Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Key Points


References

Reference_description_with_linked_URLs_______________________Notes______________________________________________________________















Key Concepts



KVM Container Security Concepts

https://kvmforum2022.sched.com/event/15jJS/the-five-big-problems-with-confidential-containers-christophe-de-dinechin-red-hat?iframe=no&w=&sidebar=yes&bg=no

Confidential computing is a set of technologies, such as Intel's TDX or AMD's SEV, designed to protect data in use, notably with the use of encrypted memory. Confidential containers (CC) are the application of technology to run containers in a way that does not expose any data to the host. Alice Frosi, Sergio Lopez and Christophe de Dinechin presented this technology last year, in a talk titled "Don't peek into my container". This year, CC became a CNCF sandbox project. This technology is full of promises, but it also presents a number of hard technical challenges, for which we have solutions of unequal quality. In this talk, we will focus on five major technical or commercial difficulties: 1/ attestation of the workloads, 2/ performance (including memory, disk and networking bloat), 3/ image download (including possible optimizations), 4/ access control (and the need to rethink credentials) and 5/ debuggability. For some of these problems, we have solutions in the works or on the horizon. For some others, we just know that it will be bad, and we are exploring ideas on how to limit the damage. The majority of these problems involve the hypervisor or KVM to some extent.


https://static.sched.com/hosted_files/kvmforum2022/f9/Five%20Big%20Problems%20with%20Confidential%20Containers%20%E2%80%93%C2%A0KVM%20Forum%202022.pdf

Five Big Problems with Confidential Containers – KVM Forum 2022.pdf file






Linux KVM Forum 2022

https://events.linuxfoundation.org/kvm-forum/program/schedule/





Potential Value Opportunities



Potential Challenges



Candidate Solutions



Step-by-step guide for Example



sample code block

sample code block
 



Recommended Next Steps



  • No labels