May 2024 Rustacean meetup

Fortanix Enclave Development Platform (EDP)

Problem Space:
Data exists in three states: at rest, in use, and in transit. Data that is stored is “at rest”, data that is being processed is “in use”, and data that is traversing across the network is “in transit”. Generally, organizations focus on protecting data at rest and in transit across the network. However, the data being processed is still vulnerable to unauthorized access and tampering at runtime. Protecting the data in use is critical to offer complete security across the data lifecycle.

Solution:
Confidential Computing is an approach that uses secure enclave technology to enable the creation of a Trusted Execution Environment (TEE) based on security features provided by CPU vendors.
This provides protection of data being processed through using hardware-based TEEs.
Confidential computing applications achieve this by running in such secure enclaves.

Generally there are two ways to develop Confidential Computing applications -

1. Take an existing application and convert it to be enclave compatible.
2. Develop applications in a platform that inherently supports enclave compatibility.

How Fortanix provides Confidential Computing -
Approach-1 mentioned above, is non-trivial and comes with disadvantages such as not being able to access underlying FS or network which the existing application may well be depending upon.
Fortanix Enclave Development Platform (EDP) takes this 2nd approach
and is the preferred way to write Intel SGX enclaves from scratch in Rust language.
The platform provides some utility tools as well such as ‘sgx-detect’
that detects if the SGX technology is available on a given system,
and if so, detects and provides information on various components relating to SGX.

We’ll showcase building an application to the EDP specific target and discuss the restrictions it comes with.

opensource link: https://github.com/fortanix/rust-sgx