A WASM Runtime for FaaS Protected by TEE

Explore the concept of a WebAssembly (WASM) runtime for Function-as-a-Service (FaaS) protected by Trusted Execution Environment (TEE) in this conference talk. Delve into the challenges of confidential computing in cloud environments and learn how TEE provides hardware-isolated processing for secure applications. Examine the Inclavare project's cloud-native confidential computing container (CoCo) and its limitations, including cross-platform issues and performance overhead. Discover how WASM runtime addresses these challenges by offering a universal compilation target that is small, cross-platform, and cross-architecture. Gain insights into the architecture of WASM runtime, its fast boot capabilities, and the integration of Knative functions in TEE. Understand the potential of combining WASM, FaaS, and TEE for building a secure and flexible container runtime in cloud computing environments.

Intro
Confidential Computation
TEE was built for confidential computing
Different TEES are different
Virtualization for TEE client Architecture
TEE containers and Kubernetes
Working model for TEE containers
Cloud native TEE
Inclavare Project
Still Not Perfect
WASM Runtime in TEE
WASM Runtime Architecture
WASM Runtime Fast Boot
Knative Functions IN TEE
WASM Cloud in TEE