Confidential Containers – Sensitive Data and Privacy in Cloud Native Environments
The talk aims to address platform and software engineers who are interested in processing user-related or otherwise sensitive data in cloud-native environments. It will discuss to what extent Confidential Container technology can be a useful tool in such scenarios. Foundational concepts of Confidential Computing will be introduced: Trust, Integrity and Remote Attestation. Building upon those we can understand what confidentiality in context of Confidential Computing means and how it’s being implemented in Linux and Hardware (TPM, AMD SEV, Intel TDX). The “Confidential Containers” Open-Source Project is part of the “Cloud-Native Computing Foundation”. Multiple cloud, software and CPU vendors collaborate on building a hardware-independent platform which wants to enable users to deploy or migrate their container-based workloads in a Confidential Computing environment without friction and costly adjustments. We’ll discuss how far the project is in achieving this goal and which questions remain open. The talk will conclude with a practical demonstration of a confidential container deployment in a managed Kubernetes environment.
Speaker
-
Magnus KulkeMicrosoftMagnus is a Software Engineer at Microsoft in the AzureCore Linux Team, working on Confidential Container Technologies. He’s living with his Family in Berlin and has been tinkering with Linux, Virtualization and Cloud for many years.