SCONE: Secure Container Technology & Secrets Management...• system software & application •...
Transcript of SCONE: Secure Container Technology & Secrets Management...• system software & application •...
SCONE:SecureContainerTechnology&SecretsManagement
Sept2018
ChristofFetzer,TUDresden
https://sconedocs.github.io
SCONE:Application-OrientedSecurity
�2
Application
Objective: Ensure integrity and confidentiality of applications
Data Computation Communication
attacker
client
https://sconedocs.github.io
ThreatModel
�3
Application attacker
system administrator
(root, hardware access)
service provider administrator
(root, application rights)
client
https://sconedocs.github.io
Implication:OS-basedAccessControlInsufficient
�4
Application
service provider administrator
(root, application rights)
client secret
dump memory
attacker
system administrator
(root, hardware access)
https://sconedocs.github.io
Weneedacryptographicapproach!
�5
Application
service provider administrator
(root, application rights)
clientcrypto
TLS attacker
system administrator
(root, hardware access)
https://sconedocs.github.io
SCONE:E2Eencryptionwithoutsourcecodechanges
�6
Application - protected by
SCONE -
service provider administrator
(root, application rights)
clientcrypto
TLS attacker
[SCONE] OSDI2016
system administrator
(root, hardware access)
Languages:C,C++,Go,Rust,Java,Python,R,…
DistributedApplications-spreadacrossclouds
�7
App
service provider administrator
(root, application rights)
clientTLS attacker
App
App
back
endedge service
backend cloud
regional cloud
Initial Focus: Cloud Native Applications
system administrator
(root, hardware access)
Howdoweknowthatcorrectcodeexecutes?
�8
App
service provider administrator
(root, application rights)
clientTLS attacker
App
App
back
end
controls
We need to attest that the
correct code is running!
system administrator
(root, hardware access)
https://sconedocs.github.io
➤ Use TLS to authenticate
➤ server app
➤ client app
➤ We ensure that only app with
➤ „correct code“ has access to TLS certificate
Approach:Allcommunicationisencrypted(TLS)
https://sconedocs.github.ioTLS: Transport Layer Security
TransparentAttestationduringStartup
�10
certificate: proves that application
• executes correct code,
• has the correct file system state, and
• in the correct OS environment, …
Configuration& AttestationService
https://sconedocs.github.io
TransparentP2PAttestationviaTLS
�11
We run our internal CA and only components belonging to the same app can talk to each other …
CertificateAuthority(integratedinCAS)
https://sconedocs.github.io
SecretsManagement
• SCONEhasintegratesecretsmanagement• SCONEcaninjectsecretsinto
• CLIarguments• environmentvariables• files(encrypted)
�12https://sconedocs.github.io
Example:MariaDB• Supportsencryptionofdatabase• Encryptionkeyofdatabasestoredinconfigfile
• fileprotectedviaOSaccesscontrol• fileisnotencrypted
• SCONE:• insteadofkey,storeavariableinconfig:
• $$SCONECAS:MARIADBKEY$$• SCONEtransparentlyreplacesvariablebyitsvalue(i.e.,thekey)
�13 https://sconedocs.github.io
ManagementofSecrets• Keyscanbeprotectedfromanyhumanaccess
• onlyattestedprogramsgetaccess• Tochangesecuritypolicy,approvalby
• byagroupofhumans,and/or• agroupofprogramsisrequired
�14
policy change
ok?
policy board
approval
https://sconedocs.github.io
CurrentImplementation
• IntelSGXprotectsapplication’s
• confidentiality• integrity
• bypreventingaccessesto• applicationstateincacheand
• encryptingmainmemory• SGXisaTEE(TrustedExecutionEnvironment)
�15
Application
SCONE librariesApplication libraries
Intel SGX enclave
SGX (Software Guard eXtensions) protects application from accesses by other software
host
Operating system
Container Engine
Hypervisor
https://sconedocs.github.io
Defender’sDilemma
• Attackers: • successbyexploitingasinglevulnerability
• Defender: • mustprotectagainsteveryvulnerability
• systemsoftware&application
• millionsoflinesofsourcecode
�16
Application
SCONE librariesApplication libraries
Intel SGX enclave
host
Operating system
Container Engine
Hypervisor
millions of
lines of codes(hundreds of bugs)
200k lines
https://sconedocs.github.io
SCONEplatform:DesignedformultipleArchitectures
�17
portable code
Intel AMD ARM
SGX main memory encryption
main memory encryption
???
SCONE:
no source code changesSCONE:
gcc-based crosscompiler
SCONE crossc
ompiler
Portability through cross-compilation
https://sconedocs.github.io
Enclave
Enclave
Enclave
UseCase:SCONE-PySpark
�18
DistributedD
ataStore
Py4J
Pipe
Pipe
Pipe
Python
Java
Driver
Worker
EnclaveTLS/S
SL
TLS/SSL
TLS/SSL
TLS/SSL
TLS/SSL
TLS/SSL
https://sconedocs.github.io
Latency
�19
Lowerthebetter
<22%overheadcomparedtonativeexecution
SCONE
https://sconedocs.github.io
�20https://sconedocs.github.io