Container-based technologies empower cloud tenants to develop highly portable software and deploy services in the cloud at a rapid pace. Cloud privacy, meanwhile, is important as a large number of container deployments operate on privacy-sensitive data, but challenging due to the increasing frequency and sophistication of attacks. State-of-the-art confidential container-based designs leverage process-based trusted execution environments (TEEs), but face security and compatibility issues that limits their practical deployment. We propose COCOAEXPO, an architecture that provides lift-and-shift deployment of unmodified containers while providing strong security protection against a powerful attacker who controls the untrusted host and hypervisor. COCOAEXPO leverages VM-level isolation to execute a container group within a unique VM-based TEE. Besides container integrity and user data confidentiality and integrity, COCOAEXPO also offers container attestation and execution integrity based on an attested execution policy. COCOAEXPO execution policies provide an inductive proof over all future states of the container group. This proof, which is established during initialization, forms a root of trust that can be used for secure operations within the container group without requiring any modifications of the containerized workflow itself (aside from the inclusion of the execution policy.) We evaluate COCOAEXPO on AMD SEV-SNP processors by running a diverse set of workloads demonstrating that workflows exhibit 0-26% additional overhead in performance over running outside the enclave, with a mean 13% overhead on SPEC2017, while requiring no modifications to their program code. Adding execution policies introduces less than 1% additional overhead.

翻译：基于容器的技术使云租户能够开发高度可移植的软件，并快速在云中部署服务。与此同时，云隐私至关重要，因为大量容器部署涉及隐私敏感数据，但由于攻击频率和复杂性的不断上升，这一目标极具挑战性。最先进的机密容器设计利用基于进程的可信执行环境，但面临安全性和兼容性问题，限制了其实际部署。我们提出COCOAEXPO架构，该架构支持对未经修改的容器进行"直接迁移"式部署，同时针对控制不可信主机和虚拟机监控器的强大攻击者提供强安全保护。COCOAEXPO利用虚拟机级隔离，在基于VM的独特TEE中执行容器组。除了容器完整性和用户数据机密性与完整性外，COCOAEXPO还基于认证执行策略提供容器认证和执行完整性保障。COCOAEXPO的执行策略提供了对容器组所有未来状态的归纳证明。该证明在初始化阶段建立，构成可信根，可用于容器组内的安全操作，而无需对容器化工作流本身进行任何修改（除包含执行策略外）。我们通过在AMD SEV-SNP处理器上运行多样化工作负载来评估COCOAEXPO，结果表明工作流相比飞地外运行仅产生0-26%的额外性能开销，SPEC2017的平均开销为13%，且无需修改其程序代码。添加执行策略引入的额外开销小于1%。