COSCUP 2026 - Conference for Open Source Coders, Users, and Promoters

Zero-Trust Workloads with Confidential Containers on Ubuntu
09.08.2026 , TR211

In terms of protecting sensitive data during execution across diverse cloud environments, typical container isolation mechanisms frequently fall short. While traditional security secures data at rest and in transit, the "data-in-use" gap remains leaving memory and running processes vulnerable to a compromised host, hypervisor, or rogue administrator. Without requiring changes to application code, Confidential Containers (CoCo) is a potent open-source technology that makes it possible to isolate workloads safely and effectively using hardware-based Trusted Execution Environments (TEEs). This session examines how memory encryption, remote attestation, and hardware-level isolation offered by CoCo might improve zero-trust security on Ubuntu systems. Measures like standard Linux namespaces and cgroups are less efficient against contemporary infrastructure-level attacks as a result of the sophistication of modern cloud-native threats. By offering a cryptographic method of isolating system memory without compromising cloud flexibility, CoCo tackles these issues. And CoCo is a crucial tool for contemporary data privacy and compliance since it can protect proprietary code, AI models, and sensitive payloads by executing them inside hardware-attested utility VMs on the Linux kernel.

The talk will focus on the integration of Confidential Containers with Ubuntu, highlighting Canonical’s and the broader open-source community's ecosystem support for TEE-backed virtualization such as Intel TDX and AMD SEV-SNP. Will also include practical demonstrations of CoCo deployments on Ubuntu, showcasing how to use the open-source CoCo Operator for running encrypted pods, managing remote attestation, and preventing unauthorized host-level access to container memory. We will walk through real-world examples of deploying hardware-isolated workloads using CNCF tools such as Kata Containers and the Confidential Containers project alongside Ubuntu's MicroK8s, demonstrating how they enforce a true zero-trust architecture in modern cloud infrastructures.

Participants will have a thorough grasp of how to use Confidential Containers to improve data-in-use security in Ubuntu environments by the end of this session. They will acquire hands-on experience in deploying CoCo for memory encryption, hardware-based workload isolation, and cryptographic attestation, allowing them to leverage this potent technology in their own infrastructure strategies and actively champion advanced cloud security within the Ubuntu ecosystem.


Schwierigkeitsgrad: Fortgeschritten

V Sreenivas is a DevRel, specializing in cybersecurity, Linux security, and cloud-native security. With a strong background in security engineering and open-source contributions, he has worked extensively on security observability and enforcement mechanisms. Passionate about sharing knowledge, he has spoken at various security conferences and actively contributes to the security community. https://www.linkedin.com/in/v-sreenivas-985088203/