A Kubernetes cluster supports confidential computing based on trusted execution environments (TEEs). This topic describes the purpose, features, application scenarios, and solutions of confidential computing and the differences between TEE-based confidential computing and Sandboxed-Container.


Container Service for Kubernetes provides TEE-based confidential computing. This is a cloud-native and all-in-one solution based on Intel Software Guard Extensions (SGX). It aims to deliver and manage trusted applications and confidential computing applications by ensuring the security, integrity, and confidentiality of data in use. Confidential computing allows you to isolate sensitive data and code in a trusted execution environment. This prevents the rest part of the system from accessing the data. Encrypted data in a trusted execution environment is unavailable to other applications, the BIOS, the operating system, the kernel, administrators, O&M personnel, cloud vendors, and hardware components except CPUs. This reduces the possibility of sensitive data leaks and simplifies data management.



  • Ensures the integrity of code and data in the cloud.
  • Encrypts data and code to prevent data breaches.
  • Enables lifecycle management of data.


  • Blockchains

    Enhances confidentiality and security for transaction processing, consensus, smart contracts, and key storage.

  • Key management

    Deploys the key management feature in an enclave to enable key management similar to a hardware security module (HSM).

  • Genetic similarity computing

    Ensures data confidentiality by isolating sensitive data in computing scenarios where multiple parties are involved.

  • Finance

    Supports secure payments and transactions.

  • AI

    Protects intellectual property rights by encrypting confidential information such as data models.

  • Edge computing

    Supports secure and confidential communications among clouds, edges, and terminals.

  • Data sharing and computing

    Protects data from breaches when users or vendors share data for higher economic value.


The following figure shows the TEE-based confidential computing v1.0.Solution

Container Service for Kubernetes supports SGX-based confidential computing in a managed cluster. This feature enables simplified management and delivery of trusted or confidential applications at reduced costs. Confidential computing ensures the integrity and confidentiality of data and code in public clouds. For more information about how to create a managed Kubernetes cluster for confidential computing, see Create a managed Kubernetes cluster that supports confidential computing.

Make sure the following requirements are met:
  • Worker nodes must be ECS Bare Metal instances of the ecs.ebmhfg5.2xlarge type. This instance type supports Intel SGX.
  • The SGX driver and SGX Platform Software (PSW) are automatically installed during node initialization.
  • By default, Intel SGX Architectural Enclave Service Manager (AESM) DaemonSet is installed. This allows SGX applications to access AESM.
  • The SGX device plug-in developed by Alibaba Cloud simplifies the discovery, management, and scheduling of memory resources in Enclave Page Cache (EPC) of SGX nodes.

TEE-based confidential computing collaborates with Sandboxed-Container

Containers in runC are vulnerable to attacks

A container in runC and the host share a kernel. When a container escape vulnerability is detected in the kernel, malicious applications in the container may penetrate into the backend system. This affects other applications and the entire system.OS

Sandboxed-Container isolates malicious applications and blocks attacks

Sandboxed-Container enables enhanced isolation based on the lightweight Kangaroo framework. In the Sandboxed-Container runtime, each pod runs on an independent operating system and kernel. When a vulnerability is detected in a kernel, only the pod that runs on this kernel is affected. This protects other applications and the backend system.2

Confidential computing in TEEs protects application data in use

Sandboxed-Container is dedicated to container isolation. However, confidential computing in a Kubernetes cluster aims to protect sensitive data and code in use. For example, confidential computing can be used to protect IP addresses, keys, and confidential connections.

Cloud computing brings benefits to enterprises. However, it also brings possibilities of data leaks when you migrate data to the cloud. The following scenarios may lead to data leaks:
  • Attacks
  • Untrusted cloud vendors
  • Security flaws of cloud infrastructures
  • Unqualified O&M personnel and administrators

TEE-based confidential computing collaborates with Sandboxed-Container to isolate malicious applications and protect sensitive data

You can enable both confidential computing and Sandboxed-Container. This enables the cluster to isolate malicious applications and protect sensitive applications and data.1