Trusted Prober in Cloud-Based Container Orchestration Environments

Abstract

Validating confidential containers running application workloads in trusted execution environments is provided. It is determined whether a probe result is success indicating that a first decrypted digital certificate in a confidential container matches a second decrypted digital certificate corresponding to the confidential container in a trusted prober. In response to determining that the probe result is success indicating that the first decrypted digital certificate in the confidential container matches the second decrypted digital certificate corresponding to the confidential container in the trusted prober, it is determined that the confidential container running an application workload in a trusted execution environment of a host node is a valid confidential container having a valid digital certificate. The confidential container is allowed to run the application workload in the trusted execution environment of the host node in response to determining that the confidential container is the valid confidential container having the valid digital certificate.

CPC Classifications