-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Questions about "on-prem/private cloud" environments #68
Comments
I'll provide the best Xandr answers I can, I pinged our techops folks and will consult with them on more interesting pieces:
|
Here are some answers for Criteo.
In general, we don't foresee any major issues with hosting orchestrated confidential VMs in our environment. That's how we were already planning on doing things. On the other hand, I would really stress the need for publishing and discussing the security requirements that you will mandate for non-public cloud as soon as possible. Considering the various things that have been throw here and there during meetings, we suspect that this will be the real challenge for most adtech. We would rather clear that uncertainty sooner than later. |
Would you be able to bring up the "local" build of the KV server in your data center (compute environment)? If not, are there specific technical barriers that prevent you from doing so? Yes. Any software we deploy would need to pass standard security/OSS scans. In your production environment, do you have the ability to run a workload that is a Linux binary? Or a container? Yes. In your production environment, do you have the ability to run workloads on "bare metal" -- that is, not inside a VM? Yes. though for a variety of reasons, we would prefer to use a containerization isolation strategy rather then a VM isolation pattern. In your production environment, would the workload (say the KV server) be able to start a virtual machine (VM) using a VMM such as QEMU or Cloud Hypervisor? We ask, because eventually, we would like the "trusted" portion of the server to run inside a "Confidential VM" for confidentiality and security protection. I want to understand the threat model. the data in the K/V server is unprotected by definition, so the primary difference is bulk egress or network monitoring. Confidential VMs are needed in a multi-tenant environment. Bu in a single-tenant environment, we can secure workloads on the server using standard cgroups and namespaces. Data being exfilled would be a problem on the host as well, due to network passthrough. do you use orchestration tools such as Kubernetes in your production environment? We are interested in understanding how a trusted server design that depends on virtualization and confidential VMs can be integrated with your application management and orchestration solutions. K8s is in use. Typically, something like ArgoCD, Spinnaker, or Helm would be used to manage the service's rollout. Trusted Execution Environments can rely on hardware-rooted guarantees and CPU-specific protections like encryption of memory in use. Two such CPU platforms available today are AMD's SEV-SNP and Intel's TDX. We welcome feedback on your ability to procure and deploy these technologies in your production environment. TDX is fairly new—it didn't start getting deployed in new hardware until 2022. With hardware approaching 5-+ year deprecation windows, this would mandate new servers for K/V, assuming that the server bill of materials were updated to saphir rapids-based servers once the chips became available. |
@palenica - would love to get more feedback here. |
Questions about "on-prem/private cloud" environments
We are exploring possibilities for enabling trusted Privacy Sandbox workloads to be run outside of public clouds with a dedicated TEE offering. We are interested in a better understanding of compute environments adtechs employ currently, and understanding how to architect Privacy Sandbox software so that it can be run in such environments.
In this issue, we'd like to focus on the adtech's ability to run a workload in their production environment. Most security and privacy challenges, while critical for us to address, are out of scope for this issue.
Consider a trusted server workload such as the Key-Value Server, or a server from the Bidding and Auction Services, for example the Bidding Server.
Would you be able to bring up the "local" build of the KV server in your data center (compute environment)? If not, are there specific technical barriers that prevent you from doing so?
In your production environment, do you have the ability to run a workload that is a Linux binary? Or a container?
In your production environment, do you have the ability to run workloads on "bare metal" -- that is, not inside a VM?
In your production environment, would the workload (say the KV server) be able to start a virtual machine (VM) using a VMM such as QEMU or Cloud Hypervisor? We ask, because eventually, we would like the "trusted" portion of the server to run inside a "Confidential VM" for confidentiality and security protection.
In your production environment, do you use orchestration tools such as Kubernetes? We are interested in understanding how a trusted server design that depends on virtualization and confidential VMs can be integrated with your application management and orchestration solutions.
Trusted Execution Environments can rely on hardware-rooted guarantees and CPU-specific protections like encryption of memory in use. Two such CPU platforms available today are AMD's SEV-SNP and Intel's TDX. We welcome feedback on your ability to procure and deploy these technologies in your production environment.
The text was updated successfully, but these errors were encountered: