Attacking and Defending Kubernetes TEE Enclaves in Critical Infrastructure

Explore the world of Trusted Execution Environments (TEEs) in Kubernetes for critical infrastructure security in this 36-minute conference talk. Dive into the fundamentals of TEEs, their implementations across various chip platforms, and their significance in creating a Trusted Computing Base (TCB) for Kubernetes deployments. Learn how to leverage TEE enclaves to protect the Kubernetes control plane, data flows, and CI/CD pipelines, effectively reducing attack surfaces and mitigating third-party supply chain risks. Examine detailed Kubernetes threat models, discover techniques for attacking and defending Kubernetes workloads within TEE contexts, and gain insights into protecting container image integrity. Explore the development and operational challenges associated with TEE usage, and understand the compliance benefits, including specific policy and control mappings for GDPR, CCPA, PCI, HIPAA, and NIST 800-53. Gain valuable knowledge on topics such as TEE attestation, establishing trust, and the role of Kubernetes in TEE implementations, as well as emerging technologies like Open Enclave, Unikernel, and RunE.