https://scontain.com

SCONE - A Secure Container EnvironmentSCONE - A Secure Container Environment Toggle navigation Menu   Product Solutions Partners Company Contact DE EN PT Confidential Cloud-Native Computing. SCONE Confidential Cloud-Native Computing can protect the security - confidentiality, integrity, and freshness - of YOUR data, code, and keys.   Tell me more about SCONE ConfCNC Get SCONE Confidential PySpark Virtual Machine: Run confidential PySpark applications in Kubernetes clusters whilst protecting the application code and data. Now available on Azure Marketplace.   More details about our offer Tell me more Confidential Computing Playground Virtual Machine We supply you with easy access to all the needed tools for building confidential images and deploying them. Now available on Azure Marketplace.   More details about our offer Get more Information Redefine Security with Zero Trust Embrace the next generation of cybersecurity with Scontain's Zero Trust Architecture, ensuring continuous verification and uncompromised protection for your digital assets.  Watch our animation about Zero Trust Architecture Get Scone Some of our Trusting Partners News Podcast SCONE Podcast #1 Want to learn more about SCONE, confidential computing and the latest news about data security? Listen to our new AI-generated newscast. Episode 1 gives you an insight about confidential computing. Listen to podcast... 08/11/2024 Video Video Zero Trust Architecture Discover Zero Trust Architecture with SCONE. See Video... 11/06/2024 White paper Enabling Sovereign Landing Zones with Confidential Computing Read our latest white paper about how Accenture, Intel, and Scontain design confidential landing zones. Go to intel website Pdf... 25/07/2023 Video Securing Cloud Encryption Proxies with Confidential Computing Watch this video of our partner T-Systems MMS to learn more about the practical application of Confidential Computing. From minute 8:58 on we give an insight in technological conrnerstones in an interview with our COO Prof. Christof Fetzer. See video... 07/01/2022 News SCONE Playground virtual machine is one of the Azure Marketplace offers by Scontain. It includes all the needed tools for building confidential images and deploying them with the goal to provide an easy starting point for evaluating the SCONE Confidential Computing Platform. Link... 22/11/2021 News SCONE PySpark Virtual Machine is one of the Azure Marketplace offers by Scontain. It includes all the needed tools and images for running confidential PySpark applications in Kubernetes clusters and therefore provides an easy starting point for evaluating the SCONE Confidential PySpark offering. Link... 15/12/2021 Video 6 - Confidential Service Meshes Service meshes facilitate communication between services or microservices. We show how a confidential end-to-end encryption can be guaranteed with Intel SGX and the SCONE platform. See Video... 27/10/2021 Video 5 - Confidential Cloud-native Applications We present concepts of cloud-native applications and show their advantages as well as a demo of an application that consists of several services and within which several programming languages are used. See video... 27/10/2021 Video 4 - Multiple Stakeholder Machine Learning In this demo video we show how you can use applications where multiple stakeholders safely contribute their data and code with SCONE. In this demo video how you can provide a platform with Intel SGX and SCONE that allows different stakeholders to to work together safely. They don't have to necessarily trust each other to use the advantages of an AI. See video... 27/10/2021 Video 3 - Multi-stakeholder Computations In this demo video we show how you can use SCONE applications where multiple stakeholders securely contribute their data and code. See video... 27/10/2021 Video 2 - Building Confidential Applications SCONE Confidential Computing enables the secure outsourcing of the computing infrastructure to cloud providers with full control over your own data, code and secrets in just a few steps. See video... 27/10/2021 Video 1 - Scone Intro In this first of six videos, we motivate the need for confidential computing, explain what confidential computing is, and how to achieve confidential computing with the help of Intel SGX and the SCONE platform. See video... 27/10/2021 News Cooperation with T-Systems MMS New Partnerships for the future-proof IT-Security based on Confidential Computing. Link... 29/04/2021 Slides Confidential Cloud Enemy in the clouds: protecting your cloud assets from powerful adversaries. Confidential Cloud-Native Computing in Large Kubernetes Clusters Pdf... 23/04/2021 Slides Confidential Computing explained Our slides explain how SCONE protects data and code through the attestation of the platform and code while enabling excellent performance. It further shows a use case about multi-stakeholder computation. Pdf... 15/04/2021 Video Webcast on Confidential Computing Watch the webcast "Transforming business through Confidential Computing, a Data Privacy breakthrough" with our partners Stefan Schäfer (OVHcloud), Richard Curran (Intel) and our Co-Founder Prof. Dr. Christof Fetzer. Video... 15/04/2021 Webcast OVHcloud webcast about Confidential Computing April 15, 3:00-4:00pm Learn how Confidential Computing is transforming the industry in respect to Data Privacy. Join Stefan Schäfer from OVHcloud, Richard Curran from Intel Corporation and Christof Fetzer from Scontain for the OVHcloud Webcast. Register now: https://lnkd.in/esF82D3 25/03/2021 Video Alice & Bob Episode II:Secure use of Webcaches With SCONE Confidential Computing one can ensure that for example the employer cannot read the encrypted data traffic of his employees despite web caching; the encryption of the communication can be checked. Video... 10/25/2020 Press Release Aggregion cooperates with G-Core Labs Cloud With the support of Scontain, G-Core Labs was able to connect its cloud to Aggregion. Aggregion offers solutions for collaboration with data and creates partner ecosystems. Article... 10/23/2020 Press Release SCONE & Aggregion cooperate with Magnit Magnit, one of Russia's leading food retail chains with more than 20,000 stores and 16 million daily visitors, has provided a trusted platform for managing digital advertising data. The platform was developed by Aggregion and Scontain and uses SCONE to protect customer data. (Image: Magnit) Article... 10/14/2020 Video Alice & Bob Episode IV: Auditor & Encrypted emails With SCONE Confidential Computing you can protect the confidentiality of emails but still grant access to an auditor. Video... 12/19/2020 Video Alice & Bob Episode III:Confidential Outsourcing SCONE Confidential Computing facilitates the confidential outsourcing of services such as the management of VMs - and even critical services such as key management. Video... 11/05/2020 Video Alice & Bob Episode I:Secure Cooperation Use SCONE Confidential Computing to agree on a common code base and securely exchange confidential data. For example in the use case of genomic data analysis. Video... 10/09/2020 Video Microsoft Azure:new developments for data in Use Microsoft Azure presents new applications for confidential computing in the video: Minute 10 shows the use case Magnit (retailer in Russia). Minute 18:50 shows the example of Microsoft's Lamna Hospital; both are based on the SCONE platform. Video... 09/22/2020 Press Release SecuStack integrates secure SCONE Platform SecuStack, a German cloud operating system, will soon support Intel® SGX enclaves based on our SCONE platform. This ensures secure data exchange in cloud applications such as machine learning and multi-party computing. Article... 09/17/2020 Video SCONE & T-Systems:Confidential Computing Dominik Nägele from T-Systems International, Dr. Ivan Gudymenko from T-Systems Multimedia Solution and our COO Prof. Dr. Christof Fetzer talk about confidential computing. Video... 09/08/2020 White paper Confidential cloud-native Computing in large Kubernetes clusters Together with T-Systems Multimedia Solutions we published a white paper on the subject of trustworthy cloud-native computing in large Kubernetes clusters. Pdf... 09/08/2020 Video Scontain in Motion In our new short video we give a vivid and tangible overview of the goals and the background of Scontain. Video... 06/20/2020 Information Features explained: Confidential Cloud-native Applications Want to know more about Confidential Cloud-Native Computing (ConfCNC)? We explain how we solve current problems and present some use cases in our slides. Slides... 01/27/2020 Information Features explained: SCONE Platform Learn how to ensure confidentiality, integrity and freshness if your adversary has root and hardware access. Slides... 01/14/2020 Press Release Sächsische Zeitung:"Dresden builds security" An article in the "Sächsische Zeitung" from October 11, 2019 identifies Dresden as a location for research and development of secure operating systems. We are on. Article... 10/11/2019 Load more SCONE in a nutshell Overview of SCONE's unique features Transparent encryption — SCONE can transparently encrypt files and network traffic and in this way, it protects data from unauthorized access via the operating system, the hypervisor or any software. Learn more Transparent attestation of programs — SCONE transparently attests programs to ensure that only the correct, unmodified programs are executing in a genuine SGX enclave. This also prevents malware to attach to programs. Curated images — SCONE supports a set of curated images to simplify the task of the application developer. For most of the standard services, we will provide a SCONE image that runs inside of an SGX enclave. The application developer can customize the image via a Docker compose / stack file. We provide some examples in our SCONE tutorial. Secure compose files — SCONE supports secure compose files to protect secrets that are visible in Docker compose and stack files as well as Kubernetes metadata files. Learn more Simplifying the use of secure enclaves — SCONE executes programs inside secure enclaves - without requiring source code changes. We recommend recompiling applications but we support executing native Alpine applications inside containers. In this way, we are preventing even attackers with root access from stealing secrets from these programs. Learn more Transparent configuration with secrets — SCONE helps to configure programs with secrets that can neither be read nor modified by attackers - even if they would have already taken control of the operating system and/or the hypervisor. This is transparent to the application, i.e., does not require any source code changes. Application-oriented security — Ensure application security even in untrusted environments. Learn more Cross-compiler support — SCONE supports cross-compilers for C, C++, Rust, Go and an interpreter for Python. Learn more SCONE Offers on the Azure Marketplace SCONE Confidential PySpark on Kubernetes We aim to provide an easy starting point for evaluating the SCONE Confidential PySpark offering. It includes all the needed tools and images for running confidential PySpark applications in Kubernetes clusters. Always encrypted — Confidential Spark protects your data and code by ensuring that code and data are ALWAYS encrypted - in use, in flight and at rest. Support of large-scale tasks — Spark is a high-performance engine that fits your large-scale computing tasks and supports various programming languages. Quickstart Tutorial Our tutorial provides an easy starting point for evaluating the SCONE Confidential PySpark offering. All the needed tools and images for running confidential applications in Kubernetes clusters are included. Go to Tutorial Azure Marketplace Our Offer Have a look at our offer on Azure Marketplace and get detailed information about: possibilities, plans and pricing. Go to Azure Marketplace SCONE Confidential Computing Playground Virtual Machine We aim to provide an easy starting point for evaluating the SCONE Confidential Computing Platform. It includes all the needed tools for building confidential images (from scratch or from an existing native image) and deploying them. Our Confidential Computing University explains: SCONE Build How to build confidential container images from existing native Python images in one step. The resulting image runs on remotely-attested Intel SGX enclaves and has an encrypted filesystem. Watch Screencast Confidential Service Meshes A service mesh facilitates the communication between services or microservices. We introduce a confidential service mesh which ensures end-to-end encryption with mutual authentication. Watch Screencast Multi-Stakeholder Workflow We have multiple different partners collaborating whilst protecting their intellectual property (code, data) from each other and from cluster administrators. Watch Screencast Multi-Stakeholder Machine Learning The objective of this work is to provide a platform that allows multiple stakeholders such data owner, code owner, model owner, who do not necessarily trust each other, still can come together an perform machine learning to unlock all the benefits of AI. Watch Screencast Quickstart Tutorial Our tutorial provides an easy starting point for evaluating the SCONE Playground Confidential VM offering. All the needed tools and images and many examples and demos of the SCONE platform. Go to Tutorial Azure Marketplace Our Offer Have a look at our offer on Azure Marketplace and get detailed information about: possibilities, plans and pricing. Go to Azure Marketplace Solutions We provide developer-/operations-oriented documentation as well as scientific papers. Technical Documentation Tutorial and technical details. QuickDemo Our SCONE quick demo - use SCONE after a few simple steps. Scientific Publications We published several papers related to SCONE. A good starting point to read is our OSDI 2016 paper. Services We offer our customers different service levels Community/Evaluation Edition free Services run inside of enclaves in pre-release mode Visible memory content of enclaves with appropriate debugger To get access to our community edition, register a free account at https://gitlab.scontain.com For more details, please have a look at our Scontain Registry-Documentation Standard Edition ask €/year Services run inside of enclaves - without the possibility of inspections Business day support Consulting Priority support 24x7 Get standard now Business Edition ask €/year Services run inside of enclaves - without the possibility of inspections Business day support Consulting Priority support 24x7 Get Business now Partners & Clients We provide trusted execution support for our partners in industry and research labs. Additionally, we supply consulting support as well as building Proof of Concepts for our customers. Cloud Computing Outsource the management of hardware and software components to a cloud provider and service providers. AI/Machine Learning SCONE supports confidential federated machine learning. SCONE can protect the confidentiality and integrity of the training data, the generated model, and the interference. Safety Computing Confidential computing (CC) is an approach to secure data in use. With SCONE CC, one can protect data, code, and secrets in use as well as in transit and at rest. Healthcare Especially in healthcare securing personally Identifiable Information (PII) is crucial. PII is any information related to an identified or identifiable natural person. Blockchain Hardware-based privacy enables data confidentiality and secure computations. Research We have research collaborations with the following academic partners: COMPANY About SCONTAIN Scontain GmbH is one of the leading companies in confidential computing domain. Scontain supports its customers to build confidential applications with the help of their SCONE platform. It has a strong partnership with cloud companies, e.g. Deutsche Telekom and Microsoft Azure. SCONE Founding Team Meet the founders: we have assembled an unprecedented level of hands-on talent under the roof. Prof. Dr. Christof Fetzer Send an email Co-Founder & COO, Trustworthy Systems Guru Franz Gregor Send an email Co-Founder, Shield Execution Expert Sergei Arnautov Send an email Co-Founder, Lead Runtime Developer Dr. Karin Fetzer Send an email Co-Founder, Software Developer Dr. Tabajara Krausburg Send an email CEO, Software Developer Contact Us If you are interested in the SCONE platform, SCONE curated images or if you want to work for us, please use the contact button below or send email to info@scontain.com Send Message Scontain is participating in the Cloud-KRITIS project The Cloud-KRITIS project aims to explore technologies which enable IT applications for critical infrastructures to be operated in virtual environments or “the cloud”. Due to the high security requirements, this class of applications is currently excluded from the cost benefits and energy optimizations offered by cloud computing. Copyright © Scontain.com Legal Notice Privacy Policy Application-Oriented Security SCONE provides application-oriented security, i.e., confidentiality as well as integrity of the application can be ensured even if executing in untrusted environments. In untrusted environments, we have to protect against adversaries that have gained root access and can use this to read or even modify our application's data. SCONE supports naturally modern cloud-native applications that are composed of a set of microservices. Our general recommendation is that each microservice runs inside of an Intel SGX enclave. SCONE helps to protect an application from attacks via the operating system, other applications as well as internal APIs of the applications. In many cases, microservices only need to be recompiled with our SCONE crosscompilers. Close Intel SGX Enclaves SCONE uses Intel SGX Enclaves to protect application components. SCONE helps developers to run their applications inside of SGX enclaves. An Intel SGX enclave facilitates an application to protect its data from accesses by all other software - even the operating system. In particular, an application can protect all its data against adversaries with root access. A root user cannot dump the main memory of an application to get access to all its keys. Often, configuration files of applications are only protected by the filesystem. Again, a user with root access can read these configuration files and all secrets that they might contain. SCONE uses SGX to help to encrypt configuration files to protect these again. Close SCONE crosscompiler support SCONE support cross-compilers for C, C++, Rust, Go and Fortran. SCONE supports different programming languages. We provide different base container images that can be pulled from DockerHub. These images permit to create new container images with the help of Dockerfiles. For more difficult builds, one would probably use makefiles. We provide some examples in our SCONE tutorial. Close SCONE Docker Integration SCONE supports the Docker workflow of creating applications. SCONE supports the development and operations of applications similar to that of Docker. However, SCONE will run the microservices of an application inside of containers. A developer can build custom microservices and combine these with standard secure container images (i.e., curated images) that can be downloaded from DockerHub. We provide some examples in our SCONE tutorial. SCONE helps to ensure the confidentiality and integrity of an application. The availability is ensured by the container cluster - currently, this is Docker Swarm. The Docker Engines of the swarm are not trusted - in this way, we can decouple the security of an application from the security of the Docker Swarm. The Docker Swarm might run on physical hosts (MaaS) or on top of virtual machines (IaaS). Close SCONE Shielding SCONE supports transparent encryption of files, network traffic and stdin/stdout. Legacy services like memcached, were designed for operating in a trusted environment. Hence, they do not support TLS yet. SCONE supports the transparent encryption of the network traffic. To do so, one can enable the network shield as part of the stack/compose file. While some applications (like MySQL) can encrypt some of their files, most applications do not provide file encryption. Hence, we provide a mechanism in SCONE to transparently encrypt files. This mechanism is switched on via the stack/compose file of an application. We also provide a mechanism to transparently encrypt stdin, stdout and stderr. Some applications will get their secrets via environment variables or command line arguments. SCONE supports the secure transfer of the environment variables and command line arguments via the SCONE configuration and attestation service. We provide some examples in our SCONE tutorial. Close SCONE Curated Images SCONE support a set of curated container images. SCONE supports a set of curated images to simplify the task of application developer. For most of the standard services, we will provide a SCONE image that runs inside of an SGX enclave. The application developer can customize the image via a Docker compose / stack file. We provide some examples in our SCONE tutorial. Close SCONE Documentation Docker Container For offline viewing, we maintain a container image serving the SCONE technical documentation. To serve the SCONE technical documentation running in a local container, first, ensure that you have Docker running. Second, you can view the documentation by executing the following commands: docker pull sconecuratedimages/sconedocu docker run -d -p 8080:80 sconecuratedimages/sconedocu open http://127.0.0.1:8080 Close SCONE-Related Papers The following papers describe some of the technical aspects of SCONE. SCONE: Secure Linux Containers with Intel SGX, USENIX, OSDI 2016 This paper describes how we support unmodified applications inside of enclaves. The focus is on our asynchronous system call interface. Authors: Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, André Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, Christof Fetzer Media: pdf, slides audio Abstract: In multi-tenant environments, Linux containers managed by Docker or Kubernetes have a lower resource footprint, faster startup times, and higher I/O performance compared to virtual machines (VMs) on hypervisors. Yet their weaker isolation guarantees, enforced through software kernel mechanisms, make it easier for attackers to compromise the confidentiality and integrity of application data within containers. We describe SCONE, a secure container mechanism for Docker that uses the SGX trusted execution support of Intel CPUs to protect container processes from outside attacks. The design of SCONE leads to (i) a small trusted computing base (TCB) and (ii) a low performance overhead: SCONE offers a secure C standard library interface that transparently encrypts/decrypts I/O data; to reduce the performance impact of thread synchronization and system calls within SGX enclaves, SCONE supports user-level threading and asynchronous system calls. Our evaluation shows that it protects unmodified applications with SGX, achieving 0.6x–1.2x of native throughput. SGXBounds: Memory Safety for Shielded Execution, EuroSys 2017 To protect the code running inside of an enclave, we implemented a novel bounds checker for enclaves. While we had expected to just be able to use MPX, we had to realized that MPX does not perform that well inside of enclaves. For details regarding the overheads, please see this paper. This won the best paper award of EuroSys 2017. Authors: D. Kuvaiskii, O. Oleksenko, S. Arnautov, B. Trach, P. Bhatotia, P. Felber, C. Fetzer Media: pdf Abstract: Shielded execution based on Intel SGX provides strong security guarantees for legacy applications running on untrusted platforms. However, memory safety attacks such as Heartbleed can render the confidentiality and integrity properties of shielded execution completely ineffective. To prevent these attacks, the state-of-the-art memory-safety approaches can be used in the context of shielded execution. In this work, we first showcase that two prominent software- and hardware-based defenses, AddressSanitizer and Intel MPX respectively, are impractical for shielded execution due to high performance and memory overheads. This motivated our design of SGXBounds -- an efficient memory-safety approach for shielded execution exploiting the architectural features of Intel SGX. Our design is based on a simple combination of tagged pointers and compact memory layout. We implemented SGXBounds based on the LLVM compiler framework targeting unmodified multithreaded applications. Our evaluation using Phoenix, PARSEC, and RIPE benchmark suites shows that SGXBounds has performance and memory overheads of 18% and 0.1% respectively, while providing security guarantees similar to AddressSanitizer and Intel MPX. We have obtained similar results with four real-world case studies: SQLite, Memcached, Apache, and Nginx. FFQ: A Fast Single-Producer/Multiple-Consumer Concurrent FIFO Queue, IPDPS 2017 This paper describes our new lock-free queue for our asynchronous system calls. Authors: Sergei Arnautov, Pascal Felber, Christof Fetzer and Bohdan Trach Media: pdf Abstract: With the spreading of multi-core architectures, operating systems and applications are becoming increasingly more concurrent and their scalability is often limited by the primitives used to synchronize the different hardware threads. In this paper, we address the problem of how to optimize the throughput of a system with multiple producer and consumer threads. Such applications typically synchronize their threads via multi- producer/multi-consumer FIFO queues, but existing solutions have poor scalability, as we could observe when designing a secure application framework that requires high-throughput communication between many concurrent threads. In our target system, however, the items enqueued by different producers do not necessarily need to be FIFO ordered. Hence, we propose a fast FIFO queue, FFQ, that aims at maximizing throughput by specializing the algorithm for single-producer/multiple-consumer settings: each producer has its own queue from which multiple consumers can concurrently dequeue. Furthermore, while we pro- vide a wait-free interface for producers, we limit ourselves to lock-free consumers to eliminate the need for helping. We also propose a multi-producer variant to show which synchronization operations we were able to remove by focusing on a single producer variant. Our evaluation analyses the performance using micro- benchmarks and compares our results with other state-of-the-art solutions: FFQ exhibits excellent performance and scalability. Close × × × × × × Welcome to SCONE! Use our step-by-step onboarding tutorial to run your projects in a secure environment. Docker You will need to have Docker. Find the data and instructions here: https://hub.docker.com/?overlay=onboarding Access to Repos To get access to the repositories of the tutorial, please send us your Docker-ID: info@scontain.com Start Step 1 SCONE-RUSTC / SCONE RUSTC You can compile Rust programs but links against the SCONE libc instead of a standard libc. To print the version of Rust execute (inside container sconecuratedimages/crosscompilers:ubuntu): docker run -it sconecuratedimages/crosscompilers:ubuntu$ scone rustc --version You should get: rustc 1.38.0 (625451e37 2019-09-23) Previous Next Step 2 Hello World Let's try a simple hello world program. $ mkdir ~/projects$ cd ~/projects$ mkdir hello_world$ cd hello_world Previous Next Step 3 Rust Let's try our rust program: $ cat > main.rsenen1738053601https://scontain.com

Editeu el vostre lloc?

Què estàs fent?