Container-based software development and deployment has become the next big thing in technology. Container technology, especially Docker, is redefining cloud computing and offers tremendous benefits to companies and developers, including consistency, reliability, efficiency, cost savings, and scalability for the entire DevOps processes. However, for enterprises running sensitive applications at scale using Docker, securing and maintaining the integrity of containers on the cloud is an important aspect of DevOps.
As part of the Fortanix Runtime Encryption® (RTE) platform, Fortanix EnclaveOS™ secures containers to be executed inside Intel® SGX enclaves. Fortanix Enclave Manager™ manages the secured containers, tracks their enclave lifecycle, and provides features such as remote attestation, geolocation enforcement, DRM, secret injections, and so on. The platform integrates well with the existing container orchestration technologies such as Kubernetes, Docker Swarm, and OpenShift.
A high-level flow of Enclave Manager.
Let’s consider an example to understand this better. Suppose Bob has decided to deploy a hotel reservation website using Kubernetes in order to scale and handle peak loads well. Since the website will also collect personal information from the guests during reservation, security is also a prime concern for Bob. Bob reaches out to Alice, the CISO, with a security scheme that includes database encryption and TLS. Alice is not yet convinced and poses a tough question: “What about data in use?” Even if data is carefully safeguarded while at rest and when exchanged over secure channels like TLS, data does get decrypted for use in memory, making software containers a good attack target for malicious entities in the cloud.
After much research, Bob concludes that running security-critical services in Intel® SGX enclaves is the only way to satisfy the security requirements posed by Alice (read more on Why Intel® SGX). However, this also poses various challenges to the developers and system administrators:
Since running in Intel® SGX involves making OCALLS (a new set of hardware instructions), instead of standard system calls, the applications need to be heavily refactored, which is almost impossible if these are written in high level programming languages like Java or Python.
Just running an application (or its sensitive parts) within an enclave is not entirely sufficient. To fully utilize the security guarantees of Intel® SGX, the user must also verify the integrity of the application, that is, whether it is running unmodified inside a secure enclave. Intel provides a way for users to achieve this using remote attestation. The remote attestation flow is complex, depends on the external Intel Attestation Service (IAS), and requires modifications to the application setup.
When running applications at scale, it becomes difficult to track the attestation status of every instance and apply software patches.
If you, like Bob, are excited about the security guarantees of Intel® SGX but at the same time bogged down by the sheer complexity it poses, then the Fortanix Runtime Encryption® (RTE) platform comes to the rescue. For details on how this will help you, please download our solution brief.