Presentation: The Security Challenges & Issues From SGX Practice

Track: Security: Attacking and Defending

Location: Bayview AB

Duration: 5:25pm - 6:15pm

Day of week: Wednesday

Level: Intermediate - Advanced

Persona: Architect, Backend Developer, CTO/CIO/Leadership, Developer

Abstract

Intel® Software Guard Extensions (Intel® SGX) provides a trusted execution environment with hardware root of trust, brings powerful capability to build secure applications to solve data security problems. However applying SGX technology correctly and writing secure code are still a challenge.

In this talk, we want to present challenges and issues we saw with applying SGX to protect sensitive data in product. We will broadly discuss open problems including how to write ecall functions correctly, how to avoid potential side channel attack, what are the architecture issues when we apply secure AI with Intel® SGX.

Speaker: Xiaoning Li

Chief Security Architect @Alibaba Cloud

Xiaoning Li is Chief Security Architect at Alibaba Cloud. Previously he was a security researcher and architect at Intel Labs. Focused on analyzing/detecting/preventing 0 day/malware with existing/new processor features. For the past 10+ years, his work has been focusing on both hardware/software security system co-design and advanced threat research. Xiaoning holds 20+ grant/filling patents in security areas including processor/system security and has published more than 20+ conference/invited talks including BlackHat, CanSecWest, ShmooCon, Source etc.

Find Xiaoning Li at

Similar Talks

Graphics Programmer & Academy Award Winning Computer Graphics Researcher
Senior Software Engineer, Video Games, 3D Graphics, C++, Mobile
Product Management and Marketing @Datacoral
Principal Engineer @Intel working on Deep Learning

.

Tracks

  • Architectures You've Always Wondered About

    Architectural practices from the world's most well-known properties, featuring startups, massive scale, evolving architectures, and software tools used by nearly all of us.

  • Going Serverless

    Learn about the state of Serverless & how to successfully leverage it! Lessons learned in the track hit on security, scalability, IoT, and offer warnings to watch out for.

  • Microservices: Patterns and Practices

    Stories of success and failure building modern Microservices, including event sourcing, reactive, decomposition, & more.

  • DevOps: You Build It, You Run It

    Pushing DevOps beyond adoption into cultural change. Hear about designing resilience, managing alerting, CI/CD lessons, & security. Features lessons from open source, Linkedin, Netflix, Financial Times, & more. 

  • The Art of Chaos Engineering

    Failure is going to happen - Are you ready? Chaos engineering is an emerging discipline - What is the state of the art?

  • The Whole Engineer

    Success as an engineer is more than writing code. Hear inward looking thoughts on inclusion, attitude, leadership, remote working, and not becoming the brilliant jerk.

  • Evolving Java

    Java continues to evolve & change. Track covers Spring 5, async, Kotlin, serverless, the 6-month cadence plans, & AI/ML use cases.

  • Security: Attacking and Defending

    Offense and defensive security evolution that application developers should know about including SGX Enclaves, effects of AI, software exploitation techniques, & crowd defense

  • The Practice & Frontiers of AI

    Learn about machine learning in practice and on the horizon. Learn about ML at Quora, Uber's Michelangelo, ML workflow with Netflix Meson and topics on Bots, Conversational interfaces, automation, and deployment practices in the space.

  • 21st Century Languages

    Compile to Native, Microservices, Machine learning... tailor-made languages solving modern challenges, featuring use cases around Go, Rust, C#, and Elm.

  • Modern CS in the Real World

    Applied trends in Computer Science that are likely to affect Software Engineers today. Topics include category theory, crypto, CRDT's, logic-based automated reasoning, and more.

  • Stream Processing In The Modern Age

    Compelling applications of stream processing using Flink, Beam, Spark, Strymon & recent advances in the field, including Custom Windowing, Stateful Streaming, SQL over Streams.  

Conference for Professional Software Developers