Container-based technologies empower cloud tenants to develop highly portable software and deploy services in the cloud at a rapid pace. Cloud privacy, meanwhile, is important as a large number of container deployments operate on privacy-sensitive data, but challenging due to the increasing frequency and sophistication of attacks. State-of-the-art confidential container-based designs leverage process-based trusted execution environments (TEEs), but face security and compatibility issues that limits their practical deployment. We propose COCOAEXPO, an architecture that provides lift-and-shift deployment of unmodified containers while providing strong security protection against a powerful attacker who controls the untrusted host and hypervisor. COCOAEXPO leverages VM-level isolation to execute a container group within a unique VM-based TEE. Besides container integrity and user data confidentiality and integrity, COCOAEXPO also offers container attestation and execution integrity based on an attested execution policy. COCOAEXPO execution policies provide an inductive proof over all future states of the container group. This proof, which is established during initialization, forms a root of trust that can be used for secure operations within the container group without requiring any modifications of the containerized workflow itself (aside from the inclusion of the execution policy.) We evaluate COCOAEXPO on AMD SEV-SNP processors by running a diverse set of workloads demonstrating that workflows exhibit 0-26% additional overhead in performance over running outside the enclave, with a mean 13% overhead on SPEC2017, while requiring no modifications to their program code. Adding execution policies introduces less than 1% additional overhead.

翻译：容器技术使云租户能够快速开发高度可移植的软件并在云中部署服务。同时，云隐私至关重要，因为大量容器部署涉及隐私敏感数据，但由于攻击频率不断增加且复杂度日益提升，云隐私的实现面临挑战。最先进的机密容器设计采用基于进程的可信执行环境（TEE），但其面临的安全性和兼容性问题限制了实际部署。我们提出COCOAEXPO架构，该架构支持未经修改的容器直接迁移部署，同时提供强安全保护，抵御控制不受信任主机和虚拟机监视器的强大攻击者。COCOAEXPO利用虚拟机级隔离，在基于虚拟机的TEE中执行容器组。除了容器完整性与用户数据机密性及完整性外，COCOAEXPO还基于认证执行策略提供容器认证与执行完整性。COCOAEXPO执行策略为容器组的所有未来状态提供归纳证明。该证明在初始化阶段建立，形成信任根，可用于容器组内的安全操作，而无需对容器化工作流本身进行任何修改（除包含执行策略外）。我们在AMD SEV-SNP处理器上通过运行多样化工作负载评估COCOAEXPO，结果表明：工作流在飞地外运行时性能额外开销为0%-26%，SPEC2017平均开销为13%，且无需修改程序代码。添加执行策略引入的额外开销低于1%。