logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: James Cleverley-Prance
2022-05-20

Kubernetes' networking model simplifies the user experience, but abstractions can introduce and hide complexity under the hood. This talk challenges perceived trust boundaries in Kubernetes networking and demonstrates some non-obvious and counter-intuitive behaviours. Left unchecked, these issues can mean Kubernetes clusters present a wider attack surface than may be immediately evident. The talk will cover: * The external attack surface of a Kubernetes node * Enumerating externally available cluster information * Exploiting Linux networking to access internal pods and services * Misusing CNI configurations to access internal pods and services You will gain an understanding of these attacks and how to use them, learn mitigation strategies and pragmatic defences, and be able to protect your clusters to avoid compromise.Click here to view captioning/translation in the MeetingPlay platform!
Authors: James Magowan, Samuel Ortiz
2022-05-18

tldr - powered by Generative AI

Confidential Containers enable cloud native confidential computing by standardizing confidential computing at the container level, allowing users to deploy confidential workloads using familiar workflows and tools. The project aims to seamlessly run Kubernetes workloads in their own confidential computing enclaves, taking the infrastructure owner out of the trust boundary and providing potential use cases for running sensitive workloads anywhere confidential computing is enabled.
  • Confidential Containers is an open source project that standardizes confidential computing at the container level
  • The project aims to seamlessly run Kubernetes workloads in their own confidential computing enclaves
  • Confidential Containers takes the infrastructure owner out of the trust boundary, providing potential use cases for running sensitive workloads anywhere confidential computing is enabled
  • The project is expanding to include the attestation side and adding secure storage
  • The first official release is expected in a few months