Confidential Computing
Confidential Computing protects sensitive data, code, and secrets even against root users having complete control over operating systems and hypervisors. In this way, one can extend the benefits of cloud computing to sensitive workloads like processing electronic health records. It can also be used to protect intellectual property or for secure collaboration between partners. Dive deep into confidential computing with this comprehensive module, where you'll explore everything from foundational principles to advanced techniques. Gain hands-on experience with SCONE, SGX, and cloud-native solutions as you learn to develop secure applications, optimize performance, and manage complex security policies. Whether it’s mastering attestation, implementing zero trust architectures, or managing encrypted data with Vault and HSM, this course equips you with the skills to tackle today’s most pressing security challenges. By the end, you’ll be ready to implement robust confidential computing solutions in real-world scenarios.
Organization
| Schedule and Location |
Times and rooms may still change! Lecture
Excercise (we are trying to get a new time slot)
Import Calendar: [Opal] |
| Starting date |
Lecture: 16.10.24 |
| People | Lecturer: Christof Fetzer |
| Q&A | Opal |
| Language | English |
| Hours per week | 2/2/- SWS |
| Registration | Please register in SELMA and Opal |
| Final exam | Written exam: TBA |
| Modules | INF-BAS4, INF-VERT4, INF-LE-Eul, INF-DSE-20-E-PODS, NES-11 06 06 Systems Engineering |
|---|
Material for Lectures and Exercises
- TBA
Lecture Slides
| Date | Lecture slides | Lecturer |
| 16.10.2024 | Problem Description & advantages of confidential computing (all Slides can be downloaded via OPAL) | Prof. Fetzer |
| 23.10.2024 | Terminology & Threat Model | Prof. Fetzer |
| 30.10.2024 | SCONE Attestation | Prof. Fetzer |
| 6.11.2024 | Local Attestation: SGX | Prof. Fetzer |
|
13.11.2024 |
Remote Attestation: DCAP | Prof. Fetzer |
| 20.11.2024 | Encrypted Memory & Performance | Prof. Fetzer |
| 27.11.2024 | Prof. Fetzer | |
| 04.12.2024 | Prof. Fetzer | |
| 11.12.2024 | Prof. Fetzer | |
| 18.12.2024 | Prof. Fetzer | |
| 05.01.2025 | Prof. Fetzer | |
| 12.01.2025 | Prof.Fetzer |
Exercises
| Date | Exercise Slide | Tutor | Remark |
| 17.10.2024 | Exercise 1 - Introduction on Confidential Computing - Simple program using SCONE |
Ardhi | |
| 24.10.2024 | Exercise 2 Technical Concepts of Attestation in Confidential Computing (Intel TDX and Arm CCA) |
Usama | |
| 07.11.2024 |
Exercise 3 |
Ardhi | |
| 14.11.2024 |
Exercise 4 |
Huyen | |
| 21.11.2024 | Exercise 5 SCONE Attestation |
Usama | |
| 28.11.2024 |
Exercise 6 |
Pubudu | |
| 5.12.2024 | Exercise 7 Building Confidential Images & Applications Flask Demo |
Robert | |
| 12.12.2024 | Exercise 8 Installing CAS(Using kubectl plugin) Exercise-ceremony-website Assignment- 1 - Multi-Stakeholder Application |
Julius | |
| 19.12.2024 | Exercise 9 Exercise-ceremony-website-determine-state-of cluster Software Updates |
André | |
| 09.01.2025 | Exercise 10 Protecting Pooled Data Using Confidential Computing Network Shield |
Pubudu | |
| 16.01.2025 |
Exercise 11 |
Julius | |
| 23.01.2025 | Exercise 12 Setup a Central CAS Signing Flow |
Huyen | |
| 30.01.2025 |
Exercise 13 |