Trust No One: Bringing Confidential Computing to Containers

The presentation discusses the implementation of confidential computing in Kata Containers and its implications for developers and end-users.

• Confidential computing requires VMs, making containers and other VM isolated workloads a good target for implementation.
• The goal is to abstract away the different hardware implementations of confidential computing while still providing a clear level of isolation for the user.
• Developers do not need to change their workload to implement confidential computing, but should follow best practices to ensure confidentiality.
• End-users will need to update their pods and specify how to attest and get keys for decryption.
• Providers will need to install a runtime that supports confidential computing and treat the finite resource of keys as a scheduled device plug-in.

The speaker emphasizes the importance of following best practices to ensure confidentiality, stating that a backdoor in the base image can compromise the confidentiality of the top layer. They also note that introspection no longer exists, which may require a change in how processes are managed. The presentation highlights the need for a measured view up to the point of the Kata agent inside the guest to facilitate remote attestation. The speaker also discusses the challenges of key provisioning, which may come from different sources depending on the architecture.

Today’s containers run in wildly heterogeneous environments. When deployed on multi-tenant clouds, they can span across nodes, regions, and multiple Cloud Service Providers (CSPs) while sharing CSP-owned resources between tenants. In such hostile environments, protecting containers data and code requires full trust on the CSP stack. Confidential computing leverages emerging hardware technologies to build Trusted Execution Environments (TEE) that protect cloud code and data at rest, in transit and in use, allowing tenants to trust no one but themselves. In this presentation, we will describe cloud native gaps for supporting confidential computing through memory encryption, authenticated launch and application attestability. Attendees will learn how secure container runtimes like Kata can close those gaps and leave with a proposed software architecture to bring confidential computing to cloud native workloads.