The Sched app allows you to build your schedule but is not a substitute for your event registration. In addition, you must be registered for Linux Security Summit to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC-7.Please select from the drop-down menu to the right to see the schedule in your preferred timezone above "Filter by Date."
Confidential Cloud Computing is a powerful security model where the cloud tenants are not required to trust the SW stack provided by Cloud Service Providers (CSPs). This includes the Virtual Machine Monitor (VMM) that has been an internal part of VM guest’s TCB for decades. In recent years CPU vendors are coming forward with the technologies that make possible to support this changed threat model (AMD SEV, Intel TDX, etc.), but a lot of work also needs to be done on the VM guest SW stack to truly make this setup secure. This talk would present our efforts and methodology for hardening the mainline Linux kernel that can be used as a secure VM guest kernel. We will talk about the challenges we have faced, successful and failed approaches, as well as share some initial results. We also hope to start a discussion with the Linux community on how we all can work together to develop and integrate these hardening measures into the general practices for all involved components of the Linux guest SW stack.
Elena Reshetova is a security architect and researcher at Intel working on various Linux security projects. Her current research interests evolve around Linux kernel hardening for the confidential cloud computing.
