13–15 Nov 2023
America/New_York timezone

Protecting Sensitive Data in Container Checkpoints

13 Nov 2023, 17:30
25m
"James River Salon B" (Omni Richmond Hotel)

"James River Salon B"

Omni Richmond Hotel

83
Containers and checkpoint/restore MC Containers and checkpoint/restore MC

Speakers

Adrian Reber (Red Hat) Radostin Stoyanov (University of Oxford) Wesley Armour (University of Oxford)

Description

With the recent integration of container checkpointing in Kubernetes, it is crucial to protect the captured container state in order to maintain the confidentiality and integrity of application data. In this talk, we are going to discuss a built-in mechanism for providing data security by default through asymmetric encryption of CRIU images. By extending CRIU with encryption capabilities, we enable seamless end-to-end security across cluster nodes, without the need for modifications of the underlying container infrastructure. The talk will cover the current state of the project, the necessary changes for integration with existing container environments, and discuss how this mechanism can be utilized in combination with role-based access control in multi-tenant clusters.

Primary author

Radostin Stoyanov (University of Oxford)

Co-authors

Adrian Reber (Red Hat) Wesley Armour (University of Oxford)

Presentation materials

Diamond Sponsors
Platinum Sponsor
Gold Sponsors
Silver Sponsors
Catchbox Sponsor
Livestream Sponsors
T-Shirt Sponsor
Conference Services Provided by