Hardware-Enforced Integrity and Provenance for Distributed Code Deployments
This addresses security and trust issues for software developers, cloud providers, and data owners in distributed deployments, representing a novel approach rather than an incremental improvement.
The paper tackles the problem of enforcing security policies for distributed microservices by introducing CDI, a framework that uses hardware-enforced integrity and provenance to allow principals to trust deployed code, achieving automated policy enforcement at deployment time.
Deployed microservices must adhere to a multitude of application-level security requirements and regulatory constraints imposed by mutually distrusting application principals--software developers, cloud providers, and even data owners. Although these principals wish to enforce their individual security requirements, they do not currently have a common way of easily identifying, expressing and automatically enforcing these requirements at deployment time. CDI (Code Deployment Integrity) is a security policy framework that enables distributed application principals to establish trust in deployed code through high-integrity provenance information. We observe that principals expect the software supply chain to preserve certain code security properties throughout the creation of an executable bundle, even if the code is transformed or inspected through various tools (e.g., compilation inserts stack canaries for memory safety). Our key insight in designing CDI is that even if application principals do not trust each other directly, they can trust a microservice bundle to meet their security policies if they can trust the tools involved in creating the bundle.