Loading…
The Sched app allows you to build your schedule but is not a substitute for your event registration. In addition, you must be registered for Linux Security Summit to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC-7. Please select from the drop-down menu to the right to see the schedule in your preferred timezone above "Filter by Date."
Back To Schedule
Friday, October 1 • 11:50am - 12:35pm
(VIRTUAL) Live Migration Architecture for Intel TDX-based Confidential VMs - Ravi Sahita & Jun Nakajima, Intel

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Confidential computing establishes a new security model for data-in-use protection - a large volume of sensitive data is processed in public clouds, where the trusted computing base (TCB) is large including hypervisors, host operating system, operators, orchestration software, devices (with firmware), and BIOS/SMM. Intel TDX (Trust Domain Extensions) provides capabilities to limit the TCB for VM workloads, with the goal to removing the host software from the TCB (by running the VM as a TD VM). At the same time, cloud and enterprise operators require capabilities such as live migration of VM workloads to support reliability and availability of the infrastructure. This talk describes the Intel TDX architecture to enable live migration of TD VMs running confidential workloads. The proposed architecture provides live-migration while maintaining the baseline functionality and security requirements of Intel TDX. The talk will describe the expanded threat model, and the platform capabilities to address these potential new threats, followed by a summary of the modifications to KVM/QEMU and implications to the TD VM owners when opting-in to live migration of TD VMs.

Speakers
avatar for Ravi Sahita

Ravi Sahita

Security Architect (Sr. PE), Intel
Ravi Sahita is a Senior Principal Engineer at Intel in the Data Platforms Group. He has 20 years of experience in computer security, hardware virtualization, systems and platform software, CPU ISA and applying machine learning for security. His current focus is on architecture development... Read More →
avatar for Jun Nakajima

Jun Nakajima

Software Engineer (Sr. PE), Intel
Jun Nakajima is a Senior Principal Engineer at the Intel Open Source Technology Center, leading open source virtualization, such as KVM and Xen. Jun presented a number of times at technical conferences, including LSS, KVM Forum, Xen Summit, LinuxCon, OpenStack Summit, and USENIX... Read More →


Friday October 1, 2021 11:50am - 12:35pm PDT
Room 402 - Chiliwack