Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is the kata-container memory-safe? #9569

Open
zibinpan opened this issue Apr 29, 2024 · 1 comment
Open

Is the kata-container memory-safe? #9569

zibinpan opened this issue Apr 29, 2024 · 1 comment
Labels
question Requires an answer
Projects
Issue backlog

Comments

@zibinpan
Copy link

If I create a container by kata, and my cloud server doesn't support SGX or TDX, then, is this container memory safe?

In other words, can the cloud host utilize some technologies like mapping the memory of the kata container to the real memory and using memory analysis to steal the data in my container?
@zibinpan zibinpan added the question Requires an answer label Apr 29, 2024
@lifupan
Copy link
Member

lifupan commented Apr 29, 2024

If I create a container by kata, and my cloud server doesn't support SGX or TDX, then, is this container memory safe?

In other words, can the cloud host utilize some technologies like mapping the memory of the kata container to the real memory and using memory analysis to steal the data in my container?

Yes, if the host didn't support TDX/SGX, then the VM memory contents are all in clear text, and it is easy to spy on the contents by reading the VM's memory from the host.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Requires an answer
Projects
Issue backlog
  
To do
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lifupan @zibinpan