Deployed microservices must adhere to a multitude of application-level security requirements and regulatory constraints imposed by mutually distrusting application principals--software developers, cloud providers, and even data owners. Although these principals wish to enforce their individual security requirements, they do not currently have a common way of easily identifying, expressing and automatically enforcing these requirements at deployment time. CDI (Code Deployment Integrity) is a security policy framework that enables distributed application principals to establish trust in deployed code through high-integrity provenance information. We observe that principals expect the software supply chain to preserve certain code security properties throughout the creation of an executable bundle, even if the code is transformed or inspected through various tools (e.g., compilation inserts stack canaries for memory safety). Our key insight in designing CDI is that even if application principals do not trust each other directly, they can trust a microservice bundle to meet their security policies if they can trust the tools involved in creating the bundle.
翻译:部署的微观服务必须坚持多种应用层面的安全要求和监管限制,这些限制是互不信任的应用软件主-软件开发商、云源提供商、甚至数据所有者所强加的。虽然这些负责人希望执行他们各自的安全要求,但目前没有共同的办法来方便地识别、表达和在部署时自动执行这些要求。CDI(“部署完整性守则”)是一个安全政策框架,使分散应用原则能够通过高完整性出处信息建立对已部署代码的信任。我们注意到,各负责人期望软件供应链在创建可执行软件包的过程中维护某些代码安全特性,即使代码通过各种工具(例如,编译插入存储存储存储安全库)进行转换或检查。我们在设计CDI时的主要见解是,即使应用程序负责人不直接信任对方,如果他们能够信任创建软件包所涉工具,他们也可以信任一个微型服务包,以符合其安全政策。