Hilton San Francisco Union Square | June 5 - 6

< Back

Dr. Wes Peck

Dr. Wes Peck

Chief Technology Officer, Invary

Dr. Peck is the Chief Technology Officer of Invary, a cybersecurity company that protects from novel zero-day attacks.

He is accomplished in large-scale software platform architecture, embedded systems, team building, and building novel software solutions that provide direct value to customers.

Dr. Peck served as the Primary Architect and Software Director of Matterport's government SaaS platform and was the Core Platform Director of Matterport's commercial platform and initial public offering on July 2021 NASDAQ:MTTR.

As the principal developer on the Iris Smart Home platform, Dr. Peck oversees the design and development of the embedded hub software (Zigbee and Z-Wave) and video streaming solution (H.264 and RTSP).

Dr. Peck earned his Ph.D. in Computer Science from the University of Kansas with a focus on hardware/software co-design, operating systems, trusted platforms, and specification refinement.

Dr. Wes's session

Strengthening Confidentiality with Multiple Attestations

June 5, 3:25 PM - 3:45 PM
Imperial Room A

This session is a collaboration between AMD's SEV-SNP team, the NSA's Trusted Mechanisms research group, and Invary.

We intend to showcase the NSA's open-source Maat Measurement and Attestation Framework, which orchestrates attestations of host and guest OS boot and runtime integrity and guest memory integrity (AMD SEV-SNP).

We will thus show the benefits of aggregated attestations to confidential computing workloads, which benefit both the workload owner utilizing the guest and the host's manager.

We will demonstrate multiple use cases with varying levels of confidentiality, providing optionality to end users, for example:

1. A confidential environment with all components having integrity, as seen through a single aggregated output via MAAT.

2. An environment where the host OS lacks runtime integrity via a rootkit attack, but the guest maintains OS and memory runtime integrity. This scenario allows for a separation of response between the owner of a confidential workload and the owner of the host.

3. An environment where the guest lacks memory integrity, but the host and guest have OS integrity.

4. An environment where the guest lacks OS runtime integrity but maintains memory confidentiality.

The key takeaways are:

1. The benefits of open source frameworks like MAAT to aggregate and orchestrate multiple third-party attestations.

2. An understanding of the layered architecture of a confidential computing environment and how each, if compromised, can impact the others.

3. The importance of attestation in confidential computing.

4. Exposure to the Copland language, used for expressing attestations (as described in "Flexible Mechanisms for Remote Attestation" (DOI: 10.1145/3470535).