OS like Occlub to the runtime like Dragonware. The cloud native computation computing interesting interest group in open analysis community hope to include in cloud container Dragonware project working with other open source community and industry to build a cloud native computation computing ecosystem. We are in a cloud native era. We believe that in cloud containers will pay a key will be a key technology as a cloud native moving forward. We are at the beginning of this general and we are welcome to join us to make this mission moving fast and get real. Thank you.