Fabian Kammel is a Security Architect at ControlPlane, where he helps to make the (cloud-native) world a safer place. In his career, he continuously worked to bring hardware security and cloud-native security closer together. His past projects include:

* A cloud-native PKIs for on-road vehicle services secured by enterprise HSMs

* An always-encrypted Kubernetes distribution that harnesses the power of Confidential Computing

* And more recently securing SPIFFE-based machine identities via hardware attestation.

 

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: [email protected]

- twitter: @kubernetespod

 

Links from the interview

Confidential Computing Blog from kubernetes.io

Confidential Computing Consortium

Confidential Computing Whitepaper

Intel SGX Enclave

Swap Memory with Kubernetes in Beta in 1.28

Hardware Security Modules

Trusted Platform Modules (TPM)

Envelope Encryption

Confidential Computing Concepts - Confidential Virtual Machine

AMD Secure Encrypted Virtualization (AMD SEV)

AMD Secure Encrypted Virtualization - Secure Nested Paging (AMD SEV SNP)

Trusted Computing Base (TCB)

Remote Attestation

Confidentiality, Integrity, and Availability: The CIA Triad

Intel SGX Enclaves

Confidential Containers (CoCo)

Katacontainers

AWS Firecracker