As cloud providers push multi-tenancy to new levels to meet growing scalability demands, ensuring that externally developed untrusted microservices will preserve tenant isolation has become a high priority. Developers, in turn, lack a means for expressing and automatically enforcing high-level application security requirements at deployment time. In this paper, we observe that orchestration systems are ideally situated between developers and the cloud provider to address these issues. We propose a security policy framework that enables security-oriented orchestration of microservices by capturing and auditing code properties that are incorporated into microservice code throughout the software supply chain. Orchestrators can leverage these properties to deploy microservices on a node that matches both the developer's and cloud provider's security policy and their resource requirements. We demonstrate our approach with a proof-of-concept based on the Private Data Objects [1] confidential smart contract framework, deploying code only after checking its provenance.
翻译:由于云源供应商将多重租赁推向新的层次,以满足不断增长的可扩缩性需求,确保外部开发的不受信任的微观服务将保持租户孤立已成为高度优先事项。 开发者则缺乏在部署时表达和自动执行高水平应用安全要求的手段。 在本文中,我们观察到,交响系统是开发者和云源提供商之间解决这些问题的理想场所。 我们提议了一个安全政策框架,通过捕获和审计被纳入整个软件供应链微观服务代码的代码属性,使以安保为导向的微观服务协调得以进行。 操作师可以利用这些属性在符合开发者和云提供商安全政策及其资源要求的节点上部署微型服务。 我们展示了一种基于私人数据物件[1]保密智能合同框架的验证概念,只有在检查了源码后才能部署代码。