Integrating SPIFFE and SCONE to enable universal identity support for confidential workloads.

Abstract

Software no longer runs on an isolated set of server machines protected using perimeter se- curity strategies and tools. As companies move to the cloud and edge computing, the security boundaries blur, turning strategies such as perimeter security and firewall management diffi- cult in such heterogeneous environments. Also, companies with highly sensitive workloads still worry about data confidentiality in untrusted environments. The confidential comput- ing model emerged to address this last problem, ensuring data confidentiality in untrusted domains via always encrypted execution. These two problems seem to be solved when considered separately. However, issuing identities for confidential workloads is not trivial as trusted execution environments have strongly opinionated attestation processes. Confidential computing lift-and-shift approaches have their attestation and configuration services capable of enabling authentication and se- cure communication between confidential workloads. However, there is a lack of universal identity support between confidential and regular workloads. Simply using identity distri- bution frameworks such as SPIFFE to bootstrap identities for confidential workloads is not applicable because their threat model assumes trust in the infrastructure and software stack where the workloads run on. In this work, we propose an integration between a cloud native identity framework and a lift-and-shift approach to enable confidential computing. We brought together SPIFFE and SCONE to enable identity support for confidential workloads that interoperates with non-confidential workloads. We designed a new component for the SPIFFE runtime envi- ronment that delivers identities for SCONE-based confidential workloads and considers the confidential computing threat model. To evaluate our proposal from a security perspective, we conducted a security analysis with confidential computing specialists to assess strengths and weaknesses under the confidential computing threat model. The security analysis results indicated that the specialists considered the proposal robust against coming from provider infrastructure in untrusted environments. Also, most workload-to-workloads attacks were considered mitigated. We also conducted experiments and identified overheads in the iden- tity issuing process. On the other hand, experiments to measure container image build times for Python workloads showed that the builds with SCONE were faster than builds for non- confidential workloads. Although the scope of this work is tied to confidential SCONE-based workloads, the integration is extensible via plugins for the new SPIRE component and can accommodate other lift-and-shift solutions for confidential computing.