Memory Armor for SPIRE: Fortifying SPIRE with Confidential Containers (CoCo) - Matthew Bates, Stealth Security Startup & Suraj Deshmukh, Microsoft

less than 1 minute read

Abstract

SPIRE is a production-ready reference implementation of SPIFFE, a CNCF project for workload identity . In the SPIRE architecture, the SPIRE server holds considerable importance,hence securing and safeguarding it is critical. Security is never a done deal; following the principle of defense in depth, there is always a layer you can add to your systems . A lesser-known type of attack is where an adversary gains access to the host and tries to read the unencrypted memory of the application. With SPIRE server, this might mean access to highly sensitive signing keys for the trust domain. Confidential Containers (CoCo) is an emerging CNCF project that promises confidentiality for application memory. In this talk we will look at providing security to an essential frontier of the application - its memory. You will learn about the SPIRE trust model, CoCo and its ecosystem, and we will demonstrate how it can be used to protect SPIRE infrastructure and provide even further depths of security.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Memory Armor for SPIRE: Fortifying SPIRE with Confidential Containers (CoCo) - Matthew Bates, Stealth Security Startup & Suraj Deshmukh, Microsoft

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google