Development and Operations of SCONE-based Services

During the lifetime of an application, one has to deal with various development and operational issues:

• How to transform native applications into confidential applications?
• How to monitor a confidential application with Grafana or Kubernetes Dashboard?
• How to start an application via a dashboard?
• How to mitigate vulnerabilities of SGX?
• How to address individual security advisories?
• How to deal with firmware updates?
• How to deal with application updates?
• How to sign a SCONE application for production?
• How to deal with SCONE runtime updates?
• How clients can attest services?
• How does SCONE protect the confidentiality and integrity of files stored in SCONE Volumes?
• How does Scone limit the usage of an encryption key?
• How does Scone terminate TLS connections inside of enclaves?
• How does SCONE support mutual attestation and verification of services with the help of TLS?
• How does SCONE help to manage certificates?
• How to deal with SCONE CAS updates? (see enterprise CAS documentation)
• How to deal with application crash failures? (see enterprise CAS documentation)
• ...

Notes

In this chapter, we explain how to address these issues. In case you have a maintenance contract with us, we will help you to address these issues.

We also created a tutorial course that address several operations aspects. Please have a look and maybe, some of the questions you might have, are already addressed there. We also provide a reference solution for each of the assignments.

If you have additional issues that should be addressed, please let us know by email.