YoVDO

Putting an Invisible Shield on Kubernetes Secrets

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Conference Talks Courses Data Protection Courses Kubernetes Security Courses Trusted Execution Environment Courses Confidential Computing Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore an innovative approach to enhancing Kubernetes secrets protection in this conference talk. Learn about the implementation of Trusted Execution Environment (TEE) and enhanced authentication to create an end-to-end secret hardening solution for Kubernetes clusters. Discover how to guard secrets while in use, at rest, and in transit by making changes to kubectl, Kubernetes master, and node components. Gain insights into TEE transparency for developers and users, and witness a practical demonstration. Understand the real-world application of this technology at Alibaba and learn about the proposed Kubernetes Enhancement Proposal (KEP) for the community. Delve into topics such as confidential computing, TEE-based KMS plugins and providers, and the Occlum framework for simplified SGX development.

Syllabus

Intro
Background: K8s Secrets
Motivation: K8s Secrets Protection
Confidential Computing
TEE-based KMS Plugin
TEE-based KMS Provider
TEE-based Kubectl
TEE-based Secrets Protection (cont.)
KMS Plugin (cont.)
KMS Plugin as a Service
One binary: TEE Transparency
Occlum: SGX Dev Made Easy
Occlum: Major Features
Occlum: Container-Inspired Interface
Demo
Summary & Next Steps


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

IoT Product Security
Cybrary Trusted Execution Environments Meet the Blockchain
Simons Institute via YouTube Cache Side Channel Attack - Exploitability and Countermeasures
Black Hat via YouTube Confidential Computing in Cloud and Edge
RSA Conference via YouTube The Rise of Confidential Computing
RSA Conference via YouTube