A Scalable Trustworthy Infrastructure for Collaborative Container Repositories

Franklin Wei, Stephen R. Tate, Mahalingam Ramkumar, Somya D. Mohanty

Type: Article

Publication Date: 2022-09-09

Citations: 0

DOI: https://doi.org/10.1145/3554760

Abstract

Within cloud computing containerization has become ubiquitous. As the availability of pre-built containers increases there is a need for methods capable of efficiently securing large repositories of software containers. We present a “Trustworthy Container Repository” (TCR) system which provides security assurances (confidentiality, integrity, and authenticity) regarding such a repository in a scalable manner. Trust within the TCR architecture is rooted in a low-complexity, tamper-resistant trusted module, which leverages index-ordered Merkle trees (IOMTs) to efficiently track a large number of container images and provide assurances of repository integrity to its users. The key contributions of the study are, identification of the required security model, a novel TCR data-structure, and verifiable algorithms to operate on it. Through experiment, we observe closely logarithmic time complexity of the proposed system up to a high container count ( N = 2 25 ≈ 10 7 ).

Locations

arXiv (Cornell University) - View - PDF
Deleted Journal - View

Similar Works

Action	Title	Year	Authors
+	A Scalable, Trustworthy Infrastructure for Collaborative Container Repositories	2018	Franklin Wei Mahalingam Ramkumar Somya D. Mohanty
+	Trusted Container Extensions for Container-based Confidential Computing	2022	Ferdinand Brasser Patrick Jauernig Frederik Pustelnik Ahmad‐Reza Sadeghi Emmanuel Stapf
+ PDF Chat	Secure Namespaced Kernel Audit for Containers	2021	Soo Yee Lim Bogdan Stelea Xueyuan Han Thomas Pasquier
+ PDF Chat	A practical approach for updating an integrity-enforced operating system	2020	Wojciech Ozga Do Le Quoc Christof Fetzer
+ PDF Chat	Towards Immutability: A Secure and Efficient Auditing Framework for Cloud Supporting Data Integrity and File Version Control	2023	Faisal Haque Bappy Saklain Zaman Tariqul Islam Redwan Ahmed Rizvee Joon Seong Park Kamrul Hasan
+	Content-defined Merkle Trees for Efficient Container Delivery	2021	Yuta Nakamura Raza Ahmad Tanu Malik
+	Parma: Confidential Containers via Attested Execution Policies	2023	Matthew Johnson Stavros Volos Ken Gordon Sean T. Allen Christoph M. Wintersteiger Sylvan Clebsch John Starks Manual Costa
+ PDF Chat	CCxTrust: Confidential Computing Platform Based on TEE and TPM Collaborative Trust	2024	Ketong Shang Jiangnan Lin Yu Qin Muyan Shen Hongzhan Ma Wei Feng Dengguo Feng
+ PDF Chat	Content-defined Merkle Trees for Efficient Container Delivery	2020	Yuta Nakamura Raza Ahmad Tanu Malik
+	Towards Immutability: A Secure and Efficient Auditing Framework for Cloud Supporting Data Integrity and File Version Control	2023	Faisal Haque Bappy Saklain Zaman Tariqul Islam Redwan Ahmed Rizvee Joon Seong Park Kamrul Hasan
+	Threat Modeling and Security Analysis of Containers: A Survey	2021	Ann Yi Wong Eyasu Getahun Chekole Martín Ochoa Jianying Zhou
+ PDF Chat	Online Memory Leak Detection in the Cloud-Based Infrastructures	2021	Anshul Jindal Paul Staab Jorge Cardoso Michael Gerndt Vladimir Podolskiy
+	Secure Namespaced Kernel Audit for Containers	2021	Soo Yee Lim Bogdan Stelea Xueyuan Han Thomas Pasquier
+	Secure Namespaced Kernel Audit for Containers	2021	Soo Yee Lim Bogdan Stelea Xueyuan Han Thomas Pasquier
+ PDF Chat	Watchword-oriented and time-stamped algorithms for tamper-proof cloud provenance cognition	2014	Asif Imran Nadia Nahar Kazi Sakib
+	Watchword-Oriented and Time-Stamped Algorithms for Tamper-Proof Cloud Provenance Cognition	2014	Asif Imran Nadia Nahar Kazi Sakib
+	Watchword-Oriented and Time-Stamped Algorithms for Tamper-Proof Cloud Provenance Cognition	2014	Asif Imran Nadia Nahar Kazi Sakib
+ PDF Chat	SafeComp: Protocol for Certifying Cloud Computations Integrity	2021	E. A. Shishkin Evgeniy Kislitsyn
+	Don't Trust the Cloud, Verify: Integrity and Consistency for Cloud Object Stores	2015	Marcus Brandenburger Christian Cachin Nikola Knežević
+	Confidential Consortium Framework: Secure Multiparty Applications with Confidentiality, Integrity, and High Availability	2023	Heidi Howard Fritz Alder Edward Ashton Amaury Chamayou Sylvan Clebsch Manuel Costa Antoine Delignat-Lavaud Cédric Fournet Andrew Jeffery Matthew S. Kerner

Works That Cite This (0)

Action	Title	Year	Authors

Works Cited by This (3)

Action	Title	Year	Authors
+	Enabling Strong Database Integrity using Trusted Execution Environments	2018	Kai Mast Lequn Chen Emin Gün Sirer
+ PDF Chat	SGX-Aware Container Orchestration for Heterogeneous Clusters	2018	Sébastien Vaucher Rafael Pires Pascal Felber Marcelo Pasin Valerio Schiavoni Christof Fetzer
+ PDF Chat	Vulnerability Analysis of 2500 Docker Hub Images	2021	Katrine Wist Malene Helsem Danilo Gligoroski