Brussels / 4 & 5 February 2023


Confidential Containers and the Pitfalls of Runtime Attestation

Confidential Containers uses a generic guest image to simplify the orchestration and validation of Pod VMs. While this has many benefits, it also introduces some subtle security considerations. This talk will describe a class of so-called Evidence Factory attacks where privilege escalation can lead to dangerous misuse of generic attestation evidence. Can these attacks be mitigated while still preserving the benefits of a generic guest image? This talk will dive into the details of how attestation works for Confidential Containers and expose crucial considerations for anyone working with Confidential Computing more generally.


Photo of Tobin Feldman-Fitzthum Tobin Feldman-Fitzthum