Kubernetes + Encrypted Memory = Security * Privacy - Harshal Patil & Pradipta Banerjee, IBM

less than 1 minute read

Abstract

The Memory Encryption on hardware is coming soon. From Intel’s TME/MKTME[1] to IBM’s Ultravisor[2], hardware manufacturers are aiming to make sure ‘what’s written by the process stays within the process’. Once the hardware is out, it will change the way we perceive the security and privacy in the cloud. In this talk, we will discuss briefly on the upcoming memory encryption technologies and how we modified kata container runtime to handle kubernetes’ Ephemeral Volumes (aka, EmptyDir volumes) to keep your data and application protected from the container image registry (encrypted at rest) to runtime (protected by memory encryption). For the demonstration, we run a container image with the encrypted TensorFlow model using kubernetes such that even the root user on the worker node won’t be able to read the model parameters. [1] https://goo.gl/Xt3MJf [2] https://goo.gl/X2A5yx

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Kubernetes + Encrypted Memory = Security * Privacy - Harshal Patil & Pradipta Banerjee, IBM

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google