Securing Kubernetes with Trusted Platform Module (TPM) - Alex Tcherniakhovski & Andrew Lytvynov, Google

less than 1 minute read

Abstract

TPM is a discrete tamper-resistant device soldered to the motherboard and it operates independently of its host. TPM devices are designed to protect sensitive credentials at the hardware level: credentials created and stored within TPM devices cannot be extracted, even if host is compromised. Additionally, TPM devices provide a suite of cryptographic operations for applications to leverage. In this demo heavy session, we will review core TPM capabilities and how they could be used in for extending Kubernetes security. Attendees will leave with understanding how to utilize TPM in the context of Kubernetes. Concretely, the following scenarios will be covered: - Bootstrap trusted identity of cluster nodes - Seal sensitive data - Generate cryptographically protected logs - Generate unexportable TLS credentials

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Securing Kubernetes with Trusted Platform Module (TPM) - Alex Tcherniakhovski & Andrew Lytvynov, Google

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google