Explore the concept of a WebAssembly (WASM) runtime for Function-as-a-Service (FaaS) protected by Trusted Execution Environment (TEE) in this conference talk. Delve into the challenges of confidential computing in cloud environments and learn how TEE provides hardware-isolated processing for secure applications. Examine the Inclavare project's cloud-native confidential computing container (CoCo) and its limitations, including cross-platform issues and performance overhead. Discover how WASM runtime addresses these challenges by offering a universal compilation target that is small, cross-platform, and cross-architecture. Gain insights into the architecture of WASM runtime, its fast boot capabilities, and the integration of Knative functions in TEE. Understand the potential of combining WASM, FaaS, and TEE for building a secure and flexible container runtime in cloud computing environments.
Overview
Syllabus
Intro
Confidential Computation
TEE was built for confidential computing
Different TEES are different
Virtualization for TEE client Architecture
TEE containers and Kubernetes
Working model for TEE containers
Cloud native TEE
Inclavare Project
Still Not Perfect
WASM Runtime in TEE
WASM Runtime Architecture
WASM Runtime Fast Boot
Knative Functions IN TEE
WASM Cloud in TEE
Taught by
Linux Foundation
Tags
Related Courses
-
WASM and Confidential Computing - Securing FaaS Functions
-
The Rise of Confidential Computing
-
Protecting WebAssembly Workloads with Confidential Computing and Trusted Execution Environments
-
CoCo-AS: First Confidential Computing Attestation Solution of CNCF
-
Container Runtime Support for SGX and TEE Environment
-
When Confidential Containers Meet Arm Confidential Computing Architecture
