Add coco threat model diagram

Insert the diagram into the existing trust-model doc. Add some supporting text aroudn it. Also add the diagram to the archiecture diagrams slide deck. Signed-off-by: Chris Porter <cporterbox@gmail.com>
2025-05-11 17:47:36 +00:00 · 2024-11-18 10:58:57 -05:00 · 2024-11-18 10:58:57 -05:00 · 89933dd404
commit 89933dd404
parent 6cf0c51e58
3 changed files with 18 additions and 0 deletions
--- a/architecture_diagrams.pptx
+++ b/architecture_diagrams.pptx
--- a/images/coco-threat-model.png
+++ b/images/coco-threat-model.png
--- a/trust_model.md
+++ b/trust_model.md
@ -69,6 +69,24 @@ This means our trust and threat modelling should
 - Consider existing Cloud Native technologies and the role they can play for confidential containers.
 - Consider additional technologies to fulfil a role in Cloud Native exploitation of TEEs.

+## Illustration
+
+The following diagram shows which components in a Confidential Containers setup
+are part of the TEE (green boxes labeled TEE). The hardware and guest work in
+tandem to establish a TEE for the pod, which provides the isolation and
+integrity protection for data in use.
+
+![Threat model](./images/coco-threat-model.png)
+
+Not depicted: Process-based isolation from the enclave-cc runtime class. That isolation model further removes the guest operating system from the trust boundary. See the enclave-cc sub-project for more details:
+https://github.com/confidential-containers/enclave-cc/
+
+Untrusted components include:
+1. The host operating system, including its hypervisor, KVM
+2. Other Cloud Provider host software beyond the host OS and hypervisor
+3. Other virtual machines (and their processes) resident on the same host
+4. Any other processes on the host machine (including the kubernetes control plane).
+
 ## Out of Scope

 The following items are considered out-of-scope for the trust/threat modelling within confidential