December 5-6, 2022 Yokohama, Japan + Virtual View More Details & Registration Note: The schedule is subject to change.
The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Japan 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
This schedule is automatically displayed in Japan Standard Time (UTC +9). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."
IMPORTANT NOTE: The timing of sessions and room locations are subject to change.
With continual security requirements of tenants while deploying containers in public cloud, cloud service providers leverage hardware based TEE techniques (Intel's SGX/TDX, AMD's SEV) to launch tenants' containers. Definitely, such solution is meaningful and can win the trust from the tenants, which is led by "Confidential Containers" sandbox project. Unfortunately, there will be some performance drop while using such technology. And container tenants may still want to have acceptable performance while using such technique. In this talk, we would like to address the bootup of containers which are using overlay format while they are running in TEE environment but still satisfy the security requirements. Generally, we have the following contributions: (1)Accelerating the image downloads with overlayed format and reducing the key negotiation overhead with KMS. Instead of downloading the single layer and negotiate the KMS to get the image layer decrypt key. We design the method to get all the keys by one round while negotiating with the KMS instead of multiple rounds; (2) We can leverage some accelerating techniques to offload the image decryption efforts done by CPU.
Ziye Yang is a staff software engineer at Intel and is currently involved in cloud native related projects. Before that, Ziye worked at EMC for 4.5 years. Ziye is interested in system virtualization, file system and storage related research and development work. Ziye currently has... Read More →
Haokun Xing is a staff software engineer at Intel and focuses on the cloud infrastructure software. Haokun is interested in container runtime, hardware accelerate and confidential container.
