Skip to content

Glossary

attestation

Process of proving the integrity and authenticity of the attestee's software and/or hardware component to a verifier. This includes validating if a given software is executed on a given hardware.

attest

Process of proving the integrity and authenticity of the attestee's software and/or hardware component to a verifier. This includes validating if a given software is executed on a given hardware. In the case of SCONE, SCONE CAS attests the software before the software is permitted to start and after a successful attested secrets are released to the software.

attested

Attestatioin is the process of proving the integrity and authenticity of the attestee's software and/or hardware component to a verifier. This includes validating if a given software is executed on a given hardware. In the case of SCONE, SCONE CAS attests the software before the software is permitted to start and after a successful attested secrets are released to the software.

local attestation

Attestation executed locally, e.g., one software component validates the integrity and authenticity of another software component which is executed on the same hardware. In Intel SGX, the CPU creates a report containing integrity information of the attested enclave whose keyed-MAC can only be verified, and changed for that matter, by the verifier enclave running on the same platform.

remote attestation

Attestation executed remotely, i.e., the component which does the validation and the component which is validated are executed on different machines. In Intel SGX, the report received during local attestation is signed with the quoting enclave's private key making the integrity of the quote - the signed report - remotely verifiable.

mutual attestation

Process of two components proving to each other the integrity and authenticity of their software and/or hardware components.

This can include multiple aspects like that neither their code nor their filesystem was modified.

Configuration and Attestation Service (CAS)

The SCONE Configuration and Attestation Service (CAS) is a component of the SCONE infrastructure. Programs executed in enclaves, in particular, an SCONE-enabled executable, connect to CAS to obtain their confidential configuration. CAS provisions this configuration only after it has verified the integrity and authenticity of the requesting enclave. Additionally CAS checks that the requesting enclave is allowed to obtain the confidential configuration. Initially, configurations are pushed to the CAS with the SCONE client.

SCONE CAS

The SCONE Configuration and Attestation Service (CAS) is a component of the SCONE infrastructure. Programs executed in enclaves, in particular, an SCONE-enabled executable, connect to CAS to obtain their confidential configuration. CAS provisions this configuration only after it has verified the integrity and authenticity of the requesting enclave. Additionally CAS checks that the requesting enclave is allowed to obtain the confidential configuration. Initially, configurations are pushed to the CAS with the SCONE client.

Local Attestation Service (LAS)

A per-platform-service enabling remote attestation of SGX enclaves independently of the framework (i.e., SCONE or Intel SDK) used to create the enclave. It separates the development of SCONE-enabled applications from the Intel SDK by providing a stable interface to the attestation facilities of Intel's SDK and decouples the availability of applications deployed on the SCONE platform from Intel's Attestation Service, in conjunction with the CAS, through the introduction of an independent quoting enclave.

SCONE LAS

The SCONE Local Attestation Service (LAS) is a per-platform-service enabling remote attestation of SGX enclaves independently of the framework (i.e., SCONE or Intel SDK) used to create the enclave. It separates the development of SCONE-enabled applications from the Intel SDK by providing a stable interface to the attestation facilities of Intel's SDK and decouples the availability of applications deployed on the SCONE platform from Intel's Attestation Service, in conjunction with the CAS, through the introduction of an independent quoting enclave.

secure boot

A boot procedure which allows only the execution of firmware, bootloaders and operating systems which are digitally signed by a (well) defined set of acceptable signers.

measured boot

A boot procedure which measures the state of the system at each boot step. This measurement can be accessed to verify the current state of a given system. Compared to secure boot, measured boot will not prevent an "insecure" state of the system.

cloud-native application

An application designed to run inside of a cloud. One requirement is that the application is deployed with the help of containers.

cloud provider

An entity providing cloud services (PaaS, IaaS, MaaS etc.) to its customers. It is assumed that a cloud provider is in physical or logical control of the hardware and system software used to provide the cloud services.

container

An light-weight alternative to a virtual machine (VM). The isolation of containers is implemented by the operating system. Docker and Kubernetes use Linux for isolation. In the case of VMs, the isolation is implemented with the help of CPU extensions.

Kubernetes

An open source container orchestration platform. More information at https://kubernetes.io/

Kubeapps

A dashboard to deploy and manage Kubernetes based applications. It can be used to deploy and manage SCONE-based confidential applications.

curated image

A container image of a popular service maintained by scontain.com.

enclave

This is an alias for SGX enclave. A protected area inside the address space of a program such that only the code inside this enclave can access the data and code stored in this address range. All pages belonging to an enclave are encrypted by the CPU and only the CPU knows the encryption key. These pages can reside in the main memory or the EPC.

Docker image

A snapshot of a container's state that can be used to initialize new containers with the same state.

container image

A snapshot of a container's filesystem state that can be used to initialize new containers with the same state. In a nutshell this could be viewed as a VM image but a container does not spawn its own operating system kernel.

image

In this context, the term image refers to a container image. A container image is a snapshot of a container's filesystem state that can be used to initialize new containers with the same state.

native image

The term native image refers to a container image that deploys a native service, i.e., the service that does NOT run inside of a trusted execution environment.

confidential image

The term confidential image refers to a container image that deploys a confidential service, i.e., the service runs inside of an enclave. Typically, the files of a confidential container image are protected, i.e., at least their integrity is protected.

confidential container image

The term confidential image refers to a container image that deploys a confidential service, i.e., the service runs inside of an enclave. Typically, the files of a confidential container image are protected, i.e., at least their integrity is protected.

Docker registry

A Docker registry stores Docker images for the purpose of easy distribution comparable to the app stores of Android or iOS.

EPC

A cache of memory pages belonging to enclaves. This cache resides in a reserved part of the main memory that is directly managed by the CPU (and not by the operating system or the hypervisor). The data in this cache is encrypted. Unlike enclave pages residing in the main memory, the CPU can encrypt and decrypt individual cache lines residing inside the EPC. This results in low overheads.

microservice

A rather small component which offers a single service.

service

A process or a set of processes (a.k.a., service instances) that provide an API. These days, these are often microservices that provide a REST API. A service instance is typically deployed as a separate container.

service provider

A company operating an application - typically, making these available via the Internet. We use this a general term that includes different models like Software as a Service (SaaS) providers as well as Hosted service providers etc.

SCONE

SCONE (Secure CONtainer Environment) is a software platform for confidential computing allowing the trustworthy execution of unmodified x86 source code within Intel SGX enclaves. It consists of components enabling the execution inside enclaves such as the SCONE runtime and the C, C++, C#, Fortran, Go, and Rust SCONE cross-compilers, components ensuring the trustworthiness of this execution and deployment in clouds such as the CAS and SCONE client.

SCONE Docker image

A SCONE Docker image is a Docker image that contains an SCONE-enabled executable and is additionally annotated via image labels with metadata allowing the attestation of the started SCONE-enabled executable and the image's filesystem content.

SCONE container

A SCONE container is a running instance of a SCONE Docker image.

SCONE microservice

Microservice which is a SCONE-enabled executable.

SCONE-enabled executable

An executable created by a SCONE cross-compiler. The actual program will be executed within an enclave and utilises the SCONE runtime.

SCONE runtime

The runtime environment necessary to execute a SCONE-enabled executable. At the moment this consists of a modified C-library based on the musl library.

SCONE cross-compiler

Compilers for various programming languages such as C, C++, Rust, Go, and Fortran which compile source code into a SCONE-enabled executable.

SCONE client

A program that is used to configure SCONE-enabled executables. It allows the user to push confidential configurations to the CAS and encrypt files to ensure their content is only accessible by specific SCONE-enabled executables executed inside enclaves.

SCONE infrastructure

The SCONE infrastructure summarises all components necessary to deploy and run a SCONE-enabled executable. This includes Docker components like the Docker daemon and the Docker registry as well as the SCONE client and additional services like CAS and LAS.

Secure container

A container which uses additional hardware isolation mechanisms, i.e., SGX to provide better application security. In particular, a secure container runs one or more secure programs. Additionally, the integrity and confidentiality of files inside a secure container are protected by SCONE.

Secure program

A program that executes inside an enclave.

SGX (Software Guard eXtension)

A CPU extension by Intel that permits to create SGX enclaves.

SGX

Software Guard eXtension (SGX) is a CPU extension by Intel that permits to create enclaves, i.e., a protected area inside the address space of a program such that only the code inside this enclave can access the data and code stored in this address range.

SGX enclave

A protected area inside the address space of a program such that only the code inside this enclave can access the data and code stored in this address range. All pages belonging to an enclave are encrypted by the CPU and only the CPU knows the encryption key. These pages can reside in the main memory or the EPC.

threading

SCONE uses different kind of threads:

  • ethread: a thread that executes application threads inside of an enclave
  • lthread: an application thread. Typically, created by the application directly or indirectly via a pthread_create call. In SCONE, this pthread_create call will create a lthread. The lthread is executed by some ethread. In this way, we can quickly switch to another application thread whenever an application thread would get block. In this way, we reduce the number of enclave entries and exits - which are costly.
  • sthread: a thread that runs outside of the enclave and that executes system calls on behalf of the threads running inside the enclave

trusted computing base

The trusted computing base (TCB) is a set of hardware and software components which can break the security policy. Therefore one has to trust that these components are not malicious or faulty.

TCB

The TCB (trusted computing base) set of hardware and software components which can break the security policy. Therefore one has to trust that these components are not malicious or faulty.

trusted execution environment

A trusted execution environment (TEE) is piece of hardware which allows secure processing. Usually the achieved protection goals are confidentiality and integrity.

TEE

A Trusted Execution Environment (TEE) is piece of hardware which allows secure processing. Usually the achieved protection goals are confidentiality and integrity.

release mode

In SGX we distinguish between debug, pre-release and release mode. In release mode, the enclave will be launched in production mode, i.e., any access - including debug access - will be prevented. Moreover, the code is compiled with optimizations switched on and without debug symbols.

production mode

Any access - including debug access - to an enclave in production mode will be prevented.

protected

A file is protected if its integrity (i.e., any modification of the file by adversaries are detected) and optionally, the confidentiality (i.e., the file cannot be read by an adversary in plain text) are ensured.

native

A service/program/application that runs as a normal operating system process, i.e., not inside of any trusted execution environment.

SIM mode

The application does not run inside of an enclave. Instead it is executed in native mode. Still all SCONE software executes. We do, however, not support attestation in SIM mode.

CLI

A Command Line Interface (CLI) is a textual interface to a computer. It is useful for scripting (i.e., automation) and typically, used for system and service administration.

command line arguments

A Command Line Interface (CLI) is a textual interface to a computer. A CLI typically supports multiple arguments like FLAGS (like on/off switches), OPTIONS (like flags but with arguments), SUBCOMMANDS, and ARGS.

CC

Confidential computing is an approach to secure data in use. With SCONE CC, one can protect data, code, and secrets in use as well as in transit and at rest.

Confidential Computing

Confidential computing (CC) is an approach to secure data in use. With SCONE CC, one can protect data, code, and secrets in use as well as in transit and at rest.

vanilla

In computer science, a system and or a software is called vanilla when there is no need to customize it for a certain use case.

confidentiality

In the context of information security the term confidentiality means that information is only made available to authorized entities. In the context of SCONE this means that information (data, code, secrets, and policies) are encrypted and the encryption key is only accessible to authorized entities. Authorization is defined in a SCONE CAS policy and access to this policy is also defined in the policy itself.

integrity

In the context of information security the term integrity means that one ensures the accuracy and completeness of information. Integrity implies freshness, i.e., that one reads the last data that was stored. While the freshness of SGX enclaves are ensured by hardware and in transit it is ensured by TLS, the freshness of data at rest is explicitly enforced by SCONE.

MRSIGNER

A public key that identifies the signer of an enclave. This is also called the Signing Identity. MRSIGNER is also used to verify the signature of the enclave.

MRENCLAVE

An enclave is identified by a hash value which is called MrEnclave. This hash value is determined by the initial content of the pages of an enclave and their access rights. This means that some of the SCONE environment variables like SCONE_HEAP and SCONE_ALLOW_DLOPEN will affect MrEnclave.

MariaDB

MariaDB is an open source, relational database. MariaDB is a fork of MySQL. This community effort is led by some of the original developers of MySQL.

sconeapps

sconeapps is a repo with helm charts to install SCONE-based confidential applications like LAS, CAS and MariaDB.

helm chart

A helm chart describes how to deploy a service to a Kubernetes cluster.

tokenizer

A tokenizer replaces a sensitive data item with a non-sensitive token, that has no exploitable meaning. This token can be translated to the original data item by authorized clients.

environment variable

An environment variable is a variable defined in the context of a shell. Environment variables can change the behavior of processes. In the context of SCONE, one can define environment variables that change the behavior of the SCONE runtime - which is linked with processes running inside of enclaves.

TLS

Transport Layer Security (TLS) is a security protocol to provide private, authenticated and reliable communication between two entities.

Helm

Is a very popular package manager for Kubernetes.

workflow

A defined sequence of services/stages that form a computation to produce a final outcome. Simple workflows might be simple pipeline processing. Sophisticated workflows might define a partial order between the stages that facilitates parallel processing.

CI/CD pipeline

A Continuous Integration / Continuous Delivery pipeline is a workflow to build a new version of one or more software components. This consists of multiple stages like a build, a test, and a release stage.

sconify

We sconify (i.e., convert) a native container image into a confidential image with the help of the command sconify_image. We can sconify a binary, i.e., a program with the help of sconify.sh.

sconifies

We sconify (i.e., convert) a native container image into a confidential image with the help of the command sconify_image. We can sconify a binary, i.e., a program with the help of sconify.sh.

sconification

sconification is the process of converting a native container image into a confidential image with the help of the command sconify_image. We can sconify a binary, i.e., a program with the help of sconify.sh.

SCONE policy

This is a Yaml file that describes how a service is attested (where can it run, what code can it run, what is the filesystem state) and what secrets are released to this service and how these keys are released. A policy can also define secrets and has a built-in certification authority.

binary

A binary is an executable program. In our context, a binary often refers to the program code of a service.

collision resistant

For a collision resistant hash function h, it is difficult to find two different messages m1 and m2 such that h(m1) = h(m2).

hash function

A hash function h is a function that maps a message m to a fixed size integer. The result is called a "hash value".

preimage attacks

A preimage attack finds for a given hash value v and a hash function h, a message m such that h(m) = v. Cryptographic hash functions are collision resistant, i.e., a preimage attack should not be possible in practice.

symmetric encryption

In symmetric encryption one uses the same key for encryption as well as decryption.

protection goals

SCONE's protection goals are to protect data and code at Rest, in Flight and in Use against adversary with Root Access rights.

PII

Personally Identifiable Information (PII) is any information related to an identified or identifiable natural person.

SGX plugin

To access the SGX device in a Kubernetes cluster, you might need to run the containers in privileged mode. Of course, one wants to avoid running applications in privileged mode. Our SGX plugin allows you to run containers accessing the SGX device without requiring privileged mode. Note, however, that the plugin has to have sufficient permission to access the SGX device itself.