Protecting Data In-use With Secure Execution
Project and Program: Linux & VM
, SHARE Virtual 2020
Many workload owners refuse to deploy sensitive workloads in a cloud because it is still possible for HW operators or privileged hypervisor code or administrators to inspect or even modify sensitive data in the memory of a hosted guest system.
A new framework on IBM z15 and LinuxONE III servers helps, because it technically disables the HW management console (SE/HMC) or a KVM hypervisor to inspect or change memory or state of a guest thus making an IBM Z secure during runtime of an application and makes it a trustworthy platform to host sensitive workloads. In this presentation we will present the new trust model introduced, describe the attack vector protects, give an overview of the security technology used and describe the life cycle of a secure guest.-Reinhard Buendgen-IBM Corporation
Back to Proceedings File Library