13–15 Nov 2023
America/New_York timezone

In Containers We Trust? Building Trust in Containerized Environments

13 Nov 2023, 15:30
30m
"James River Salon B" (Omni Richmond Hotel)

"James River Salon B"

Omni Richmond Hotel

83
Containers and checkpoint/restore MC Containers and checkpoint/restore MC

Speaker

Avery Blanchard (Duke University)

Description

Building trust in containerized environments requires the measurement and attestation of individual containers. The Linux Integrity Measurement Architecture (“IMA”) collects and stores file integrity measurements in a non-repudiable log. These measurements are used during remote attestation to verify system integrity and extend trust from the kernel to measured files. File measurements cannot, however, be used to attest individual container integrity because they are not differentiated by namespace. We present a mechanism to measure container integrity, without requiring changes to the host operating system. Using loadable kernel extensions and existing IMA infrastructure, we measure images at container creation and namespace container file integrity measurements throughout runtime.

Primary author

Avery Blanchard (Duke University)

Co-authors

Presentation materials

Diamond Sponsors
Platinum Sponsor
Gold Sponsors
Silver Sponsors
Catchbox Sponsor
Livestream Sponsors
T-Shirt Sponsor
Conference Services Provided by