WEBVTT 00:00.000 --> 00:10.000 Hi everyone, welcome to the first them Devroom of this year and very happy you all could make 00:10.000 --> 00:15.000 it, it's cool to see that the room now filled up even like half an hour before, while I think 00:15.000 --> 00:22.000 four years ago we were happy if we could fill the room, but it's really nice to see everyone. 00:22.000 --> 00:27.000 Quick introduction to us, maybe it's definitely for beyond or you can stand up. 00:27.000 --> 00:32.000 So I'm Fritz, this is Fabiano, this is you, this is Stefan. 00:32.000 --> 00:39.000 Elario also joined our team, Elario did a lot of work for the social events, but I don't see her right now here, 00:39.000 --> 00:43.000 but she'll be at some point and then she can wave at everyone. 00:43.000 --> 00:50.000 And last year or last year it was just Fabiano and you and me, but now we got Stefan in Elario to help, 00:50.000 --> 00:56.000 which has been great, so it's really nice to not have everything on one or two people here. 00:56.000 --> 01:01.000 So I'll be quick, with some quick introduction and then we'll start today, 01:01.000 --> 01:08.000 because I want to just level set everyone and help us all understand the kind of common scene, 01:08.000 --> 01:12.000 so that we don't have to reiterate the same thing at every talk. 01:12.000 --> 01:18.000 So we here for confidential computing and there are many definitions, 01:18.000 --> 01:23.000 especially now that it has become a little bit mainstream, 01:23.000 --> 01:29.000 many CSPs are using it, many folks are using it from all of the marketing people. 01:29.000 --> 01:35.000 We'll use the terminology from the confidential computing consortium, 01:35.000 --> 01:41.000 that is not out of nothing, we also partially involved with that consortium, 01:41.000 --> 01:45.000 so it makes sense to be close to that terminology. 01:45.000 --> 01:48.000 According to that definition, 01:48.000 --> 01:54.000 your computing is the protection of data in use by performing computation in a hardware based, 01:54.000 --> 01:57.000 a tested trusted execution environment. 01:57.000 --> 02:01.000 Now I highlighted some pieces of this because if you remove one of them, 02:01.000 --> 02:03.000 it's not confidential computing anymore. 02:03.000 --> 02:06.000 For example, a station is a core part, hardware based, 02:06.000 --> 02:11.000 hardware root is also a core part in this definition of confidential computing. 02:11.000 --> 02:16.000 You can't just do something in software and pretend now it's committed to computing, 02:16.000 --> 02:21.000 you need the hardware, you need to root it in something and have it. 02:21.000 --> 02:29.000 And kind of this TE term, of course, is the end result of that. 02:29.000 --> 02:32.000 There are multiple properties, 02:32.000 --> 02:36.000 some are shared between all of them, 02:36.000 --> 02:39.000 and then depending on what the use case you have, 02:39.000 --> 02:41.000 you may have some additional properties, right? 02:41.000 --> 02:45.000 So data confidentiality and integrity is the core piece of it, 02:45.000 --> 02:47.000 and then also code integrity. 02:47.000 --> 02:49.000 You don't want your code to be tempered with, 02:49.000 --> 02:51.000 or your data to be tempered with, 02:51.000 --> 02:54.000 and also you want your data to be secret. 02:54.000 --> 02:57.000 Depending on what use case you have, this scenario. 02:57.000 --> 03:02.000 You like it when you see it, you can hear it. 03:02.000 --> 03:03.000 Thank you. 03:03.000 --> 03:08.000 Depending on the use case you have, 03:08.000 --> 03:11.000 you may also want to have code confidentiality, 03:11.000 --> 03:16.000 but that is not the property shared by all of the confidential computing solutions that we have, 03:16.000 --> 03:17.000 right? 03:17.000 --> 03:20.000 Some people may probably see that, but that doesn't mean it's always existing. 03:20.000 --> 03:22.000 Same like a testability actually, 03:22.000 --> 03:25.000 you can have some variation of this, 03:25.000 --> 03:27.000 and so that's why I put it into contextual, 03:27.000 --> 03:30.000 it may depend on what you want to test, et cetera. 03:30.000 --> 03:33.000 And so I'll leave it in the new that at that, 03:33.000 --> 03:39.000 and I will just now go on to saying a little bit of what different technologies we have out there, 03:39.000 --> 03:42.000 to give you a quick overview of the landscape, 03:42.000 --> 03:44.000 and then you'll see in a minute why I do that, 03:44.000 --> 03:47.000 because we can map it nicely onto the talks. 03:47.000 --> 03:53.000 So there's different technologies that do isolation on different levels of the software stack, 03:53.000 --> 03:54.000 right? 03:54.000 --> 03:57.000 So in the last JX, it's the thing that has been, 03:57.000 --> 04:01.000 or the enclave technology that has been out for quite some years nowadays, 04:01.000 --> 04:05.000 and that's isolation on a library and application data level, 04:05.000 --> 04:08.000 where you build on top of an untrust of the OS, 04:08.000 --> 04:12.000 and then you only shields the core enclave, 04:12.000 --> 04:14.000 the core application data. 04:14.000 --> 04:16.000 A different technology is untrustable, 04:16.000 --> 04:19.000 which has existed for quite some years already, 04:19.000 --> 04:23.000 and here you have the SQL address type of shielding, 04:23.000 --> 04:26.000 where you have a secure route that you switch to, 04:26.000 --> 04:29.000 when you want to go into your secure states. 04:29.000 --> 04:32.000 You have one untrustable and one secure one. 04:32.000 --> 04:35.000 And now similar to kind of this VM or world, 04:35.000 --> 04:37.000 like view we have new technologies, 04:37.000 --> 04:41.000 like RCCA, AMD, SCVS and P, or JTDX, 04:41.000 --> 04:44.000 that do the shielding on a similar level, 04:44.000 --> 04:47.000 but you can do multiple of these secure routes at the same time. 04:47.000 --> 04:51.000 So you have a whole guest address in your shielded environment. 04:51.000 --> 04:53.000 You can have container run times on top. 04:53.000 --> 04:55.000 We have lots of talks today on that, 04:55.000 --> 04:58.000 and then you can run applications on that. 04:58.000 --> 05:02.000 So these are different levels of isolation that you can spin up. 05:03.000 --> 05:06.000 And let's try to map that now onto our devrim schedule. 05:06.000 --> 05:08.000 Now I did this last year and it worked great, 05:08.000 --> 05:10.000 because we had a little diversity stack, 05:10.000 --> 05:12.000 but you can already see a little bit here, 05:12.000 --> 05:14.000 what I needed to make most space for, 05:14.000 --> 05:17.000 because most of the things we do today, 05:17.000 --> 05:20.000 and the most of the talks we have today, 05:20.000 --> 05:23.000 are on the VM type level. 05:23.000 --> 05:25.000 And I think that just shows a nice trend, 05:25.000 --> 05:28.000 and I guess next year I will need to find a different way 05:28.000 --> 05:31.000 to depict them to differentiate ourselves, 05:31.000 --> 05:33.000 because most of the talks we have are on that. 05:33.000 --> 05:35.000 And we only have two talks this year, 05:35.000 --> 05:40.000 one on the SDX level still. 05:40.000 --> 05:42.000 And then I was told, 05:42.000 --> 05:44.000 Spock risk 5 doesn't really fit anywhere, 05:44.000 --> 05:46.000 so I'll just put it squarely. 05:46.000 --> 05:47.000 And let's see, let's see, 05:47.000 --> 05:48.000 let's see the talk yet. 05:48.000 --> 05:50.000 So let's see where it fits. 05:50.000 --> 05:53.000 I'm actually a little bit faster, that's good. 05:53.000 --> 05:56.000 So that gives me some time to just take a look at, 05:56.000 --> 05:58.000 wow, we're going with this, right? 05:58.000 --> 06:02.000 So last year, we had 25 submissions, 06:02.000 --> 06:03.000 and they accepted. 06:03.000 --> 06:06.000 That was, we were happy to see that we were growing. 06:06.000 --> 06:09.000 This year we had 15 submissions, and I accepted. 06:09.000 --> 06:14.000 This first glance looks less submissions than we had last year. 06:14.000 --> 06:18.000 But we were also working together with the 06:18.000 --> 06:19.000 a station bedroom, right? 06:19.000 --> 06:22.000 And we were able to kind of separate talks 06:22.000 --> 06:24.000 between the station and conventional computing, 06:24.000 --> 06:27.000 and they had 23 submissions and they accepted. 06:28.000 --> 06:31.000 And nightly enough, we also had at least two hours 06:31.000 --> 06:34.000 to see where the talks are listed in a second. 06:34.000 --> 06:36.000 In the rooms that are not in hours, right? 06:36.000 --> 06:39.000 So I'm very happy to see that we're growing. 06:39.000 --> 06:41.000 We have 40 submissions related to 06:41.000 --> 06:43.000 computer computing at least. 06:43.000 --> 06:46.000 And somehow for them now, who's 19 talks, 06:46.000 --> 06:50.000 and maybe more than I didn't quickly be able to find 06:50.000 --> 06:53.000 based on some common keywords. 06:53.000 --> 06:56.000 So that's really cool, and I'm really happy to see that the community 06:56.000 --> 06:59.000 seems to be growing, and I'm really happy to see that 06:59.000 --> 07:02.000 also the open source experience isn't 07:02.000 --> 07:05.000 diminishing and slowing down. 07:05.000 --> 07:09.000 So this is the station bedroom schedule. 07:09.000 --> 07:10.000 Check it out. 07:10.000 --> 07:12.000 It's tomorrow at 8 a.m. 07:12.000 --> 07:13.000 I think 9 a.m. 07:13.000 --> 07:14.000 9 a.m. 07:14.000 --> 07:15.000 9 a.m. 07:15.000 --> 07:19.000 And you can also see it just in the schedule track. 07:19.000 --> 07:20.000 So go there. 07:20.000 --> 07:22.000 It's going to be some really cool talks here. 07:22.000 --> 07:24.000 I have some quick on other dimensions, 07:24.000 --> 07:28.000 because I just wanted to list these two talks that I did find 07:28.000 --> 07:30.000 that I'm not an hour at every room. 07:30.000 --> 07:33.000 So there is enabling a NVSEV technology in the 07:33.000 --> 07:34.000 Xeniprovisor. 07:34.000 --> 07:36.000 It's in the virtualization and cloud infrastructure 07:36.000 --> 07:38.000 at every room on Sunday. 07:38.000 --> 07:41.000 And then there's also a latest implementation of 07:41.000 --> 07:43.000 NVSEV S&P and OVMF. 07:43.000 --> 07:45.000 That's actually today, but you can always check out 07:45.000 --> 07:48.000 the recordings once they become available. 07:48.000 --> 07:50.000 And also, I wanted to give a big thanks 07:50.000 --> 07:54.000 in our class, or also people that submitted 07:54.000 --> 07:56.000 but couldn't be couldn't fit, because it's always a hassle. 07:56.000 --> 07:59.000 And then we always feel bad about rejecting some talks, 07:59.000 --> 08:01.000 but we're happy to have also some of them 08:01.000 --> 08:03.000 in the lighting room today. 08:04.000 --> 08:07.000 Thank you. 08:07.000 --> 08:11.000 Finally seeing how he's also presenting tomorrow 08:11.000 --> 08:12.000 in the virtualization direction. 08:12.000 --> 08:13.000 Great. 08:13.000 --> 08:17.000 Okay, so there's some overlap here between the 08:17.000 --> 08:19.000 Fookie here we have, and the virtualization 08:19.000 --> 08:22.000 developed tomorrow, that just shows that our community 08:22.000 --> 08:24.000 is starting to breach out into other domains, 08:24.000 --> 08:28.000 and it's not just us security nerds doing stuff anyway. 08:29.000 --> 08:30.000 Was that? 08:30.000 --> 08:34.000 This is a quick schedule, while Sal can come over here 08:34.000 --> 08:36.000 and get situated. 08:36.000 --> 08:41.000 And I'm very happy to, yeah, start the day with this. 08:41.000 --> 08:44.000 And we'll have, I think, around, 08:44.000 --> 08:48.000 let's see, ten minutes, always five to ten minutes 08:48.000 --> 08:49.000 between every talk. 08:49.000 --> 08:52.000 So the Q&A can reach a little bit into it, 08:52.000 --> 08:54.000 but then please give the speaker some, 08:54.000 --> 08:57.000 space to, to set up while we set up some QA 08:57.000 --> 08:59.000 and move in and out. 08:59.000 --> 09:02.000 And we'll also make sure that these five minutes 09:02.000 --> 09:04.000 people can freely move in and out 09:04.000 --> 09:07.000 because we also don't want to hog your hog our seats here. 09:07.000 --> 09:09.000 Okay, thanks everyone. 09:09.000 --> 09:11.000 Thank you.