Thursday, May 23 • 11:55 - 12:30
Securing Kubernetes with Trusted Platform Module (TPM) - Alex Tcherniakhovski & Andrew Lytvynov, Google

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
TPM is a discrete tamper-resistant device soldered to the motherboard and it operates independently of its host.
TPM devices are designed to protect sensitive credentials at the hardware level: credentials created and stored within TPM devices cannot be extracted, even if host is compromised. Additionally, TPM devices provide a suite of cryptographic operations for applications to leverage.

In this demo heavy session, we will review core TPM capabilities and how they could be used in for extending Kubernetes security.

Attendees will leave with understanding how to utilize TPM in the context of Kubernetes. Concretely, the following scenarios will be covered:
- Bootstrap trusted identity of cluster nodes
- Seal sensitive data
- Generate cryptographically protected logs
- Generate unexportable TLS credentials

avatar for Alexandr Tcherniakhovski

Alexandr Tcherniakhovski

Security Engineer, Google
Alex Tcherniakhovski | Alex is a Security Engineer at Google, working on Kubernetes Engine Security team. Alex focuses on the encryption at rest features of Kubernetes. Alex also an owner of encryption of rest feature in Kubernetes. | Before Google, Alex worked at Microsoft in various... Read More →
avatar for Andrew Lytvynov

Andrew Lytvynov

Software Engineer, Google
Andrew Lytvynov | Andrew is a Software Engineer on the Google Kubernetes Engine Security team. | Andrew worked on TPM-based Node bootstrap in GKE and maintains github.com/google/go-tpm - a Go library for interacting with TPM devices. Prior to GKE Andrew worked on monitoring the... Read More →

Thursday May 23, 2019 11:55 - 12:30
Hall 8.0 B1