WEBVTT 1 00:00:13.456 --> 00:00:14.836 My name is Nabil Schear. 2 00:00:14.836 --> 00:00:16.086 I'm a senior staff member 3 00:00:16.086 --> 00:00:17.306 at MIT Lincoln Laboratory. 4 00:00:18.426 --> 00:00:20.706 Do you run applications and store data 5 00:00:20.706 --> 00:00:22.276 in a cloud-computing environment today? 6 00:00:22.726 --> 00:00:24.366 If you do, you're relying 7 00:00:24.366 --> 00:00:25.376 on your cloud provider 8 00:00:25.376 --> 00:00:27.426 to implement security to protect you. 9 00:00:27.956 --> 00:00:29.676 And today you have no technical means 10 00:00:29.676 --> 00:00:31.666 by which you can verify your trust 11 00:00:31.666 --> 00:00:32.436 in the cloud provider 12 00:00:32.436 --> 00:00:33.196 that they're doing all 13 00:00:33.196 --> 00:00:33.856 of that stuff right. 14 00:00:34.386 --> 00:00:36.486 Keylime is a technology that allows you 15 00:00:36.486 --> 00:00:38.376 to create and control 16 00:00:38.376 --> 00:00:39.886 and trust your cloud provider 17 00:00:39.986 --> 00:00:41.366 when you're doing sensitive workloads 18 00:00:41.366 --> 00:00:41.836 in the cloud. 19 00:00:42.356 --> 00:00:44.336 Keylime works by using this 20 00:00:44.486 --> 00:00:45.996 cryptographic chip that's embedded 21 00:00:45.996 --> 00:00:46.696 in most computers 22 00:00:46.696 --> 00:00:48.136 that are available today called the 23 00:00:48.136 --> 00:00:50.006 trusted platform module or TPM. 24 00:00:50.646 --> 00:00:51.696 This chip allows us 25 00:00:51.696 --> 00:00:53.436 to bootstrap the trust process 26 00:00:53.436 --> 00:00:54.466 from that chip rather 27 00:00:54.466 --> 00:00:55.286 than from the cloud 28 00:00:55.286 --> 00:00:56.306 provider's resources. 29 00:00:56.906 --> 00:00:57.566 By doing this, 30 00:00:57.566 --> 00:00:59.226 we can enable secure bootstrapping 31 00:00:59.226 --> 00:01:00.976 where we can provision a cryptographic 32 00:01:00.976 --> 00:01:02.306 key into a cloud environment 33 00:01:02.306 --> 00:01:03.236 without divulging it 34 00:01:03.236 --> 00:01:04.126 to the cloud provider 35 00:01:04.326 --> 00:01:06.186 and we can check the system's integrity 36 00:01:06.186 --> 00:01:07.206 over time to make sure 37 00:01:07.206 --> 00:01:08.566 that it hasn't been compromised. 38 00:01:08.926 --> 00:01:11.146 Keylime offers all the security 39 00:01:11.146 --> 00:01:12.846 of a trusted platform module based 40 00:01:12.846 --> 00:01:14.266 security without any 41 00:01:14.266 --> 00:01:15.146 of the compatibility 42 00:01:15.146 --> 00:01:16.246 and performance issues 43 00:01:16.246 --> 00:01:18.366 that the TPM usually introduces. 44 00:01:18.776 --> 00:01:20.706 For example, we can provision machines 45 00:01:20.706 --> 00:01:22.196 in under two seconds and scale 46 00:01:22.196 --> 00:01:23.496 to support thousands of nodes 47 00:01:23.496 --> 00:01:24.336 in a cloud environment. 48 00:01:24.616 --> 00:01:25.416 Keylime is different 49 00:01:25.416 --> 00:01:27.346 than most other cloud provider security 50 00:01:27.346 --> 00:01:28.786 tools because it is open 51 00:01:28.786 --> 00:01:30.856 and it allows the tenant to control all 52 00:01:30.856 --> 00:01:32.466 of the sensitive resources themselves 53 00:01:32.796 --> 00:01:34.186 rather than outsourcing that job 54 00:01:34.186 --> 00:01:35.206 to the cloud provider 55 00:01:35.396 --> 00:01:36.626 without any visibility 56 00:01:36.626 --> 00:01:37.746 into how they do it. 57 00:01:39.606 --> 00:01:41.486 With Keylime you can regain control 58 00:01:41.486 --> 00:01:43.306 and trust over your cloud applications.