DevConf.US 2021 has ended
DevConf.US 2021 is the 5th annual, free, Red Hat sponsored technology conference for community project and professional contributors to Free and Open Source technologies coming to Boston!
Back To Schedule
Thursday, September 2 • 16:30 - 17:00
Confidential containers: distrusting your VM host

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

"Confidential computing" is a set of technologies such as memory or CPU state encryption that are intended to restrict access to the data in a virtual machine to its legitimate users, to the exclusion of even the physical host or the hypervisor running the virtual machine. "Confidential containers" is the application of such technologies to protect the data in containers. This matters for use cases where the "tenant" running the workloads has legal or business reasons to want the data being processed to be hidden from the infrastructure it is running on. This has a number of complicated implications in an ecosystem like Kubernetes or OpenShift. Using the Kata Containers runtime as an example, we will notably explore the various APIs used to create, start, monitor or debug containers. They no longer all belong to the same security realm, and some presently present architectural security risks as a result. We will discuss various solutions that are being considered to address this problem, taking into account existing practice, compatibility considerations, as well as the prospect of offering a real value proposition with solid security in the long term.

avatar for Christophe de Dinechin

Christophe de Dinechin

Senior Principal Software Engineer, Red Hat
Christophe de Dinechin works at Red Hat primarily on Kata Containers and its integration into OpenShift, as well as on Confidential Containers. He co-presented a talk at the KVM Forum 2021 titled "Don't peek into my container". He also has a strong interest in virtualisation, performance... Read More →

Thursday September 2, 2021 16:30 - 17:00 EDT