Traditionally, when you run a workload in a VM, container or in a serverless environment, that workload is vulnerable to interference by any person or software with hypervisor, root or kernel access. That turns out to be quite a few people one has little choice but to trust, both in the cloud, of course, but also on one’s own hardware.
The Enarx project aims to mitigate this by leveraging the hardware-based security properties offered by the Trusted Execution Environments (TEEs) found on recent CPUs. Enarx will make it simple to deploy workloads to a variety of TEEs in the public cloud, making it possible to deploy confidential workloads to third party servers without needing to relinquish trust to those who operate them.
We’ve known for a long time that we need encryption for data at rest and in transit; Enarx helps you do encryption for data in use.
Enarx handles two crucial aspects of using TEEs: attestation and delivery of an application into a run-time, what we call a “Keep”.
CPU-architecture independent, Enarx enables the same application code to be deployed across multiple targets, abstracting issues such as cross-compilation and differing attestation mechanisms between hardware vendors.
Applications deployed to Enarx are based on WebAssembly, offering developers a wide range of language choice for implementation and eliminating the need to rewrite the application for a particular platform or SDK. Work is currently underway on AMD SEV and Intel SGX. The Enarx project is open source and looking to expand our community involvement.
Axel Simon (Red Hat)
Axel is part of Red Hat’s office of the CTO where he works on blockchains, security and the open source project Enarx, combining his long-standing interest in free and open source software with distributed protocols and systems, among which the Internet.
He has studied economics, “done agile”, talked in front of the French Senate, been involved in open source communities for over a decade and is active in helping protect the Internet and its many wonders (knowledge sharing, access to information, decentralisation, Net neutrality).