Resource-efficient management of stateful confidential applications.

Abstract

The high level of computing power offered by cloud providers, combined with the flexibility, efficiency and reduced costs make the public cloud an attractive environment for deploying services and applications. However, this highly dynamical environment and the uncertainty about the actual location of the application and data, or who has access to it, raise questions about confidentiality and integrity of running applications and services in such environments. In fact, most of the concerns that prevent an even broader adoption of public cloud providers are related to security. Although some applications can overlook such concerns in the name of the cost reduction and almost infinite resources,some other applications have such a strict set of requirements with respect to confidentiality, integrity and data isolation that most public cloud offerings are simply not suitable. These applications, such as internet banking and finance, healthcare systems, smart grid or confidential document services, can rely on hardware-assisted technology, such as Trusted Execution Environments (TEEs), to provide confidentiality and integrity guarantees, even in untrusted infrastructures. The major public cloud providers have also started to offer TEE-enabled instances. However, these technologies usually rely on scarce hardware resources, that often translate to higher costs and subpar performance, especially when deploying for large scales. This work defines a set of application requirements w.r.t. confidentiality, integrity and data isolation, and presents a resource-efficient approach to dynamically manage large sets of application instances in confidential cloud infrastructures. This approach is deployed to infrastructures managed by Kubernetes, the industry-standard container orchestrator, and evaluated in the context of an application that manages sensitive smart meter data.