Back To Schedule
Tuesday, May 21 • 11:55 - 12:30
Kubernetes + Encrypted Memory = Security * Privacy - Harshal Patil & Pradipta Banerjee, IBM

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The Memory Encryption on hardware is coming soon. From Intel's TME/MKTME[1] to IBM's Ultravisor[2], hardware manufacturers are aiming to make sure 'what's written by the process stays within the process'. Once the hardware is out, it will change the way we perceive the security and privacy in the cloud.

In this talk, we will discuss briefly on the upcoming memory encryption technologies and how we modified kata container runtime to handle kubernetes' Ephemeral Volumes (aka, EmptyDir volumes) to keep your data and application protected from the container image registry (encrypted at rest) to runtime (protected by memory encryption). For the demonstration, we run a container image with the encrypted TensorFlow model using kubernetes such that even the root user on the worker node won’t be able to read the model parameters.

[1] https://goo.gl/Xt3MJf
[2] https://goo.gl/X2A5yx

avatar for Pradipta Banerjee

Pradipta Banerjee

Senior Tech Staff Member, IBM
Pradipta is a Senior Technical Staff Member in IBM Systems, where he leads cloud-native platform initiatives and works with customers to help them with their digital transformation journey. He comes with an extensive infrastructure and cloud background and has worked on many first... Read More →

Harshal Patil

Advisory Systems Software Engineer, IBM
Harshal is an Open Source developer working on Kubernetes and Runtimes. At IBM Power Systems, he designs and implements container architectures focused on security that take advantage of Power's unique hardware features. In the container ecosystem, Harshal’s contributions span from... Read More →

Tuesday May 21, 2019 11:55 - 12:30
Hall 8.0 F1