Tutorial: Graphene: Confidential Computing for Unmodified Linux Applications

Abstract

In this tutorial, we will walk through the steps of using the Graphene framework to establish a confidential computing environment for protecting the data of an unmodified Linux application on untrusted hosts. Graphene is an open-source project since 2014 and has been ported for Intel SGX, an innovative CPU feature design for confidential computing. Graphene has been maintained by the community and has been actively adopted for prototyping and development. This tutorial will start with an introduction and overview of the Graphene project and architecture, followed by the step-by-step guide for installing, configuring, executing, and debugging the Graphene framework for confidential computing of applications. In particular, this tutorial will deep dive into several latest features of Graphene, including remote attestation, protected FS, Graphene shielded containers.

Type
Publication
IEEE Secure Development Conference (SecDev)
Date