This section contains some background on how to protect code and data files:
- embedded files protect the integrity of files, and
- encrypted file region protect the confidentiality and integrity of files.
sconify_image uses a novel binary filesystem to embed files within the binary of a service. All embedded files are measured at the construction of an enclave, i.e., MrEnclave depends on the their content. For example, all code files including all standard libraries of Python or Node services can be embedded into the Python / node binary:
The main advantage of using the binary filesystem - in comparison to the SCONE filesystem shield - is that one can build a generic container image that can be shared amongst multiple stakeholders. The integrity of files is protected with the help of the collision resistant hash function which is used to compute MrEnclave. This prevents preimage attacks in which an adversary tries to modify the content of files.
In containerized services, files can have different lifetimes. Moreover, we might have different protection goals for individual files. Hence, we introduce some terms to help to select the right options for the sconification of a container image.
A service might need files with different lifetimes:
- Some files might be ephemeral, i.e., it is expected that changes of these files are forgotten if the service crashes and/or the container terminates.
- Other files must be persistent, i.e., the file updates must survive even when the service crashes or the container is terminated. Persistent files are stored in volumes.
Files might have different protection requirements:
- Some files might require integrity protection only, i.e., changes can at most be performed by attested and authorized services.
- Other files might require both confidentiality and integrity protection, e.g., files containing novel AI algorithms written in Python.
SCONE supports the concept of a file region which is either a volume (like Kubernetes volume) or a part of the root filesystem of a container. File regions can be be encrypted by the SCONE filesystem shield:
As we described above, some files do not only be integrity protected but they should also be measured as part of the attestation of a service. For example, one would like to measure the Python engine as well as all of the Python code and all shared libraries during attestation. For all code, one should use the SCONE binary filesystem to ensure that it is measured as part of MrEnclave, i.e., is part of the hash of the enclave. For files that need to be confidentiality and integrity-protected, please use the SCONE file shield instead.