DevConf.US 2021 has ended
DevConf.US 2021 is the 5th annual, free, Red Hat sponsored technology conference for community project and professional contributors to Free and Open Source technologies coming to Boston!
Thursday, September 2 • 16:30 - 17:00
Confidential containers: distrusting your VM host

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

"Confidential computing" is a set of technologies such as memory or CPU state encryption that are intended to restrict access to the data in a virtual machine to its legitimate users, to the exclusion of even the physical host or the hypervisor running the virtual machine. "Confidential containers" is the application of such technologies to protect the data in containers. This matters for use cases where the "tenant" running the workloads has legal or business reasons to want the data being processed to be hidden from the infrastructure it is running on. This has a number of complicated implications in an ecosystem like Kubernetes or OpenShift. Using the Kata Containers runtime as an example, we will notably explore the various APIs used to create, start, monitor or debug containers. They no longer all belong to the same security realm, and some presently present architectural security risks as a result. We will discuss various solutions that are being considered to address this problem, taking into account existing practice, compatibility considerations, as well as the prospect of offering a real value proposition with solid security in the long term.

avatar for Christophe de Dinechin

Christophe de Dinechin

Senior Principal Software Engineer, Red Hat
Working on Kata Containers and OpenShift sandboxed containers Areas of interest: programming languages (XL), interactive 3D graphics and stereoscopy (Tao3D), physics research (theory of incomplete measurements) More info on http://c3d.github.io

Thursday September 2, 2021 16:30 - 17:00 EDT