https://store-images.s-microsoft.com/image/apps.2899.f80e18e6-191a-428f-a3ca-df03c2c99cd5.eb1263ff-7eb2-4c28-921f-d98eacc85996.7a0b54a3-5cae-459a-8cea-b948f7f4019f

Intel® Confidential Compute for Redis*

Intel

Kategorien
Datenbanken
Support
SupportHilfe
Rechtliche Hinweise
LizenzvertragDatenschutzrichtlinie

Intel® Confidential Compute for Redis*

Intel

High-level security with no code modifications and no impact to functionality

This offer delivers the necessary tools to build a confidential compute image for Redis, which is a protected version of Redis. The resulting image can be started on any Azure machine supporting Intel SGX – a Confidential Computing solution. Without impacting the functionality of Redis, this offer uses Confidential Computing to bring the following security benefits to Redis:

  • Data protection:
    • Data is encrypted on disk, data is encrypted in the main memory, data is encrypted on the bus to the CPU, and hardware-based access controls only permit Redis to access plaintext data inside the CPU.
  • Application Isolation:
    • No other software on the system, e.g., the operating system, hypervisor, and firmware, have access to the data. Physical attacks, e.g., cold-boot attacks on RAM, are also mitigated as an attacker would only get access to encrypted data.
  • Attestation:
    • The attestation feature can be used to prove to a third party that the expected Redis code is running, the software is executed on specific Confidential Computing hardware, and the hardware is patched to a specific level.
  • Strict Trust Boundaries:
    • The protections offered by Confidential Computing significantly reduce the attack surface for internal and external attackers. Not even the cloud provider can get access to the stored and processed data.

This offer uses the open-source project Gramine to convert an unprotected Redis image into an SGX-protected image. In general, Gramine can convert unmodified applications to SGX-protected applications, without the toll of manually porting the application to the SGX environment. Multiple offerings for Intel-curated confidential compute applications are available in the Azure marketplace that are protected by Gramine. Besides these prepared applications, Gramine can be used to easily convert dockerized applications to SGX-protected applications. With minor effort, any regular Linux application can be protected by Gramine.

Click on the “Get It Now” button on this website to build and run a gramine-protected version of the official Redis docker image in 15 minutes.

Weitere Informationen
Gramine Solution Overview Gramine Website The Gramine Project
https://store-images.s-microsoft.com/image/apps.51754.f80e18e6-191a-428f-a3ca-df03c2c99cd5.c2c7bc80-c608-42b4-a8ed-599ded520edb.5777a6dc-71c5-4585-866d-80e7f7a24bc7
https://store-images.s-microsoft.com/image/apps.51754.f80e18e6-191a-428f-a3ca-df03c2c99cd5.c2c7bc80-c608-42b4-a8ed-599ded520edb.5777a6dc-71c5-4585-866d-80e7f7a24bc7