In-person + Virtual
18-21 April
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Back To Schedule
Wednesday, April 19 • 14:30 - 15:05
The Next Episode in Workload Isolation: Confidential Containers - Jeremi Piotrowski, Microsoft

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Container based workloads are isolated at the OS level by default. Stronger isolation can be achieved using Kata Containers which adds a hardware isolation boundary. New hardware capabilities have appeared in CPUs in recent years that open up the possibility of enhancing this isolation with an added level of confidentiality. Kata-CC is an extension of Kata Containers that makes use of Trusted Execution Environment features present in modern CPUs to enhance security in a multi-tenant environment by combining workload attestation and memory encryption. An issue hindering wider adoption of this technology for some time has been hardware availability. New developments which will be covered in this talk address this and make confidentiality more accessible than ever. Jeremi will talk about the available ways to deploy containers in SEV-SNP (secure encrypted virtualization - secure nested paging) protected confidential virtual machines and dig into their respective architectures. He will also talk about the challenges with hardware attestation and how it ensures workload portability.

avatar for Jeremi Piotrowski

Jeremi Piotrowski

Software Engineer, Microsoft
Jeremi is a Software Engineer at Microsoft, his work focuses on Linux OS components. In Azure he has been working on enabling Confidential Containers to run within Linux guests. He is a Flatcar Container Linux maintainer and contributed to projects like containerd and the Linux Kernel... Read More →

Wednesday April 19, 2023 14:30 - 15:05 CEST
Hall 7, Room B | Ground Floor | Europe Complex