Kubernetes Podcast from Google

Confidential Computing, with Fabian Kammel

Nov 23, 2023

Guest Fabian Kammel, Security Architect at ControlPlane, discusses confidential computing, trusted execution environments, and the differences between TPMs and HSMs. The chapter also explores the concept of confidential virtual machines and their use in sensitive industries like defense and healthcare.

53:36

Creator website

Episode guests

Fabian Kammel

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Trusted execution environments (TEEs) and confidential virtual machines (CVMs) provide hardware-protected and isolated environments for computations.

TPMs and HSMs offer varying levels of security capabilities for key storage and cryptographic operations.

Confidential computing has practical application in PKIs for autonomous vehicles and verifiable build runners, enhancing security for sensitive workloads in cloud environments.

Deep dives

Trusted execution environments and confidential virtual machines

Trusted execution environments (TEEs) and confidential virtual machines (CVMs) are two key concepts in confidential computing. TEEs provide hardware-protected environments that shield sensitive computations from external observers. They have been used in specialized hardware like TPMs and HSMs. On the other hand, CVMs are virtual machines that offer memory encryption and remote attestation. CVMs are easier to use and provide transparency and isolation within the VM. They are available in cloud environments and can be a secure solution for sensitive workloads.

Introduction

2min

Recent Tech Announcements and Interview on Confidential Computing

14min

Confidential Virtual Machines and Memory Encryption

26min

Conducting Interviews in Foreign Languages

1min

Confidential Computing and its Solutions

4min

Exploring the Difference Between TPMs and HSMs

2min

Security Needs for Autonomous Vehicles

4min

Fabian Kammel is a Security Architect at ControlPlane, where he helps to make the (cloud-native) world a safer place. In his career, he continuously worked to bring hardware security and cloud-native security closer together. His past projects include:

* A cloud-native PKIs for on-road vehicle services secured by enterprise HSMs

* An always-encrypted Kubernetes distribution that harnesses the power of Confidential Computing

* And more recently securing SPIFFE-based machine identities via hardware attestation.

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

Links from the interview

Confidential Computing Blog from kubernetes.io

Confidential Computing Consortium

Confidential Computing Whitepaper

Intel SGX Enclave