SlideShare uma empresa Scribd logo

Redis-SGX: Dmitrii Kuvaiskii

Redis Labs
Redis Labs

The document discusses protecting Redis with Intel SGX. It begins with an overview of Intel SGX and how it can be used to protect Redis running inside an enclave. It then discusses using Graphene-SGX to port Redis into an enclave without code changes. It also describes adding network and filesystem shields to encrypt data in transit and at rest. The presentation concludes by discussing remote attestation and using an Intel SGX card to run Redis on encrypted hardware.

Tecnologia
1 de 64
Baixar para ler offline
RedisConf 2019 Redis-SGX: Towards Protecting Redis with Intel® SGX Dmitrii Kuvaiskii Intel, Research Scientist
RedisConf 2019 Disclaimers 2 Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more information go to www.intel.com/benchmarks. Performance results are based on testing as of 03.4.2019 and may not reflect all publicly available security updates. See configuration disclosure for details. No product or component can be absolutely secure. Configurations: an Intel® Xeon Platinum server with an Intel® SGX Card with Ubuntu 16.04 and Redis 5.0, connected to a memtier_benchmark client via a 1Gbps Ethernet. Testing was performed by Intel Labs on 03.4.2019. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at intel.com. Intel, the Intel logo, Intel SGX and Xeon are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. © 2019 Intel Corporation.
RedisConf 2019 Redis Security in Open Source Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use 3
RedisConf 2019 Redis Security in Open Source Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use Enterprise private network 4
RedisConf 2019 Public cloud Redis Security in Open Source Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use 5
RedisConf 2019 Redis Security in Open Source Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use Public cloud 6
RedisConf 2019 Redis Security in Open Source Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use Public cloud stolen 7
RedisConf 2019 Redis Security in Open Source Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use Public cloud stolen 8
RedisConf 2019 Redis Security in Enterprise Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use Public cloud 9
RedisConf 2019 Redis Security in Enterprise Version Data in Transit Data at Rest encrypted [ TLS ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use Public cloud 10
RedisConf 2019 Redis Security in Enterprise Version Data in Transit Data at Rest encrypted [ TLS ] encrypted [ FDE ] plaintext [ KVs in RAM ] Data in Use Public cloud 11
RedisConf 2019 Redis Security in Enterprise Version Data in Transit Data at Rest encrypted [ TLS ] encrypted [ FDE ] plaintext [ KVs in RAM ] Data in Use Public cloud stolen 12
RedisConf 2019 Redis Security in Enterprise Version Data in Transit Data at Rest encrypted [ TLS ] encrypted [ FDE ] plaintext [ KVs in RAM ] Data in Use Public cloud 13
RedisConf 2019 Redis Security in Enterprise Version Data in Transit Data at Rest encrypted [ TLS ] encrypted [ FDE ] plaintext [ KVs in RAM ] Data in Use Public cloud 14
RedisConf 2019 Redis Security in Intel® SGX Version Data in Transit Data at Rest encrypted [ TLS ] encrypted [ KVs in enclave ] Data in Use Public cloud encrypted [ ProtectedFS] 15
RedisConf 2019 Data at Rest encrypted [ TLS ] encrypted [ KVs in enclave ] encrypted [ ProtectedFS] Public cloud Redis Security in Intel® SGX Version Data in Use Redis enclave Network shield encrypted encrypted FS shield 16
RedisConf 2019 Redis Security in Intel® SGX Version Data in Transit Data at Rest encrypted [ TLS ] encrypted [ KVs in enclave ] Data in Use Public cloud 17 encrypted [ ProtectedFS]
RedisConf 2019 Redis Security in Intel® SGX Version Data in Transit Data at Rest encrypted [ TLS ] Data in Use Public cloud encrypted [ KVs in enclave ] 18 encrypted [ ProtectedFS]
RedisConf 2019 Data at Rest encrypted [ TLS ] Public cloud encrypted [ KVs in enclave ] encrypted [ ProtectedFS] Redis Security in Intel® SGX Version Data in Use Redis enclave Redis enclave Redis enclave Redis cluster bus 19
RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 20
RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 21
RedisConf 2019 Current Protection Mechanisms are Insufficient Redis process Malicious process Linux kernel KVM hypervisor 22 Intel® CPU
RedisConf 2019 Current Protection Mechanisms are Insufficient Redis process Malicious process Linux kernel KVM hypervisor 23 Intel® CPU
RedisConf 2019 Current Protection Mechanisms are Insufficient Redis process Linux kernel KVM hypervisor Rogue sysadmin Malicious process 24 Intel® CPU
RedisConf 2019 Intel® SGX Enclaves to the Rescue Redis enclave Linux kernel KVM hypervisor Rogue sysadmin Malicious process 25 Intel® CPU
RedisConf 2019 Redis process Intel® SGX Enclaves to the Rescue Linux kernel KVM hypervisor Rogue sysadmin Malicious process 26 Intel® CPU Redis enclave
RedisConf 2019 Reducing Trust Assumptions Classical Model Intel® SGX model Redis process Linux kernel KVM hypervisor HW CPU DRAM Attack surface Redis process Linux kernel KVM hypervisor HW CPU DRAM Redis enclave Attack surface 27
RedisConf 2019 Intel® SGX: Software Perspective Redis process I/O Code I/O Data Enclave Redis Code Redis Data 28
RedisConf 2019 Intel® SGX: Hardware Perspective Snooping/Injection/Replay Core Core Cache MC MEE CPU Package Trust Boundary Protected enclave data in DRAM Unprotected data in DRAM 29 Memory dump/cold boot attack
RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 30
RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 31
RedisConf 2019 Original With SGX SDK With Graphene-SGX § No data-in-use protection § Protected Redis § Tedious to port § Protected Redis § No changes to code Redis process Redis process Redis (modified) I/O (modified) Redis process Redis (binary) Graphene LibOS Moving Redis into Enclave 32
RedisConf 2019 Host OS (Linux) Platform Adaptation Layer Library OS Shared libs (glibc) Redis executable Graphene-SGX Library OS Linux System Call API ~ 300 Functions Host ABI ~40 Functions ~50 Linux System Calls User Kernel SGX Enclave 33
RedisConf 2019 Host OS (Linux) Platform Adaptation Layer Library OS Shared libs (glibc) Redis executable Graphene-SGX Library OS Linux System Call API ~ 300 Functions Host ABI ~40 Functions ~50 Linux System Calls User Kernel Enclave 34
RedisConf 2019 Host OS (Linux) Untrusted PAL Trusted PAL Library OS Shared libs (glibc) Redis executable Graphene-SGX Library OS Linux System Call API ~ 300 Functions Host ABI ~40 Functions ~50 Linux System Calls User Kernel ~40 SGX OCALLs Enclave 35
RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 36
RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 37
RedisConf 2019 Network and FS Shields Redis enclave plaintext write (tcp-fd, “EXISTS somekey”) Host OS (Linux) 38
RedisConf 2019 Network and FS Shields Redis enclave plaintext write (tcp-fd, “EXISTS somekey”) Network shield encrypted (TLS) Host OS (Linux) write (tcp-fd, “Bh&^ds4RtH@”) 39
RedisConf 2019 Network and FS Shields Redis enclave plaintext write (tcp-fd, “EXISTS somekey”) Network shield encrypted (TLS) Host OS (Linux) write (tcp-fd, “Bh&^ds4RtH@”) write (fs-fd, “EXISTS somekey”) plaintext 40
RedisConf 2019 Network and FS Shields Redis enclave plaintext write (tcp-fd, “EXISTS somekey”) Network shield encrypted (TLS) Host OS (Linux) write (tcp-fd, “Bh&^ds4RtH@”) File System shield encrypted (ProtectedFS) write (fs-fd, “EXISTS somekey”) plaintext write (fs-fd, “Bh&^ds4RtH@”) 41
RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 42
RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 43
RedisConf 2019 Public cloud Remote Attestation with Intel® SGX encrypted [ TLS ] encrypted [ KVs in enclave ] How do I know correct Redis runs inside true SGX enclave? 44
RedisConf 2019 Public cloud Remote Attestation with Intel® SGX encrypted [ TLS ] plaintext emulate SGX enclave 45 How do I know correct Redis runs inside true SGX enclave?
RedisConf 2019 Public cloud Remote Attestation with Intel® SGX encrypted [ TLS ] Redis Code CPU SGX Attestation Evidence = Measurement + Signature 46 Public key from Intel How do I know correct Redis runs inside true SGX enclave?
RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 47
RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 48
RedisConf 2019 Redis with Intel® SGX Card encrypted [ TLS ] 49
RedisConf 2019 Redis with Intel® SGX Card encrypted [ TLS ] Server in public cloud Host CPU Bridged network Intel® SGX Card Redis-SGX Redis-SGX Redis-SGX 50
RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 51
RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 52
RedisConf 2019 Intel® SGX: Enclave Memory Size Core Core Cache MC MEE CPU Package Trust Boundary Protected enclave data in DRAM Unprotected data in DRAM 53 128MB
RedisConf 2019 User-Level Swapping Redis process Redis enclave keys➞values Redis process Redis enclave keys➞values kv metadata user-level swapping (encrypted) § Based on Virtual Memory feature § ~700 lines of code § ~20% performance improvement 54
RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 55
RedisConf 2019 Conclusion 56 Intel® Xeon Platinum server with an Intel® SGX Card with Ubuntu 16.04 and Redis 5.0, connected to a memtier_benchmark client via a 1Gbps Ethernet. Testing was performed by Intel Labs on 03.4.2019.
RedisConf 2019 Conclusion Data in Transit Data at Rest encrypted Redis-SGX Data in Use encrypted § Intel® SGX: https://software.intel.com/en-us/sgx § Graphene-SGX: https://github.com/oscarlab/graphene § Redis-SGX: [ TBD ] 57
Thank you!
RedisConf 2019
RedisConf 2019 Why SGX and Redis? Intel® SGX Card • Security: Intel® SGX (HW-based) • Scalability: Three SGX-enabled CPUs Redis • Data store (confidentiality of stored data) • Network-based (attestation of platform) • Cluster mode (scale-out) • Clean C code 60
RedisConf 2019 encrypted msgs Network and FS Shields Redis enclave plaintext Network shield File System shield plaintext client server “client hello” “server hello” + cert client hello key exchange TLS protocol 61
RedisConf 2019 encrypted msgs Network and FS Shields Redis enclave plaintext Network shield File System shield plaintext client server “client hello” “server hello” + cert client hello key exchange TLS protocol MHT protocol M H0D0 D1 H1D2 D3 H2D4 D5 62
RedisConf 2019 Public key from Intel SGX attestation evidence Remote Attestation with Intel® SGX encrypted [ TLS ] Redis Code CPU encrypted msgs “client hello” “server hello” + cert + evidence client hello key exchange TLS self-signed certificate TLS certificate is tied to SGX attestation certificate TLS certificate ties SGX attestation evidence to current TLS session Verify measurement and signature 63 How do I know correct Redis runs inside true SGX enclave?
RedisConf 2019 Public cloud Data at Rest encrypted [ TLS ] encrypted [ FDE ] Redis Security in Enterprise Version plaintext [ KVs in RAM ] Data in Use Redis process TLS wrapper process plaintext encrypted OS/driver encryption encrypted plaintext 64

Recomendados

Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
Phil Estes
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
Volodymyr Shynkar
 
Presentation de NeuVector 5.0
Presentation de NeuVector 5.0Presentation de NeuVector 5.0
Presentation de NeuVector 5.0
SUSE
 
Xen Debugging
Xen DebuggingXen Debugging
Xen Debugging
The Linux Foundation
 
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Vietnam Open Infrastructure User Group
 
Ceph Performance and Sizing Guide
Ceph Performance and Sizing GuideCeph Performance and Sizing Guide
Ceph Performance and Sizing Guide
Jose De La Rosa
 
NVIDIA vGPU - Introduction to NVIDIA Virtual GPU
NVIDIA vGPU - Introduction to NVIDIA Virtual GPUNVIDIA vGPU - Introduction to NVIDIA Virtual GPU
NVIDIA vGPU - Introduction to NVIDIA Virtual GPU
Lee Bushen
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices
Nebulaworks
 

Recomendados

Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
Phil Estes
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
Volodymyr Shynkar
 
Presentation de NeuVector 5.0
Presentation de NeuVector 5.0Presentation de NeuVector 5.0
Presentation de NeuVector 5.0
SUSE
 
Xen Debugging
Xen DebuggingXen Debugging
Xen Debugging
The Linux Foundation
 
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Vietnam Open Infrastructure User Group
 
Ceph Performance and Sizing Guide
Ceph Performance and Sizing GuideCeph Performance and Sizing Guide
Ceph Performance and Sizing Guide
Jose De La Rosa
 
NVIDIA vGPU - Introduction to NVIDIA Virtual GPU
NVIDIA vGPU - Introduction to NVIDIA Virtual GPUNVIDIA vGPU - Introduction to NVIDIA Virtual GPU
NVIDIA vGPU - Introduction to NVIDIA Virtual GPU
Lee Bushen
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices
Nebulaworks
 
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Vietnam Open Infrastructure User Group
 
Introduction to Helm
Introduction to HelmIntroduction to Helm
Introduction to Helm
Harshal Shah
 
Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...
Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...
Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...
Henning Jacobs
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
AWS Germany
 
Introduction to rook
Introduction to rookIntroduction to rook
Introduction to rook
Rohan Gupta
 
HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)
Linaro
 
Kubernetes extensibility: CRDs & Operators
Kubernetes extensibility: CRDs & OperatorsKubernetes extensibility: CRDs & Operators
Kubernetes extensibility: CRDs & Operators
SIGHUP
 
Best Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceBest Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open Source
NGINX, Inc.
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Raffaele Di Fazio
 
Hashicorp Vault - OPEN Public Sector
Hashicorp Vault - OPEN Public SectorHashicorp Vault - OPEN Public Sector
Hashicorp Vault - OPEN Public Sector
Kangaroot
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debugging
The Linux Foundation
 
Tuning TCP and NGINX on EC2
Tuning TCP and NGINX on EC2Tuning TCP and NGINX on EC2
Tuning TCP and NGINX on EC2
Chartbeat
 
Kubernetes - Security Journey
Kubernetes - Security JourneyKubernetes - Security Journey
Kubernetes - Security Journey
Jerry Jalava
 
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestIBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
Sandeep Patil
 
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practiceRoom 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
Vietnam Open Infrastructure User Group
 
Kubernetes Architecture v1.x
Kubernetes Architecture v1.xKubernetes Architecture v1.x
Kubernetes Architecture v1.x
Yongbok Kim
 
Top 10 F5 iRules to migrate to a modern load balancing platform
Top 10 F5 iRules to migrate to a modern load balancing platformTop 10 F5 iRules to migrate to a modern load balancing platform
Top 10 F5 iRules to migrate to a modern load balancing platform
Avi Networks
 
What Is Helm
What Is Helm What Is Helm
What Is Helm
AMELIAOLIVIA2
 
Overview of kubernetes network functions
Overview of kubernetes network functionsOverview of kubernetes network functions
Overview of kubernetes network functions
HungWei Chiu
 
Kubernetes PPT.pptx
Kubernetes PPT.pptxKubernetes PPT.pptx
Kubernetes PPT.pptx
ssuser0cc9131
 
SHARE.ORG in Boston Aug 2013 RHEL update for IBM System z
SHARE.ORG in Boston Aug 2013 RHEL update for IBM System zSHARE.ORG in Boston Aug 2013 RHEL update for IBM System z
SHARE.ORG in Boston Aug 2013 RHEL update for IBM System z
Filipe Miranda
 
Netronome Corporate Brochure
Netronome Corporate BrochureNetronome Corporate Brochure
Netronome Corporate Brochure
Netronome
 

Mais conteúdo relacionado

Mais procurados

HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)
Linaro
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debugging
The Linux Foundation
 
Top 10 F5 iRules to migrate to a modern load balancing platform
Top 10 F5 iRules to migrate to a modern load balancing platformTop 10 F5 iRules to migrate to a modern load balancing platform
Top 10 F5 iRules to migrate to a modern load balancing platform
Avi Networks
 

Mais procurados (20)

Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
 
Introduction to Helm
Introduction to HelmIntroduction to Helm
Introduction to Helm
 
Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...
Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...
Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latenc...
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
 
Introduction to rook
Introduction to rookIntroduction to rook
Introduction to rook
 
HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)
 
Kubernetes extensibility: CRDs & Operators
Kubernetes extensibility: CRDs & OperatorsKubernetes extensibility: CRDs & Operators
Kubernetes extensibility: CRDs & Operators
 
Best Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceBest Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open Source
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Hashicorp Vault - OPEN Public Sector
Hashicorp Vault - OPEN Public SectorHashicorp Vault - OPEN Public Sector
Hashicorp Vault - OPEN Public Sector
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debugging
 
Tuning TCP and NGINX on EC2
Tuning TCP and NGINX on EC2Tuning TCP and NGINX on EC2
Tuning TCP and NGINX on EC2
 
Kubernetes - Security Journey
Kubernetes - Security JourneyKubernetes - Security Journey
Kubernetes - Security Journey
 
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestIBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
 
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practiceRoom 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
 
Kubernetes Architecture v1.x
Kubernetes Architecture v1.xKubernetes Architecture v1.x
Kubernetes Architecture v1.x
 
Top 10 F5 iRules to migrate to a modern load balancing platform
Top 10 F5 iRules to migrate to a modern load balancing platformTop 10 F5 iRules to migrate to a modern load balancing platform
Top 10 F5 iRules to migrate to a modern load balancing platform
 
What Is Helm
What Is Helm What Is Helm
What Is Helm
 
Overview of kubernetes network functions
Overview of kubernetes network functionsOverview of kubernetes network functions
Overview of kubernetes network functions
 
Kubernetes PPT.pptx
Kubernetes PPT.pptxKubernetes PPT.pptx
Kubernetes PPT.pptx
 

Semelhante a Redis-SGX: Dmitrii Kuvaiskii

HKG18-301 - Dramatically Accelerate 96Board Software via an FPGA with Integra...
HKG18-301 - Dramatically Accelerate 96Board Software via an FPGA with Integra...HKG18-301 - Dramatically Accelerate 96Board Software via an FPGA with Integra...
HKG18-301 - Dramatically Accelerate 96Board Software via an FPGA with Integra...
Linaro
 
Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Road to Cloud Native Orchestration
Road to Cloud Native Orchestration
Open Source Technology Center MeetUps
 
Building, deploying and testing an industrial linux platform @ Open source su...
Building, deploying and testing an industrial linux platform @ Open source su...Building, deploying and testing an industrial linux platform @ Open source su...
Building, deploying and testing an industrial linux platform @ Open source su...
SZ Lin
 
How Cisco Provides World-Class Technology Conference Experiences Using Automa...
How Cisco Provides World-Class Technology Conference Experiences Using Automa...How Cisco Provides World-Class Technology Conference Experiences Using Automa...
How Cisco Provides World-Class Technology Conference Experiences Using Automa...
InfluxData
 
StampedeCon 2015 Keynote
StampedeCon 2015 KeynoteStampedeCon 2015 Keynote
StampedeCon 2015 Keynote
Ken Owens
 
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
StampedeCon
 
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid Cloud Hosting
 

Semelhante a Redis-SGX: Dmitrii Kuvaiskii (20)

SHARE.ORG in Boston Aug 2013 RHEL update for IBM System z
SHARE.ORG in Boston Aug 2013 RHEL update for IBM System zSHARE.ORG in Boston Aug 2013 RHEL update for IBM System z
SHARE.ORG in Boston Aug 2013 RHEL update for IBM System z
 
Netronome Corporate Brochure
Netronome Corporate BrochureNetronome Corporate Brochure
Netronome Corporate Brochure
 
IBM Edge2015 Las Vegas
IBM Edge2015 Las VegasIBM Edge2015 Las Vegas
IBM Edge2015 Las Vegas
 
HKG18-301 - Dramatically Accelerate 96Board Software via an FPGA with Integra...
HKG18-301 - Dramatically Accelerate 96Board Software via an FPGA with Integra...HKG18-301 - Dramatically Accelerate 96Board Software via an FPGA with Integra...
HKG18-301 - Dramatically Accelerate 96Board Software via an FPGA with Integra...
 
Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overview
 
F5 OpenShift Workshop
F5 OpenShift WorkshopF5 OpenShift Workshop
F5 OpenShift Workshop
 
Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Road to Cloud Native Orchestration
Road to Cloud Native Orchestration
 
Building, deploying and testing an industrial linux platform @ Open source su...
Building, deploying and testing an industrial linux platform @ Open source su...Building, deploying and testing an industrial linux platform @ Open source su...
Building, deploying and testing an industrial linux platform @ Open source su...
 
Plan with confidence: Route to a successful Do178c multicore certification
Plan with confidence: Route to a successful Do178c multicore certificationPlan with confidence: Route to a successful Do178c multicore certification
Plan with confidence: Route to a successful Do178c multicore certification
 
Monitoring CloudStack and components
Monitoring CloudStack and componentsMonitoring CloudStack and components
Monitoring CloudStack and components
 
Networking Concepts and Tools for the Cloud
Networking Concepts and Tools for the CloudNetworking Concepts and Tools for the Cloud
Networking Concepts and Tools for the Cloud
 
How Cisco Provides World-Class Technology Conference Experiences Using Automa...
How Cisco Provides World-Class Technology Conference Experiences Using Automa...How Cisco Provides World-Class Technology Conference Experiences Using Automa...
How Cisco Provides World-Class Technology Conference Experiences Using Automa...
 
Enabling NFV features in kubernetes
Enabling NFV features in kubernetesEnabling NFV features in kubernetes
Enabling NFV features in kubernetes
 
Open coud networking at full speed - Avi Alkobi
Open coud networking at full speed - Avi AlkobiOpen coud networking at full speed - Avi Alkobi
Open coud networking at full speed - Avi Alkobi
 
LKNOG3 - Telco Cloud Common – VIM/ CIM
LKNOG3 - Telco Cloud Common – VIM/ CIMLKNOG3 - Telco Cloud Common – VIM/ CIM
LKNOG3 - Telco Cloud Common – VIM/ CIM
 
Boost performance and provide strong end-user unified communications experien...
Boost performance and provide strong end-user unified communications experien...Boost performance and provide strong end-user unified communications experien...
Boost performance and provide strong end-user unified communications experien...
 
StampedeCon 2015 Keynote
StampedeCon 2015 KeynoteStampedeCon 2015 Keynote
StampedeCon 2015 Keynote
 
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
 
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
 
VxRail Appliance - Modernize your infrastructure and accelerate IT transforma...
VxRail Appliance - Modernize your infrastructure and accelerate IT transforma...VxRail Appliance - Modernize your infrastructure and accelerate IT transforma...
VxRail Appliance - Modernize your infrastructure and accelerate IT transforma...
 

Mais de Redis Labs

SQL, Redis and Kubernetes by Paul Stanton of Windocks - Redis Day Seattle 2020
SQL, Redis and Kubernetes by Paul Stanton of Windocks - Redis Day Seattle 2020SQL, Redis and Kubernetes by Paul Stanton of Windocks - Redis Day Seattle 2020
SQL, Redis and Kubernetes by Paul Stanton of Windocks - Redis Day Seattle 2020
Redis Labs
 
Anatomy of a Redis Command by Madelyn Olson of Amazon Web Services - Redis Da...
Anatomy of a Redis Command by Madelyn Olson of Amazon Web Services - Redis Da...Anatomy of a Redis Command by Madelyn Olson of Amazon Web Services - Redis Da...
Anatomy of a Redis Command by Madelyn Olson of Amazon Web Services - Redis Da...
Redis Labs
 
RediSearch 1.6 by Pieter Cailliau - Redis Day Bangalore 2020
RediSearch 1.6 by Pieter Cailliau - Redis Day Bangalore 2020RediSearch 1.6 by Pieter Cailliau - Redis Day Bangalore 2020
RediSearch 1.6 by Pieter Cailliau - Redis Day Bangalore 2020
Redis Labs
 
RedisGraph 2.0 by Pieter Cailliau - Redis Day Bangalore 2020
RedisGraph 2.0 by Pieter Cailliau - Redis Day Bangalore 2020RedisGraph 2.0 by Pieter Cailliau - Redis Day Bangalore 2020
RedisGraph 2.0 by Pieter Cailliau - Redis Day Bangalore 2020
Redis Labs
 

Mais de Redis Labs (20)

Redis Day Bangalore 2020 - Session state caching with redis
Redis Day Bangalore 2020 - Session state caching with redisRedis Day Bangalore 2020 - Session state caching with redis
Redis Day Bangalore 2020 - Session state caching with redis
 
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
 
The Happy Marriage of Redis and Protobuf by Scott Haines of Twilio - Redis Da...
The Happy Marriage of Redis and Protobuf by Scott Haines of Twilio - Redis Da...The Happy Marriage of Redis and Protobuf by Scott Haines of Twilio - Redis Da...
The Happy Marriage of Redis and Protobuf by Scott Haines of Twilio - Redis Da...
 
SQL, Redis and Kubernetes by Paul Stanton of Windocks - Redis Day Seattle 2020
SQL, Redis and Kubernetes by Paul Stanton of Windocks - Redis Day Seattle 2020SQL, Redis and Kubernetes by Paul Stanton of Windocks - Redis Day Seattle 2020
SQL, Redis and Kubernetes by Paul Stanton of Windocks - Redis Day Seattle 2020
 
Rust and Redis - Solving Problems for Kubernetes by Ravi Jagannathan of VMwar...
Rust and Redis - Solving Problems for Kubernetes by Ravi Jagannathan of VMwar...Rust and Redis - Solving Problems for Kubernetes by Ravi Jagannathan of VMwar...
Rust and Redis - Solving Problems for Kubernetes by Ravi Jagannathan of VMwar...
 
Redis for Data Science and Engineering by Dmitry Polyakovsky of Oracle
Redis for Data Science and Engineering by Dmitry Polyakovsky of OracleRedis for Data Science and Engineering by Dmitry Polyakovsky of Oracle
Redis for Data Science and Engineering by Dmitry Polyakovsky of Oracle
 
Practical Use Cases for ACLs in Redis 6 by Jamie Scott - Redis Day Seattle 2020
Practical Use Cases for ACLs in Redis 6 by Jamie Scott - Redis Day Seattle 2020Practical Use Cases for ACLs in Redis 6 by Jamie Scott - Redis Day Seattle 2020
Practical Use Cases for ACLs in Redis 6 by Jamie Scott - Redis Day Seattle 2020
 
Moving Beyond Cache by Yiftach Shoolman Redis Labs - Redis Day Seattle 2020
Moving Beyond Cache by Yiftach Shoolman Redis Labs - Redis Day Seattle 2020Moving Beyond Cache by Yiftach Shoolman Redis Labs - Redis Day Seattle 2020
Moving Beyond Cache by Yiftach Shoolman Redis Labs - Redis Day Seattle 2020
 
Leveraging Redis for System Monitoring by Adam McCormick of SBG - Redis Day S...
Leveraging Redis for System Monitoring by Adam McCormick of SBG - Redis Day S...Leveraging Redis for System Monitoring by Adam McCormick of SBG - Redis Day S...
Leveraging Redis for System Monitoring by Adam McCormick of SBG - Redis Day S...
 
JSON in Redis - When to use RedisJSON by Jay Won of Coupang - Redis Day Seatt...
JSON in Redis - When to use RedisJSON by Jay Won of Coupang - Redis Day Seatt...JSON in Redis - When to use RedisJSON by Jay Won of Coupang - Redis Day Seatt...
JSON in Redis - When to use RedisJSON by Jay Won of Coupang - Redis Day Seatt...
 
Highly Available Persistent Session Management Service by Mohamed Elmergawi o...
Highly Available Persistent Session Management Service by Mohamed Elmergawi o...Highly Available Persistent Session Management Service by Mohamed Elmergawi o...
Highly Available Persistent Session Management Service by Mohamed Elmergawi o...
 
Anatomy of a Redis Command by Madelyn Olson of Amazon Web Services - Redis Da...
Anatomy of a Redis Command by Madelyn Olson of Amazon Web Services - Redis Da...Anatomy of a Redis Command by Madelyn Olson of Amazon Web Services - Redis Da...
Anatomy of a Redis Command by Madelyn Olson of Amazon Web Services - Redis Da...
 
Building a Multi-dimensional Analytics Engine with RedisGraph by Matthew Goos...
Building a Multi-dimensional Analytics Engine with RedisGraph by Matthew Goos...Building a Multi-dimensional Analytics Engine with RedisGraph by Matthew Goos...
Building a Multi-dimensional Analytics Engine with RedisGraph by Matthew Goos...
 
RediSearch 1.6 by Pieter Cailliau - Redis Day Bangalore 2020
RediSearch 1.6 by Pieter Cailliau - Redis Day Bangalore 2020RediSearch 1.6 by Pieter Cailliau - Redis Day Bangalore 2020
RediSearch 1.6 by Pieter Cailliau - Redis Day Bangalore 2020
 
RedisGraph 2.0 by Pieter Cailliau - Redis Day Bangalore 2020
RedisGraph 2.0 by Pieter Cailliau - Redis Day Bangalore 2020RedisGraph 2.0 by Pieter Cailliau - Redis Day Bangalore 2020
RedisGraph 2.0 by Pieter Cailliau - Redis Day Bangalore 2020
 
RedisTimeSeries 1.2 by Pieter Cailliau - Redis Day Bangalore 2020
RedisTimeSeries 1.2 by Pieter Cailliau - Redis Day Bangalore 2020RedisTimeSeries 1.2 by Pieter Cailliau - Redis Day Bangalore 2020
RedisTimeSeries 1.2 by Pieter Cailliau - Redis Day Bangalore 2020
 
RedisAI 0.9 by Sherin Thomas of Tensorwerk - Redis Day Bangalore 2020
RedisAI 0.9 by Sherin Thomas of Tensorwerk - Redis Day Bangalore 2020RedisAI 0.9 by Sherin Thomas of Tensorwerk - Redis Day Bangalore 2020
RedisAI 0.9 by Sherin Thomas of Tensorwerk - Redis Day Bangalore 2020
 
Rate-Limiting 30 Million requests by Vijay Lakshminarayanan and Girish Koundi...
Rate-Limiting 30 Million requests by Vijay Lakshminarayanan and Girish Koundi...Rate-Limiting 30 Million requests by Vijay Lakshminarayanan and Girish Koundi...
Rate-Limiting 30 Million requests by Vijay Lakshminarayanan and Girish Koundi...
 
Three Pillars of Observability by Rajalakshmi Raji Srinivasan of Site24x7 Zoh...
Three Pillars of Observability by Rajalakshmi Raji Srinivasan of Site24x7 Zoh...Three Pillars of Observability by Rajalakshmi Raji Srinivasan of Site24x7 Zoh...
Three Pillars of Observability by Rajalakshmi Raji Srinivasan of Site24x7 Zoh...
 
Solving Complex Scaling Problems by Prashant Kumar and Abhishek Jain of Myntr...
Solving Complex Scaling Problems by Prashant Kumar and Abhishek Jain of Myntr...Solving Complex Scaling Problems by Prashant Kumar and Abhishek Jain of Myntr...
Solving Complex Scaling Problems by Prashant Kumar and Abhishek Jain of Myntr...
 

Último

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Último (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

Redis-SGX: Dmitrii Kuvaiskii

  • 1. RedisConf 2019 Redis-SGX: Towards Protecting Redis with Intel® SGX Dmitrii Kuvaiskii Intel, Research Scientist
  • 2. RedisConf 2019 Disclaimers 2 Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more information go to www.intel.com/benchmarks. Performance results are based on testing as of 03.4.2019 and may not reflect all publicly available security updates. See configuration disclosure for details. No product or component can be absolutely secure. Configurations: an Intel® Xeon Platinum server with an Intel® SGX Card with Ubuntu 16.04 and Redis 5.0, connected to a memtier_benchmark client via a 1Gbps Ethernet. Testing was performed by Intel Labs on 03.4.2019. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at intel.com. Intel, the Intel logo, Intel SGX and Xeon are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. © 2019 Intel Corporation.
  • 3. RedisConf 2019 Redis Security in Open Source Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use 3
  • 4. RedisConf 2019 Redis Security in Open Source Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use Enterprise private network 4
  • 5. RedisConf 2019 Public cloud Redis Security in Open Source Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use 5
  • 6. RedisConf 2019 Redis Security in Open Source Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use Public cloud 6
  • 7. RedisConf 2019 Redis Security in Open Source Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use Public cloud stolen 7
  • 8. RedisConf 2019 Redis Security in Open Source Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use Public cloud stolen 8
  • 9. RedisConf 2019 Redis Security in Enterprise Version Data in Transit Data at Rest plaintext [ TCP ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use Public cloud 9
  • 10. RedisConf 2019 Redis Security in Enterprise Version Data in Transit Data at Rest encrypted [ TLS ] plaintext [ FS ] plaintext [ KVs in RAM ] Data in Use Public cloud 10
  • 11. RedisConf 2019 Redis Security in Enterprise Version Data in Transit Data at Rest encrypted [ TLS ] encrypted [ FDE ] plaintext [ KVs in RAM ] Data in Use Public cloud 11
  • 12. RedisConf 2019 Redis Security in Enterprise Version Data in Transit Data at Rest encrypted [ TLS ] encrypted [ FDE ] plaintext [ KVs in RAM ] Data in Use Public cloud stolen 12
  • 13. RedisConf 2019 Redis Security in Enterprise Version Data in Transit Data at Rest encrypted [ TLS ] encrypted [ FDE ] plaintext [ KVs in RAM ] Data in Use Public cloud 13
  • 14. RedisConf 2019 Redis Security in Enterprise Version Data in Transit Data at Rest encrypted [ TLS ] encrypted [ FDE ] plaintext [ KVs in RAM ] Data in Use Public cloud 14
  • 15. RedisConf 2019 Redis Security in Intel® SGX Version Data in Transit Data at Rest encrypted [ TLS ] encrypted [ KVs in enclave ] Data in Use Public cloud encrypted [ ProtectedFS] 15
  • 16. RedisConf 2019 Data at Rest encrypted [ TLS ] encrypted [ KVs in enclave ] encrypted [ ProtectedFS] Public cloud Redis Security in Intel® SGX Version Data in Use Redis enclave Network shield encrypted encrypted FS shield 16
  • 17. RedisConf 2019 Redis Security in Intel® SGX Version Data in Transit Data at Rest encrypted [ TLS ] encrypted [ KVs in enclave ] Data in Use Public cloud 17 encrypted [ ProtectedFS]
  • 18. RedisConf 2019 Redis Security in Intel® SGX Version Data in Transit Data at Rest encrypted [ TLS ] Data in Use Public cloud encrypted [ KVs in enclave ] 18 encrypted [ ProtectedFS]
  • 19. RedisConf 2019 Data at Rest encrypted [ TLS ] Public cloud encrypted [ KVs in enclave ] encrypted [ ProtectedFS] Redis Security in Intel® SGX Version Data in Use Redis enclave Redis enclave Redis enclave Redis cluster bus 19
  • 20. RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 20
  • 21. RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 21
  • 22. RedisConf 2019 Current Protection Mechanisms are Insufficient Redis process Malicious process Linux kernel KVM hypervisor 22 Intel® CPU
  • 23. RedisConf 2019 Current Protection Mechanisms are Insufficient Redis process Malicious process Linux kernel KVM hypervisor 23 Intel® CPU
  • 24. RedisConf 2019 Current Protection Mechanisms are Insufficient Redis process Linux kernel KVM hypervisor Rogue sysadmin Malicious process 24 Intel® CPU
  • 25. RedisConf 2019 Intel® SGX Enclaves to the Rescue Redis enclave Linux kernel KVM hypervisor Rogue sysadmin Malicious process 25 Intel® CPU
  • 26. RedisConf 2019 Redis process Intel® SGX Enclaves to the Rescue Linux kernel KVM hypervisor Rogue sysadmin Malicious process 26 Intel® CPU Redis enclave
  • 27. RedisConf 2019 Reducing Trust Assumptions Classical Model Intel® SGX model Redis process Linux kernel KVM hypervisor HW CPU DRAM Attack surface Redis process Linux kernel KVM hypervisor HW CPU DRAM Redis enclave Attack surface 27
  • 28. RedisConf 2019 Intel® SGX: Software Perspective Redis process I/O Code I/O Data Enclave Redis Code Redis Data 28
  • 29. RedisConf 2019 Intel® SGX: Hardware Perspective Snooping/Injection/Replay Core Core Cache MC MEE CPU Package Trust Boundary Protected enclave data in DRAM Unprotected data in DRAM 29 Memory dump/cold boot attack
  • 30. RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 30
  • 31. RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 31
  • 32. RedisConf 2019 Original With SGX SDK With Graphene-SGX § No data-in-use protection § Protected Redis § Tedious to port § Protected Redis § No changes to code Redis process Redis process Redis (modified) I/O (modified) Redis process Redis (binary) Graphene LibOS Moving Redis into Enclave 32
  • 33. RedisConf 2019 Host OS (Linux) Platform Adaptation Layer Library OS Shared libs (glibc) Redis executable Graphene-SGX Library OS Linux System Call API ~ 300 Functions Host ABI ~40 Functions ~50 Linux System Calls User Kernel SGX Enclave 33
  • 34. RedisConf 2019 Host OS (Linux) Platform Adaptation Layer Library OS Shared libs (glibc) Redis executable Graphene-SGX Library OS Linux System Call API ~ 300 Functions Host ABI ~40 Functions ~50 Linux System Calls User Kernel Enclave 34
  • 35. RedisConf 2019 Host OS (Linux) Untrusted PAL Trusted PAL Library OS Shared libs (glibc) Redis executable Graphene-SGX Library OS Linux System Call API ~ 300 Functions Host ABI ~40 Functions ~50 Linux System Calls User Kernel ~40 SGX OCALLs Enclave 35
  • 36. RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 36
  • 37. RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 37
  • 38. RedisConf 2019 Network and FS Shields Redis enclave plaintext write (tcp-fd, “EXISTS somekey”) Host OS (Linux) 38
  • 39. RedisConf 2019 Network and FS Shields Redis enclave plaintext write (tcp-fd, “EXISTS somekey”) Network shield encrypted (TLS) Host OS (Linux) write (tcp-fd, “Bh&^ds4RtH@”) 39
  • 40. RedisConf 2019 Network and FS Shields Redis enclave plaintext write (tcp-fd, “EXISTS somekey”) Network shield encrypted (TLS) Host OS (Linux) write (tcp-fd, “Bh&^ds4RtH@”) write (fs-fd, “EXISTS somekey”) plaintext 40
  • 41. RedisConf 2019 Network and FS Shields Redis enclave plaintext write (tcp-fd, “EXISTS somekey”) Network shield encrypted (TLS) Host OS (Linux) write (tcp-fd, “Bh&^ds4RtH@”) File System shield encrypted (ProtectedFS) write (fs-fd, “EXISTS somekey”) plaintext write (fs-fd, “Bh&^ds4RtH@”) 41
  • 42. RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 42
  • 43. RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 43
  • 44. RedisConf 2019 Public cloud Remote Attestation with Intel® SGX encrypted [ TLS ] encrypted [ KVs in enclave ] How do I know correct Redis runs inside true SGX enclave? 44
  • 45. RedisConf 2019 Public cloud Remote Attestation with Intel® SGX encrypted [ TLS ] plaintext emulate SGX enclave 45 How do I know correct Redis runs inside true SGX enclave?
  • 46. RedisConf 2019 Public cloud Remote Attestation with Intel® SGX encrypted [ TLS ] Redis Code CPU SGX Attestation Evidence = Measurement + Signature 46 Public key from Intel How do I know correct Redis runs inside true SGX enclave?
  • 47. RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 47
  • 48. RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 48
  • 49. RedisConf 2019 Redis with Intel® SGX Card encrypted [ TLS ] 49
  • 50. RedisConf 2019 Redis with Intel® SGX Card encrypted [ TLS ] Server in public cloud Host CPU Bridged network Intel® SGX Card Redis-SGX Redis-SGX Redis-SGX 50
  • 51. RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 51
  • 52. RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 52
  • 53. RedisConf 2019 Intel® SGX: Enclave Memory Size Core Core Cache MC MEE CPU Package Trust Boundary Protected enclave data in DRAM Unprotected data in DRAM 53 128MB
  • 54. RedisConf 2019 User-Level Swapping Redis process Redis enclave keys➞values Redis process Redis enclave keys➞values kv metadata user-level swapping (encrypted) § Based on Virtual Memory feature § ~700 lines of code § ~20% performance improvement 54
  • 55. RedisConf 2019 Overview • Intel® SGX • Graphene-SGX • Network and FS Shields • Remote Attestation • Intel® SGX Card • Redis Virtual Memory (Revived) 55
  • 56. RedisConf 2019 Conclusion 56 Intel® Xeon Platinum server with an Intel® SGX Card with Ubuntu 16.04 and Redis 5.0, connected to a memtier_benchmark client via a 1Gbps Ethernet. Testing was performed by Intel Labs on 03.4.2019.
  • 57. RedisConf 2019 Conclusion Data in Transit Data at Rest encrypted Redis-SGX Data in Use encrypted § Intel® SGX: https://software.intel.com/en-us/sgx § Graphene-SGX: https://github.com/oscarlab/graphene § Redis-SGX: [ TBD ] 57
  • 60. RedisConf 2019 Why SGX and Redis? Intel® SGX Card • Security: Intel® SGX (HW-based) • Scalability: Three SGX-enabled CPUs Redis • Data store (confidentiality of stored data) • Network-based (attestation of platform) • Cluster mode (scale-out) • Clean C code 60
  • 61. RedisConf 2019 encrypted msgs Network and FS Shields Redis enclave plaintext Network shield File System shield plaintext client server “client hello” “server hello” + cert client hello key exchange TLS protocol 61
  • 62. RedisConf 2019 encrypted msgs Network and FS Shields Redis enclave plaintext Network shield File System shield plaintext client server “client hello” “server hello” + cert client hello key exchange TLS protocol MHT protocol M H0D0 D1 H1D2 D3 H2D4 D5 62
  • 63. RedisConf 2019 Public key from Intel SGX attestation evidence Remote Attestation with Intel® SGX encrypted [ TLS ] Redis Code CPU encrypted msgs “client hello” “server hello” + cert + evidence client hello key exchange TLS self-signed certificate TLS certificate is tied to SGX attestation certificate TLS certificate ties SGX attestation evidence to current TLS session Verify measurement and signature 63 How do I know correct Redis runs inside true SGX enclave?
  • 64. RedisConf 2019 Public cloud Data at Rest encrypted [ TLS ] encrypted [ FDE ] Redis Security in Enterprise Version plaintext [ KVs in RAM ] Data in Use Redis process TLS wrapper process plaintext encrypted OS/driver encryption encrypted plaintext 64