Loading…
Shanghai, China
June 24–26, 2019
Click here for more information and registration

Simultaneous translation will be provided for all keynote and breakout sessions.
我们将为所有主题演讲和分组会议提供同声传译服务。

To view the Chinese version of this schedule please go here.
请点击此处查看中文版本。

Venue + Sponsor Showcase Map
场馆 + 赞助商展示区地图
Back To Schedule
Wednesday, June 26 • 11:20 - 11:55
Secure Container with SGX: Protecting Secret in Cloud Environment - Isaku Yamahata, Intel & Xiaoning Li, Alibaba

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
In cloud computing container is widely adapted, but its isolation is weak. It's important to protect secrets even from cloud service provider. Software Guard Extention(SGX) provides Trusted Execution Environment(TEE) where only Intel and SGX implementation is trusted with untrusted OS/VMM/BIOS. It
requires to modify applications which is sometimes difficult for various reasons. Ideally unmodified user binary can run in SGX enclave.

In this talk, Library OS to allow unmodified binary to run within SGX TEE is introduced. It hooks system call by replacing shared library. Go is most popular language for cloud native applications with
uniqueness to use static link. We enhanced Graphene LibOS to support golang binary and hardened it for production use. We will share our experience to add golang support to Graphene-SGX LibOS and our future plan.
Speakers
avatar for Isaku Yamahata

Isaku Yamahata

Software engineer, Intel
Isaku Yamahata is a Software architect in the Open Source Technology Center, Intel. His main focus is virtualization technology, network virtualization as Software Defined Networking for multiple years. Isaku is an active on Graphene LibOS and OpenStack Neutron (networking) and has... Read More →
XL

Xiaoning Li

Chief Security Architect, Alibaba
Xiaoning Li is Chief Security Architect at Alibaba Cloud. Previously he was a Security Researcher and Architect at Intel Labs. Focused on analyzing/detecting/preventing 0 day/malware with existing/new processor features. For the past 10+ years, his work has been focusing on both hardware/software... Read More →

kubecon china 2019 graphene sgx golang final pdf
Wednesday June 26, 2019 11:20 - 11:55 CST
618
  KC+CNC - Security + Identity + Policy