YoVDO

Architectural Extensions for Hardware Virtual Machine Isolation to Advance Confidential Computing in Public Clouds

Offered By: Linux Foundation via YouTube

Tags

Conference Talks Courses Cloud Computing Courses Key Management Courses Confidential Computing Courses

Course Description

Overview

Explore architectural extensions for hardware virtual machine isolation in this conference talk focused on advancing confidential computing in public clouds. Delve into cloud threat vectors, the evolution of hardware-based cloud workload isolation, and Intel's Trust Domain Extensions (TDX) architecture. Learn about security goals, CPU ISA, VMX, and SEAM technologies. Examine threat models, memory confidentiality and integrity, private key management, hardware address translation, and physical memory management. Discover how attestation leverages Intel SGX and understand threat coverage for various attack types, including software, hardware, and side-channel attacks. Gain insights into TDX software implications, deployment models, and KVM touchpoints. Investigate Linux TD guest touchpoints, Guest-Hypervisor Communication Interface (GHCI), and TDX platform and software lifecycles. Enhance your understanding of cutting-edge confidential computing technologies and their implementation in public cloud environments.

Syllabus

Intro
CLOUD THREAT VECTORS
HARDWARE-BASED CLOUD WORKLOAD ISOLATION EVOLUTION
INTEL TDX-HIGH LEVEL SECURITY GOAL OF ARCHITECTURE
CPU ISA
VMX AND SEAM
THREAT MODEL
TD MEMORY CONFIDENTIALITY
TD MEMORY INTEGRITY
PRIVATE KEY MANAGEMENT
HW ADDRESS TRANSLATION
PHYSICAL MEMORY MANAGEMENT
ATTESTATION LEVERAGES INTEL SGX
THREAT COVERAGE - SOFTWARE ADVERSARY ATTACKS
THREAT COVERAGE - HARDWARE ADVERSARY ATTACKS
THREAT COVERAGE-TOX MODULE AND ATTESTATION ATTACKS
THREAT COVERAGE - SIDECHANNEL ATTACKS
INTEL TDX -PUTTING IT ALL TOGETHER
INTEL TDX SOFTWARE IMPLICATIONS
INTEL TDX-SW DEPLOYMENT MODELS
KVM TOUCHPOINTS
MORE ON MMU
LINUX TD GUEST TOUCHPOINTS
GHCI (GUEST-HYPERVISOR COMMUNICATION INTERFACE)
INTEL TDX PLATFORM AND SW LIFECYCLE
SUMMARY


Taught by

Linux Foundation

Tags

Related Courses

Software as a Service
University of California, Berkeley via Coursera
Software Defined Networking
Georgia Institute of Technology via Coursera
Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld Systems
Vanderbilt University via Coursera
Web-Technologien
openHPI
Données et services numériques, dans le nuage et ailleurs
Certificat informatique et internet via France Université Numerique