The Next Episode in Workload Isolation: Confidential Containers

Confidential Computing is a secure computing environment that allows users to protect their data and workloads from unauthorized access. The presentation discusses the different models of attestation and how they are implemented in real-world scenarios using Microsoft Azure and the Confidential Containers project. The attestation report is a key component of remote attestation, which is made possible by the unique key inside the AMD secure processor that signs the report. Confidential Computing is an answer to the security concerns of industries that deal with personal and financial data.

• Confidential Computing is a secure computing environment that protects data and workloads from unauthorized access
• Different models of attestation are used in real-world scenarios
• The attestation report is a key component of remote attestation
• Confidential Computing is an answer to the security concerns of industries that deal with personal and financial data

The presentation provides examples of how Confidential Computing is implemented in Microsoft Azure and the Confidential Containers project. The attestation report contains four fields: launch measurement, host data, report data, and a unique key inside the AMD secure processor that signs the report. Confidential Computing is a part of multi-tenant and zero trust architectures that match the trust model of users who do not want to trust anything outside their workload.

Container based workloads are isolated at the OS level by default. Stronger isolation can be achieved using Kata Containers which adds a hardware isolation boundary. New hardware capabilities have appeared in CPUs in recent years that open up the possibility of enhancing this isolation with an added level of confidentiality. Kata-CC is an extension of Kata Containers that makes use of Trusted Execution Environment features present in modern CPUs to enhance security in a multi-tenant environment by combining workload attestation and memory encryption. An issue hindering wider adoption of this technology for some time has been hardware availability. New developments which will be covered in this talk address this and make confidentiality more accessible than ever. Jeremi will talk about the available ways to deploy containers in SEV-SNP (secure encrypted virtualization - secure nested paging) protected confidential virtual machines and dig into their respective architectures. He will also talk about the challenges with hardware attestation and how it ensures workload portability.