BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.coscup.org//coscup-2026//speaker//7V3QRQ
BEGIN:VTIMEZONE
TZID:CST
BEGIN:STANDARD
DTSTART:20000101T000000
RRULE:FREQ=YEARLY;BYMONTH=1
TZNAME:CST
TZOFFSETFROM:+0800
TZOFFSETTO:+0800
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-coscup-2026-KKW9LR@pretalx.coscup.org
DTSTART;TZID=CST:20260809T103000
DTEND;TZID=CST:20260809T110000
DESCRIPTION:In terms of protecting sensitive data during execution across d
 iverse cloud environments\, typical **container isolation** mechanisms fre
 quently fall short. While traditional security secures data at rest and in
  transit\, the **"data-in-use"** gap remains leaving memory and running pr
 ocesses vulnerable to a compromised host\, hypervisor\, or rogue administr
 ator. Without requiring changes to application code\, Confidential Contain
 ers (CoCo) is a potent open-source technology that makes it possible to is
 olate workloads safely and effectively using hardware-based Trusted Execut
 ion Environments (TEEs). This session examines how memory encryption\, rem
 ote attestation\, and hardware-level isolation offered by CoCo might impro
 ve zero-trust security on Ubuntu systems. Measures like standard Linux nam
 espaces and cgroups are less efficient against contemporary infrastructure
 -level attacks as a result of the sophistication of modern cloud-native th
 reats. By offering a cryptographic method of isolating system memory witho
 ut compromising cloud flexibility\, CoCo tackles these issues. And CoCo is
  a crucial tool for contemporary data privacy and compliance since it can 
 protect proprietary code\, AI models\, and sensitive payloads by executing
  them inside hardware-attested utility VMs on the Linux kernel.\n\nThe tal
 k will focus on the integration of **Confidential Containers with Ubuntu**
 \, highlighting Canonical’s and the broader open-source community's ecos
 ystem support for TEE-backed virtualization such as Intel TDX and AMD SEV-
 SNP. Will also include **practical demonstrations** of CoCo deployments on
  Ubuntu\, showcasing how to use the open-source CoCo Operator for running 
 encrypted pods\, managing remote attestation\, and preventing unauthorized
  host-level access to container memory. We will walk through real-world ex
 amples of deploying hardware-isolated workloads using CNCF tools such as K
 ata Containers and the Confidential Containers project alongside Ubuntu's 
 MicroK8s\, demonstrating how they enforce a true zero-trust architecture i
 n modern cloud infrastructures.\n\nParticipants will have a thorough grasp
  of how to use Confidential Containers to improve data-in-use security in 
 Ubuntu environments by the end of this session. They will acquire hands-on
  experience in deploying CoCo for memory encryption\, hardware-based workl
 oad isolation\, and cryptographic attestation\, allowing them to leverage 
 this potent technology in their own infrastructure strategies and actively
  champion advanced cloud security within the Ubuntu ecosystem.
DTSTAMP:20260713T132621Z
LOCATION:TR211
SUMMARY:Zero-Trust Workloads with Confidential Containers on Ubuntu - Vutuk
 uri Sreenivas
URL:https://pretalx.coscup.org/coscup-2026/talk/KKW9LR/
END:VEVENT
END:VCALENDAR
