Fabian Kammel is a Security Architect at ControlPlane, where he helps to make the (cloud-native) world a safer place. In his career, he continuously worked to bring hardware security and cloud-native security closer together. His past projects include:
* A cloud-native PKIs for on-road vehicle services secured by enterprise HSMs
* An always-encrypted Kubernetes distribution that harnesses the power of Confidential Computing
* And more recently securing SPIFFE-based machine identities via hardware attestation.
Do you have something cool to share? Some questions? Let us know:
– web: kubernetespodcast.com (
– mail: kubernetespodcast@google.com (mailto:kubernetespodcast@google.com)
– twitter: @kubernetespod (
Links from the interview
Confidential Computing Blog from ( kubernetes.io (
Confidential Computing Consortium (
Confidential Computing Whitepaper (
Intel SGX Enclave (
Swap Memory with Kubernetes in Beta in 1.28 (
Hardware Security Modules (
Trusted Platform Modules (TPM) (
Envelope Encryption (
Confidential Computing Concepts – Confidential Virtual Machine (
AMD Secure Encrypted Virtualization ( (AMD SEV)
AMD Secure Encrypted Virtualization – Secure Nested Paging ( (AMD SEV SNP)
Trusted Computing Base (TCB) (
Remote Attestation (
Confidentiality, Integrity, and Availability: The CIA Triad (
Intel SGX Enclaves (
Confidential Containers (CoCo) (
Katacontainers (
AWS Firecracker (
[ad_2]
source
