Threat Model

The AMD SEV-SNP threat model Threat Model and the SGX architecture data threats Threat Modelalso apply to this threat model. The key difference to the SGX architecture is the trust model. Here, additional software must be trusted.

Trust Model

In this trust model, the Kubernetes control plane is trusted, resulting in an architecture that is easy to set up. Since the control plane resides in a cVM, this is a valid assumption. Additionally, the guest operating system in the cVM is trusted because it can be attested. Also, all content inside a cVM is trusted, except for serverless containers. Serverless containers are not fully trusted to minimize the attack surface.

PreviousAMD SEV-SNP NextArchitecture

Last updated 2 years ago