Brussels / 3 & 4 February 2024


Proving that Cloud Sysadmins Cannot Read your Data!

Confidential Computing is a set of technologies such as memory encryption that can be used to protect data in use. This can be used for instance by banks or medical institutions to protect your personal data while they process it, and makes it possible to move to the cloud workloads that would otherwise have to run on-premise.

Attestation, generally speaking, is the process of proving some fundamental properties of a system. Attestation plays a central role in asserting that confidential systems are indeed confidential. This technology can be used in a number of ways, notably to implement Confidential Virtual Machines, Confidential Containers and Confidential Clusters. This talk explores the various chains of trust required to preserve confidentiality in each of these use cases. In each scenario, we will describe the root of trust, what is being proven, who verifies the proof, and what a successful verification allows.

We will discuss techniques and technologies such as local and remote attestation, firmware-based certification, the use and possible implementations of a virtual TPM, attested TLS. We will also discuss the different requirements to attest an execution environment, a workload, a user, or a node joining a cluster.


Photo of Christophe de Dinechin Christophe de Dinechin