Giters

kata-containers / kata-containers

Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Is the kata-container memory-safe?

zibinpan opened this issue · comments

commented

If I create a container by kata, and my cloud server doesn't support SGX or TDX, then, is this container memory safe?

In other words, can the cloud host utilize some technologies like mapping the memory of the kata container to the real memory and using memory analysis to steal the data in my container?

commented

If I create a container by kata, and my cloud server doesn't support SGX or TDX, then, is this container memory safe?

In other words, can the cloud host utilize some technologies like mapping the memory of the kata container to the real memory and using memory analysis to steal the data in my container?

Yes, if the host didn't support TDX/SGX, then the VM memory contents are all in clear text, and it is easy to spy on the contents by reading the VM's memory from the host.