Attacking and Defending Kubernetes TEE Enclaves in Critical Infrastructure

Explore the world of Trusted Execution Environments (TEEs) in Kubernetes for critical infrastructure security in this 36-minute conference talk. Dive into the fundamentals of TEEs, their implementations across various chip platforms, and their significance in creating a Trusted Computing Base (TCB) for Kubernetes deployments. Learn how to leverage TEE enclaves to protect the Kubernetes control plane, data flows, and CI/CD pipelines, effectively reducing attack surfaces and mitigating third-party supply chain risks. Examine detailed Kubernetes threat models, discover techniques for attacking and defending Kubernetes workloads within TEE contexts, and gain insights into protecting container image integrity. Explore the development and operational challenges associated with TEE usage, and understand the compliance benefits, including specific policy and control mappings for GDPR, CCPA, PCI, HIPAA, and NIST 800-53. Gain valuable knowledge on topics such as TEE attestation, establishing trust, and the role of Kubernetes in TEE implementations, as well as emerging technologies like Open Enclave, Unikernel, and RunE.

Introduction
What is a TEE
Who is a TEE for
Use Cases
TEE chip implementations
How to establish trust
TEE attestation
TEE data
How to use TEE
casa de papel
features
attack tree
trust
silver bullet
where does Kubernetes fit
operating Kubernetes
Open Enclave
Unikernel
RunE
MarbleRun
Arcs
Overview
Formal Verification
Compliance
Government Agencies
Whats Next
What About the Supply Chain