Container-based technologies empower cloud tenants to develop highly portable software and deploy services in the cloud at a rapid pace. Cloud privacy, meanwhile, is important as a large number of container deployments operate on privacy-sensitive data, but challenging due to the increasing frequency and sophistication of attacks. State-of-the-art confidential container-based designs leverage process-based trusted execution environments (TEEs), but face security and compatibility issues that limits their practical deployment. We propose Parma, an architecture that provides lift-and-shift deployment of unmodified containers while providing strong security protection against a powerful attacker who controls the untrusted host and hypervisor. Parma leverages VM-level isolation to execute a container group within a unique VM-based TEE. Besides container integrity and user data confidentiality and integrity, Parma also offers container attestation and execution integrity based on an attested execution policy. Parma execution policies provide an inductive proof over all future states of the container group. This proof, which is established during initialization, forms a root of trust that can be used for secure operations within the container group without requiring any modifications of the containerized workflow itself (aside from the inclusion of the execution policy.) We evaluate Parma on AMD SEV-SNP processors by running a diverse set of workloads demonstrating that workflows exhibit 0-26% additional overhead in performance over running outside the enclave, with a mean 13% overhead on SPEC2017, while requiring no modifications to their program code. Adding execution policies introduces less than 1% additional overhead. Furthermore, we have deployed Parma as the underlying technology driving Confidential Containers on Azure Container Instances.

翻译：摘要：基于容器的技术使云租户能够快速开发高度可移植的软件并在云端部署服务。与此同时，由于大量容器部署涉及隐私敏感数据，云隐私至关重要，但因攻击频率和复杂性的不断上升而面临挑战。现有基于机密容器的设计方案利用基于进程的可信执行环境（TEE），但在安全性和兼容性方面存在局限性，阻碍了其实际部署。我们提出Parma架构，该架构支持未经修改的容器的“提升并转移”部署，同时对控制非可信主机和虚拟机管理器的强大攻击者提供强安全保护。Parma利用虚拟机级隔离，在基于虚拟机的TEE内执行容器组。除容器完整性、用户数据机密性与完整性外，Parma还基于认证执行策略提供容器认证与执行完整性。Parma执行策略为容器组的所有未来状态提供归纳证明。该证明在初始化阶段建立，形成信任根，可用于容器组内的安全操作，而无需对容器化工作流本身进行任何修改（除包含执行策略外）。我们在AMD SEV-SNP处理器上通过运行多样化工作负载对Parma进行评估，结果表明工作流在飞地外运行时的性能额外开销为0-26%，在SPEC2017上的平均开销为13%，且无需修改程序代码。添加执行策略引入的额外开销低于1%。此外，我们已部署Parma作为Azure容器实例上机密容器的底层驱动技术。