Skip to main content

Constellation - The First Confidential Kubernetes

 Edgeless Systems secure the cloud's workloads by releasing the first runtime encrypted Kubernetes, able to run on a multitude of cloud providers.


Edgeless Systems is a pioneer in the world of Confidential Computing. Last year in "EdgelessDB - Taking Database Security To The Next Level", I covered its security-oriented database which is 100% compatible with MySQL and enhanced with confidential computing capabilities based on secure enclaves on Intel SGX chips. There was a lot of terminology to assimilate in that article and as a refresher: 


An enclave in simple terms, is a hardware sandbox that provides runtime protection of the data it encloses. EdgelessDB uses it in order to execute trusted and secure code on untrusted environments such as cloud platforms and already there's an integration of EdgelessDB on the Azure platform. An enclave itself is, in fact, just an instruction in the CPU architecture provided by modern CPUs.


Confidential computing is a concept that takes this one step further. It's an umbrella term that encapsulates protecting data at rest, data in use and data in transit, including preventing unauthorized access and tampering at runtime. Also it offers verifiability, in that the user can be certain that he talks to the appropriate back end and is not being misled as well as ensuring that the backend is running the code it is supposed to run.


full article on i-programmer:

https://www.i-programmer.info/news/149-security/15717-constellation-the-first-confidential-kubernetes.html


Comments

Popular posts from this blog

pg_ivm - Materialised Views On Steroids

 pg_ivm is an extension module for PostgreSQL 14 that provides an Incremental View Maintenance (IVM) feature.That means that materialized views are updated immediately after a base table is modified. pg_ivm gives answer to the age old problem of when to refresh the materialized view. As a refresher or reminder, a materialized view versus a normal view is that the former keeps a copy of the data referenced to speed up querying since you actually query that copy, while the latter performs a live query every time. That might be great, but not ideal as you have to decide when to refresh that copy in order to avoid querying stale data.Until now in Postgres this could be done when running the command REFRESH MATERIALIZED VIEW. But again, when is the right time to run it, given the performance aspect of the time it takes for the operation to complete? full article on i-programmer: https://www.i-programmer.info/news/84-database/15470-pgivm-postgres-materialised-views-on-steroids.html

Fable - Write Front-end apps for the Web in F#

 How would it sound to be able to write front-end apps for the Web in  functional style and with type safety? Enter Fable, a F# to Javascript compiler with both those in mind. Fable transpiles F# to ES2015 JavaScript so code written in F# can run anywhere JavaScript runs - the browser, Node.js, Electron,React Native or generally V8. Yes of course with Typescript you can have type safety when transpiling to Javascript and since Fable does the same for F#, in terms of performance they should be equivalent. The difference is in the language itself. Although F# is a multi-paradigm language, it's big advantage is its concise syntax which renders it much easier to read and comprehend, and its default properties of immutability, rich types which let you easily represent your data or your domain and powerful pattern matching abilities for defining complex behaviors. full article on i-programmer.info: https://www.i-programmer.info/news/87-web-development/14969-fable-write-front-end-apps-for

Making GraalVM Based Executables Easy with Liberica Native Image Kit

  Liberica Native Image Kit is a utility for making native images for the JVM, letting you compile applications to executables using the GraalVM native-image compiler. As a refresher on what a native image is Native image is the executable binary file that contains your application, all its dependencies, and runtime components, allowing you to run your JVM based program on any supported configuration without the need for installing runtime or any setup. Native image is the easiest way to distribute your program and start it up faster. Native images have several advantages over JVM interpreted applications:  Almost instant startup time Optimized resource consumption and smaller static footprint Does not require JVM for execution  But why go for GraalVM over packaging your app with say Launch4J or javapackager?  full article on i-programmer: https://www.i-programmer.info/news/80-java/15284-making-graalvm-based-executables-easy.html