We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Confidential Containers and the Pitfalls of Runtime Attestation

Formal Metadata

Title
Confidential Containers and the Pitfalls of Runtime Attestation
Title of Series
Number of Parts
542
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Confidential Containers uses a generic guest image to simplify the orchestration and validation of Pod VMs. While this has many benefits, it also introduces some subtle security considerations. This talk will describe a class of so-called Evidence Factory attacks where privilege escalation can lead to dangerous misuse of generic attestation evidence. Can these attacks be mitigated while still preserving the benefits of a generic guest image? This talk will dive into the details of how attestation works for Confidential Containers and expose crucial considerations for anyone working with Confidential Computing more generally.