Trusted Container Extensions for Container-based Confidential Computing

In this blog post, we introduce Trusted Container Extensions (TCX), a novel container security architecture we designed as part of our applied security research efforts. TCX combines the manageability and agility of standard containers with the strong protection guarantees of hardware-enforced Trusted Execution Environments (TEEs) to enable confidential computing for container workloads.

For over a decade, there is a continuous trend towards cloud computing, which allows customers to leverage capability and cost advantages. Cloud computing evolved with the advent of virtualization. Virtual machines (VMs) enabled Infrastructure-as-a-Service (IaaS) which allows businesses and users to outsource pre-existing workloads to the cloud. However, in recent years, the trend in cloud computing has shifted from VM-based offerings to more lightweight solutions, in particular, container technologies. Containers, such as Docker, provide multiple separated user-space instances, which are isolated from each other and the host system through kernel software mechanisms. By running directly on the host system, containers do not need complex device emulation or large virtual machine disk files. Instead, containers package pre-configured applications with all their dependencies which makes them an attractive choice for fast deployment of webservices. Cloud providers today recognized this trend and offer customers the possibility to deploy and manage containers in the cloud known as called Container-as-a-Service (CaaS), with Docker being currently the most popular container ecosystem.

Despite offering many advantages, using cloud services introduces a risk of data being exposed to third parties or services being compromised. Furthermore, regulatory policies restrict the adoption of cloud services for many industries, such as health care or finance. Even if the Cloud Service Provider (CSP) is considered trustworthy, the CSP’s infrastructure might be compromised, e.g., by insiders such as maliciously acting administrators and employees, nation state actors demanding access by law, as well as third-party entities. While the hypervisor software components, which are used to control and manage VMs, have been subject to various attacks [1], the attack surface in CaaS settings is even larger as a typically large and complex operating system kernel is responsible for managing and isolating the containers [2].

In recent years, confidential computing has gained relevance in the realm of cloud computing in a pursue to enable the trustworthy outsourcing of sensitive data and services to the cloud, while eliminating the requirement to trust the CSP. Leveraging hardware-enforced Trusted Execution Environments (TEEs), the user’s workloads are protected inside isolated compartments, called enclaves, which are secure even if the host’s privileged software is compromised or controlled by a malicious entity. Various TEE architectures have been proposed by academic research while commercially available and widely deployed TEEs are Arm TrustZone, Intel Software Guard Extensions (SGX) and AMD Secure Encrypted Virtualization (SEV)Recently, Intel and Arm announced new TEE architectures named Intel Trust Domain Extensions (TDX) and Arm Confidential Compute Architecture (CCA)However, none of the available TEE architectures is designed to isolate container workloads and to securely orchestrate and manage those. 

Confidential Computing with Trusted Container Extensions (TCX)

In addition to our Sanctuary platform which offers strongly isolated enclaves for embedded devices, we developed Trusted Container Extensions (TCX),  a novel security architecture providing strongly isolated containers that can be securely deployed and managed in the cloud. We leverage the existing TEE architecture AMD SEV to ensure the integrity and confidentiality of applications and data in use and at rest. We protect containers in special-build lightweight VMs, called Secure Container VMs (SC-VMS). TCX preserves the agility and manageability of containers by offering secure services for standard Docker containers. Using a single trusted VM per host system, TCX provides advanced security services to all SC-VMS, including secure deployment, secure remote access, secure storage and secure communication between SC-VMS. TCX provides a secure and transparent communication channel for secure containers, i.e., Docker cannot distinguish between locally or remotely executed containers. Our implementation of the TCX architecture provides seamless integration into Docker, based on AMD SEV and the Kata Containers project. In our performance evaluation, which shows the practicability of our implementation, we evaluate computational-intensive workloads (SPEC2017 benchmark suite), network-intensive workloads (NGINX and Apache webserver) and memory-intensive workloads (Redis in-memory database).

The full technical report on TCX can be found on arXiv.

[1] Common Vulnerabilities and Exposures (CVEs): CVE-2017-10912, CVE-2017-10918, CVE-2017-10920, CVE-2017-10921 
[2] CVE-2015-8967, CVE-2016-10229, CVE-2016-7117, CVE-2017-0335, CVE-2017-0427, CVE-2017-0561



Any Questions?