Speaker
Description
Whenever you run your application on a cloud, you are pretty much giving the cloud provider complete access to your sensitive data. Even if you were to use full-disk encryption to protect the data on your disk, it still remains vulnerable when in use — when loaded into RAM or processed by the CPU.
So how do you ensure that your data remains secure even if the cloud infrastructure is compromised? How do you trust a VM that was launched by a compromised host environment? An environment where a malicious actor could have physical access to your allocated hardware.
Confidential computing aims to solve all of these problems and in this talk, we'll see how that is achieved. We'll explore potential threats and understand mitigation techniques — techniques like secure boot, measured boot, TPM-based full-disk encryption and hardware-based trusted execution environments. We'll see how Ubuntu is modified to support all of this.
Biography
Dimple Kuriakose has been working in the tech industry for 23 years. With an MS in Computer Science, an MBA and an LL.B., her roles have ranged from software development and system administration to handling intellectual property and company operations. She was also a computer science professor for three years and is now working as a technical author in the Public Cloud team at Canonical.
What audience can learn
They'll learn about the intricacies of Confidential Computing, including terminology and technologies (secure boot, measured boot, FDE, CVMs and TEE).
Summary
In this talk, we'll explore Confidential Computing in detail. We'll examine the potential threats posed by malicious actors with physical access to your laptop or cloud VM. We’ll look at how hardware-based solutions, coupled with OS modifications, can effectively mitigate these threats.
| Difficulty level | Intermediate |
|---|