Hardware Backed Security For Multitenancy at the Edge with SPIFFE & PARSEC - Paul Howard, Arm & Andres Vega, VMware
Abstract
Three powerful CNCF projects come together in this session, which focuses on how cloud-native workloads can access the best hardware security facilities of any platform in a way that is portable, convenient to consume, and which scales to multiple workloads. SPIFFE, the Secure Production Identity Framework for Everyone, alongside its production-grade implementation project SPIRE, are both now incubation projects within CNCF. Parsec (CNCF sandbox) is the Platform Abstraction for Security: a simple and portable way to access platform facilities for key management and cryptography on any hardware in any programming language. But Parsec is so much more than just an API shim. It also provides key management and access control based on the identities of workloads, keeping their secure assets separate. This session will show how Parsec can be combined with SPIFFE and SPIRE to provide a key management service based on attested workload identities,