Kubernetes Podcast from Google Confidential Computing, with Fabian Kammel
11 snips
Nov 23, 2023 Guest Fabian Kammel, Security Architect at ControlPlane, discusses confidential computing, trusted execution environments, and the differences between TPMs and HSMs. The chapter also explores the concept of confidential virtual machines and their use in sensitive industries like defense and healthcare.
AI Snips
Chapters
Transcript
Episode notes
Confidential Computing Overview
- Confidential computing protects sensitive computations in untrusted environments, similar to credit cards or SIM cards.
- It expands this concept to general server hardware and provides remote attestation for genuineness.
Trusted Execution Environments (TEEs)
- TEEs are hardware-protected environments where external observers cannot see or manipulate data.
- Different implementations exist, like Intel SGX's process-based approach and AMD SEV's full VM shielding.
HSMs vs. TPMs
- TPMs are cheap and commonplace but have limited memory and cryptographic capabilities.
- HSMs are expensive, offer strong physical tamper protection, but are unsuitable for average workloads.