{"id":3940,"date":"2022-05-12T12:56:57","date_gmt":"2022-05-12T10:56:57","guid":{"rendered":"https:\/\/sanctuary.dev\/?p=3940"},"modified":"2023-08-24T15:44:25","modified_gmt":"2023-08-24T13:44:25","slug":"container-based-confidential-computing","status":"publish","type":"post","link":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/","title":{"rendered":"Trusted Container Extensions for Container-based Confidential Computing"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

<\/p>

In this blog post, we introduce Trusted Container Extensions (TCX), a novel container security architecture we designed as part of our applied security research efforts. TCX combines the manageability and agility of standard containers with the strong protection guarantees of hardware-enforced Trusted Execution Environments (TEEs) to enable confidential computing for container workloads.<\/p>

<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

For over a decade, there is a continuous trend towards cloud computing, which allows customers to leverage capability and cost advantages. Cloud computing evolved with the advent of virtualization. Virtual machines (VMs) enabled Infrastructure-as-a-Service (IaaS) which allows businesses and users to outsource pre-existing workloads to the cloud. However, in recent years, the trend in cloud computing has shifted from VM-based offerings to more lightweight solutions, in particular, container technologies. Containers, such as Docker<\/a>, provide multiple separated user-space instances, which are isolated from each other and the host system through kernel software mechanisms. By running directly on the host system, containers do not need complex device emulation or large virtual machine disk files. Instead, containers package pre-configured applications with all their dependencies which makes them an attractive choice for fast deployment of webservices. Cloud providers today recognized this trend and offer customers the possibility to deploy and manage containers in the cloud known as called Container-as-a-Service (CaaS), with Docker being currently the most popular container ecosystem.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

Despite offering many advantages, using cloud services introduces a risk of data being exposed to third parties or services being compromised. Furthermore, regulatory policies restrict the adoption of cloud services for many industries, such as health care or finance. Even if the Cloud Service Provider (CSP) is considered trustworthy, the CSP\u2019s infrastructure might be compromised, e.g., by insiders such as maliciously acting administrators and employees, nation state actors demanding access by law, as well as third-party entities. While the hypervisor software components, which are used to control and manage VMs, have been subject to various attacks [1], the attack surface in CaaS settings is even larger as a typically large and complex operating system kernel is responsible for managing and isolating the containers [2].<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

In recent years, confidential computing has gained relevance in the realm of cloud computing in a pursue to enable the trustworthy outsourcing of sensitive data and services to the cloud, while eliminating the requirement to trust the CSP. Leveraging hardware-enforced Trusted Execution Environments (TEEs), the user\u2019s workloads are protected inside isolated compartments, called enclaves, which are secure even if the host\u2019s privileged software is compromised or controlled by a malicious entity. Various TEE architectures have been proposed by academic research while commercially available and widely deployed TEEs are Arm TrustZone<\/a>, Intel Software Guard Extensions (SGX)<\/a> and AMD Secure Encrypted Virtualization (SEV)<\/a>. Recently, Intel and Arm announced new TEE architectures named<\/span> <\/span>Intel Trust Domain Extensions (TDX)<\/a> <\/span>and<\/span> <\/span>Arm Confidential Compute Architecture (CCA)<\/a>. <\/span>However, none of the available TEE architectures is designed to isolate container workloads and to securely orchestrate and manage those. <\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

Confidential Computing with Trusted Container Extensions (TCX)<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

In addition to our Sanctuary platform<\/a> which offers strongly isolated enclaves for embedded devices, we developed Trusted Container Extensions (TCX),  a novel security architecture providing strongly isolated containers that can be securely deployed and managed in the cloud. We leverage the existing TEE architecture AMD SEV to ensure the integrity and confidentiality of applications and data in use and at rest. We protect containers in special-build lightweight VMs, called Secure Container VMs (SC-VMS). TCX preserves the agility and manageability of containers by offering secure services for standard Docker containers. Using a single trusted VM per host system, TCX provides advanced security services to all SC-VMS, including secure deployment, secure remote access, secure storage and secure communication between SC-VMS. TCX provides a secure and transparent communication channel for secure containers, i.e., Docker cannot distinguish between locally or remotely executed containers. Our implementation of the TCX architecture provides seamless integration into Docker, based on AMD SEV and the Kata Containers<\/a> project. In our performance evaluation, which shows the practicability of our implementation, we evaluate computational-intensive workloads (SPEC2017 benchmark suite), network-intensive workloads (NGINX and Apache webserver) and memory-intensive workloads (Redis in-memory database).<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

The full technical report on TCX can be found on arXiv<\/a>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

[1] Common Vulnerabilities and Exposures (CVEs): CVE-2017-10912, CVE-2017-10918, CVE-2017-10920, CVE-2017-10921 
[2] CVE-2015-8967, CVE-2016-10229, CVE-2016-7117, CVE-2017-0335, CVE-2017-0427, CVE-2017-0561<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

In this blog post, we introduce Trusted Container Extensions (TCX), a novel container security architecture we designed as part of our applied security research efforts.<\/p>\n","protected":false},"author":14,"featured_media":4080,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,26],"tags":[24,25,27],"class_list":["post-3940","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-know-how","category-publication","tag-cloud-computing","tag-confidential-computing","tag-container"],"acf":[],"yoast_head":"\nTrusted Container Extensions for Container-based Confidential Computing - SANCTUARY<\/title>\n<meta name=\"description\" content=\"In this blog post, we introduce Trusted Container Extensions, a novel confidential computing approach for containers, designed within our applied research efforts.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Trusted Container Extensions for Container-based Confidential Computing - SANCTUARY\" \/>\n<meta property=\"og:description\" content=\"In this blog post, we introduce Trusted Container Extensions, a novel confidential computing approach for containers, designed within our applied research efforts.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/\" \/>\n<meta property=\"og:site_name\" content=\"SANCTUARY\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-12T10:56:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-24T13:44:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/title_pic_new.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1162\" \/>\n\t<meta property=\"og:image:height\" content=\"765\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Emmanuel Stapf\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sanctuary_dev\" \/>\n<meta name=\"twitter:site\" content=\"@sanctuary_dev\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/\"},\"author\":{\"name\":\"Emmanuel Stapf\",\"@id\":\"https:\/\/sanctuary.dev\/en\/#\/schema\/person\/4d45e6474ecd26ee1b20ff8a6dc48071\"},\"headline\":\"Trusted Container Extensions for Container-based Confidential Computing\",\"datePublished\":\"2022-05-12T10:56:57+00:00\",\"dateModified\":\"2023-08-24T13:44:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/\"},\"wordCount\":733,\"publisher\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/title_pic_new.jpg\",\"keywords\":[\"cloud computing\",\"confidential computing\",\"container\"],\"articleSection\":[\"Know-how\",\"Publication\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/\",\"url\":\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/\",\"name\":\"Trusted Container Extensions for Container-based Confidential Computing - SANCTUARY\",\"isPartOf\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/title_pic_new.jpg\",\"datePublished\":\"2022-05-12T10:56:57+00:00\",\"dateModified\":\"2023-08-24T13:44:25+00:00\",\"description\":\"In this blog post, we introduce Trusted Container Extensions, a novel confidential computing approach for containers, designed within our applied research efforts.\",\"breadcrumb\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#primaryimage\",\"url\":\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/title_pic_new.jpg\",\"contentUrl\":\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/title_pic_new.jpg\",\"width\":1162,\"height\":765,\"caption\":\"Data cloud hovering over computer chip representing confidential computing\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sanctuary.dev\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trusted Container Extensions for Container-based Confidential Computing\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sanctuary.dev\/en\/#website\",\"url\":\"https:\/\/sanctuary.dev\/en\/\",\"name\":\"SANCTUARY\",\"description\":\"The Embedded Security Experts\",\"publisher\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sanctuary.dev\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sanctuary.dev\/en\/#organization\",\"name\":\"SANCTUARY\",\"url\":\"https:\/\/sanctuary.dev\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sanctuary.dev\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/07\/sanctuary_linkedin_logo_v4.png\",\"contentUrl\":\"https:\/\/sanctuary.dev\/app\/uploads\/2022\/07\/sanctuary_linkedin_logo_v4.png\",\"width\":1841,\"height\":1841,\"caption\":\"SANCTUARY\"},\"image\":{\"@id\":\"https:\/\/sanctuary.dev\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/sanctuary_dev\",\"https:\/\/www.linkedin.com\/company\/sanctuary-dev\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/sanctuary.dev\/en\/#\/schema\/person\/4d45e6474ecd26ee1b20ff8a6dc48071\",\"name\":\"Emmanuel Stapf\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sanctuary.dev\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5bf1073e869e3ed5120ffad94dcb6509dbe6c006658602d96a2758de4e2354ff?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5bf1073e869e3ed5120ffad94dcb6509dbe6c006658602d96a2758de4e2354ff?s=96&d=mm&r=g\",\"caption\":\"Emmanuel Stapf\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Trusted Container Extensions for Container-based Confidential Computing - SANCTUARY","description":"In this blog post, we introduce Trusted Container Extensions, a novel confidential computing approach for containers, designed within our applied research efforts.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/","og_locale":"en_US","og_type":"article","og_title":"Trusted Container Extensions for Container-based Confidential Computing - SANCTUARY","og_description":"In this blog post, we introduce Trusted Container Extensions, a novel confidential computing approach for containers, designed within our applied research efforts.","og_url":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/","og_site_name":"SANCTUARY","article_published_time":"2022-05-12T10:56:57+00:00","article_modified_time":"2023-08-24T13:44:25+00:00","og_image":[{"width":1162,"height":765,"url":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/title_pic_new.jpg","type":"image\/jpeg"}],"author":"Emmanuel Stapf","twitter_card":"summary_large_image","twitter_creator":"@sanctuary_dev","twitter_site":"@sanctuary_dev","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#article","isPartOf":{"@id":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/"},"author":{"name":"Emmanuel Stapf","@id":"https:\/\/sanctuary.dev\/en\/#\/schema\/person\/4d45e6474ecd26ee1b20ff8a6dc48071"},"headline":"Trusted Container Extensions for Container-based Confidential Computing","datePublished":"2022-05-12T10:56:57+00:00","dateModified":"2023-08-24T13:44:25+00:00","mainEntityOfPage":{"@id":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/"},"wordCount":733,"publisher":{"@id":"https:\/\/sanctuary.dev\/en\/#organization"},"image":{"@id":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#primaryimage"},"thumbnailUrl":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/title_pic_new.jpg","keywords":["cloud computing","confidential computing","container"],"articleSection":["Know-how","Publication"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/","url":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/","name":"Trusted Container Extensions for Container-based Confidential Computing - SANCTUARY","isPartOf":{"@id":"https:\/\/sanctuary.dev\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#primaryimage"},"image":{"@id":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#primaryimage"},"thumbnailUrl":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/title_pic_new.jpg","datePublished":"2022-05-12T10:56:57+00:00","dateModified":"2023-08-24T13:44:25+00:00","description":"In this blog post, we introduce Trusted Container Extensions, a novel confidential computing approach for containers, designed within our applied research efforts.","breadcrumb":{"@id":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#primaryimage","url":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/title_pic_new.jpg","contentUrl":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/06\/title_pic_new.jpg","width":1162,"height":765,"caption":"Data cloud hovering over computer chip representing confidential computing"},{"@type":"BreadcrumbList","@id":"https:\/\/sanctuary.dev\/en\/blog\/container-based-confidential-computing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sanctuary.dev\/en\/"},{"@type":"ListItem","position":2,"name":"Trusted Container Extensions for Container-based Confidential Computing"}]},{"@type":"WebSite","@id":"https:\/\/sanctuary.dev\/en\/#website","url":"https:\/\/sanctuary.dev\/en\/","name":"SANCTUARY","description":"The Embedded Security Experts","publisher":{"@id":"https:\/\/sanctuary.dev\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sanctuary.dev\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sanctuary.dev\/en\/#organization","name":"SANCTUARY","url":"https:\/\/sanctuary.dev\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sanctuary.dev\/en\/#\/schema\/logo\/image\/","url":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/07\/sanctuary_linkedin_logo_v4.png","contentUrl":"https:\/\/sanctuary.dev\/app\/uploads\/2022\/07\/sanctuary_linkedin_logo_v4.png","width":1841,"height":1841,"caption":"SANCTUARY"},"image":{"@id":"https:\/\/sanctuary.dev\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/sanctuary_dev","https:\/\/www.linkedin.com\/company\/sanctuary-dev\/"]},{"@type":"Person","@id":"https:\/\/sanctuary.dev\/en\/#\/schema\/person\/4d45e6474ecd26ee1b20ff8a6dc48071","name":"Emmanuel Stapf","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sanctuary.dev\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5bf1073e869e3ed5120ffad94dcb6509dbe6c006658602d96a2758de4e2354ff?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5bf1073e869e3ed5120ffad94dcb6509dbe6c006658602d96a2758de4e2354ff?s=96&d=mm&r=g","caption":"Emmanuel Stapf"}}]}},"_links":{"self":[{"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/posts\/3940","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/comments?post=3940"}],"version-history":[{"count":42,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/posts\/3940\/revisions"}],"predecessor-version":[{"id":3987,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/posts\/3940\/revisions\/3987"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/media\/4080"}],"wp:attachment":[{"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/media?parent=3940"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/categories?post=3940"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sanctuary.dev\/en\/wp-json\/wp\/v2\/tags?post=3940"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}