Container-based technologies empower cloud tenants to develop highly portable software and deploy services in the cloud at a rapid pace. Cloud privacy, meanwhile, is important as a large number of container deployments operate on privacy-sensitive data, but challenging due to the increasing frequency and sophistication of attacks. State-of-the-art confidential container-based designs leverage process-based trusted execution environments (TEEs), but face security and compatibility issues that limits their practical deployment. We propose COCOAEXPO, an architecture that provides lift-and-shift deployment of unmodified containers while providing strong security protection against a powerful attacker who controls the untrusted host and hypervisor. COCOAEXPO leverages VM-level isolation to execute a container group within a unique VM-based TEE. Besides container integrity and user data confidentiality and integrity, COCOAEXPO also offers container attestation and execution integrity based on an attested execution policy. COCOAEXPO execution policies provide an inductive proof over all future states of the container group. This proof, which is established during initialization, forms a root of trust that can be used for secure operations within the container group without requiring any modifications of the containerized workflow itself (aside from the inclusion of the execution policy.) We evaluate COCOAEXPO on AMD SEV-SNP processors by running a diverse set of workloads demonstrating that workflows exhibit 0-26% additional overhead in performance over running outside the enclave, with a mean 13% overhead on SPEC2017, while requiring no modifications to their program code. Adding execution policies introduces less than 1% additional overhead.
翻译:以集装箱为基础的先进保密设计工具杠杆过程的运用环境(TEE),但面临限制其实际部署的安全性和兼容性问题。我们建议COCOAEXPO执行政策为集装箱组今后所有状况提供直观的证据。在初始化期间建立的这一证据构成了信任的基础,可以用来在集装箱的运行过程中进行安全操作,从而在集装箱的运行过程中进行安全操作,而无需对集装箱的运行过程中进行安全操作。