Trusted Dcker Cntainers and Trusted VMs in OpenStack Raghu Yeluri Abhishek Gupta
Outline Cntext: Dcker Security Tp Custmer Asks Intel s Fcus: Trusted Dcker Cntainers Wh Verifies Trust? Reference Architecture with OpenStack Dem Availability Call t Actin
Dcker Overview in a Slide.. Dcker Hub Lightweight, pen surce engine fr creating, deplying cntainers Prvides wrk flw fr running, building and cntainerizing apps. Separates apps frm where they run.; Enables Micr-services; scale by cmpsitin. Underlying building blcks: Linux kernel's namespaces (islatin) + cgrups (resurce cntrl) +.. Cmpnents f Dcker Dcker Engine Runtime fr running, building Dcker cntainers. Dcker Repsitries(Hub) - SaaS service fr sharing/managing images Dcker Images (layers) Images hld Apps. Shareable snapsht f sftware. Cntainer is a running instance f image. Orchestratin: OpenStack, Dcker Swarm, Kubernetes, Mess, Fleet, Prject Atmic, Lattice Dcker Layers
Dcker Security 5 key Custmer Asks 1. Hw d yu knw that the Dcker Hst Integrity is there? D yu trust the Dcker daemn? D yu trust the Dcker hst has bted with Integrity? 2. Hw d yu verify Dcker Cntainer Integrity Wh wrte the Dcker image? D yu trust the image? Did the right Image get launched? 3. Runtime Prtectin f Dcker Engine & Enhanced Islatin Hw can Intel help with runtime Integrity? 4. Enterprise Security Features Cmpliance, Manageability, Identity authenticatin.. Etc. 5. OpenStack as a single Cntrl Plane fr Trusted VMs and Trusted Dcker Cntainers.. Intel s Fcus: Enable Hardware-based Integrity Assurance fr Dcker Cntainers Trusted Dcker Cntainers
Trusted Dcker Cntainers 3 fcus areas Launch Integrity f Dcker Hst Runtime Integrity f Dcker Hst Integrity f Dcker Images Tday s Fcus: Integrity f Dcker Hst, and hw t use it in OpenStack.
Trusted VMs - Summary Launch VMs n Servers that have demnstrated Bt Integrity Platfrm Trust Measured Launch f Bt Prcess/Cmpnents with Intel TXT. Trust Chain: HW->FW->BIOS->OS/VMM What is measured at launch: Current: F/W, Cre BIOS, OS/VMM Kernel, Initrd Ext measurements: An7OS/FS mdules Schedulers/Orchestratrs Plicy Manager use Trust t launch/create/migrate VMs. Extend Chain f Trust t VMs. Measure & Attest VM Images prir t Launch. Encrypt VM Images and decrypt based n Platfrm Trust (Tenant-Cntrls the Keys) Bundary Cntrl f VMs Cntrl where yur Trusted VMs are launching and migrating. Trust Bundary Trust Bundary vrtm vfw Hst OS/Hypervisr Kernel, Initrd HW w/ Intel TXT/TPM VM-1 Hst OS/Hypervisr Kernel, Initrd++ Tbt HW w/ Intel TXT/TPM Apps VM-2 App App VM-2 Will enable the same mdel and use-cases fr Trusted Dcker Cntainers Tbt Measurements dne at the time f Server bt) Measurements match! System trusted Measurements dne at the time f bt (Server bt and VM Launch) Measurements match! System & VMs Trusted
Trusted Dcker Cntainers - 1 Ensure Dcker Cntainers are launched n Trusted Dcker Hsts Bt-time integrity f the Dcker Hst Measured Launch f Bt Prcess & cmpnents with Intel TXT. Dcker daemn and assciated cmpnent added t TCB and Measured. Chain f Trust: H/w->FW->BIOS->OS- >Dcker Engine Remte attestatin using an Attestatin Authrity* TPM Cntainer C e.g. Nginx Dcker Daemn Hst OS TBOOT cntainer A e.g. Apache HW w/ Intel TXT Cntainer B e.g. Apache v2 Shared Bin/Libs Dcker Hst Platfrm Integrity
Trusted Dcker Cntainers - 2 Ensure that Dcker Images are nt tampered prir t Launch - Launch time integrity f Dcker Images Chain f Trust: H/w->FW->BIOS->OS->Dcker Engine -> Dcker cntainer layers (apache, Ubuntu14.04, ubuntu14,, base) Dcker daemn mdificatin: prir t cntainer launch, measure and verify Dcker image (and parent layer graph recursively) Bundary Cntrl/Ge-Tagging applies equally t Dcker Cntainers as well - Cmpliance Needs. Orchestratr determines lcatin/bundary fr launching Dcker Images. Explring: Dcker Image encryptin & Trustbased Retrieval f Keys Sensitive Cntainer Images (VNFs, PCI-DSS/HIPPA Cntainers.. etc) } Agents TPM Cntainer C e.g. Nginx Dcker Daemn Hst OS TBOOT cntainer A e.g. Apache HW w/ Intel TXT Cntainer B e.g. Apache v2 Shared Bin/Libs Dcker Hst & Cntainer Launch Integrity
Chain f Trust extended t applicatin launch What is measured fr Trusted Dcker Cntainers Trusted launch f cntainerized applicatin Dcker Daemn cntainer management engine (e.g. Dcker engine) Measurement Agents Apache Patch v2 Apache Patch v1 Apache Ubuntu14.04 Ubuntu Initrd++ (includes a measurement agent) Cntainerized applicatin layers (e.g. Dcker image layers) Btlader, Tbt and OS Kernel Bis ACM signed by manufacturer Intel TXT + TPM
What is measured the details System Pwer ON PCR0 PCR0 PCR0+ ENTERACCS: LckCnfig SENTER PCR17 PCR0 + SINIT Hash + PCR18 PCR19 PCR19+ UCde Validates, Measures BIOS ACM ACM Validates, Measures BIOS Init Cde Init TXT & Mem, Lad SMM Measure SMM & ther Trusted Cde Lck TXT & Memry Cnfig Nn- Critical Cde Lad SINIT & OS cde ucde Validates SINIT SINIT Measures TBOOT SINIT Measures OS Kernel Initrd++ Tbt-xm Measures Dcker Engine, ther Launch OS X BIOS Optin ROMs & ther nn-critical mdules OS Measurement Phase 1 (H/W + BIOS) ucde evals BIOS ACM BIOS ACM (evals BIOS init cde) BIOS BIOS Optin ROMs Measurement Phase II (TBOOT, OS, Dcker Engine ) Bt lader ucde (evals SINIT ACM) SINIT ACM (measures OS Kernel, initrd Tbt-xm(agent in initrd) measures DckerEngine, ther cmpnents Surce: Intel
Wh Verifies the Dcker Hst Trust? Scheduler/Cluster Manager/Plicy Manager Scheduler/Cluster Manager Examples OpenStack Dcker Swarm Kubernetes Mess Fleet Trust Filter Remte Attestatin API Attestatin Authrity Image Registry Dcker Engine OS, Initrd++ Agents Agents Trusted Hst Dcker Engine OS/initrd+ Agents TPM v1.2 TPM v1.2 Trusted Hst Dcker Engine OS,Initrd+ TPM v1.2 Attestatin Traffic Principles Of Operatin Cluster Manager determines best hsts in the cluster, based n utilizatin, type, lcatin cmpliance.. etc. (fr this hst list) Cluster Manager verifies Hst Integrity with the Attestatin Authrity. Attestatin Authrity respnds with Attestatin Reprts fr the Hsts Cluster Manager picks best Server that has the Integrity and instantiates Cntainers. Trust Nt Verified.
Trusted Dcker Cntainers & VMs with OpenStack 5 Glance Nva +Agents Dcker Engine OS, Initrd++ Nva + Agents Dcker Engine OS, Initrd++ API Server 1 2 Lcatin Filter Nva Scheduler ImagePrp Filter Trust Filter 3 4 Trusted Hst TPM v1.2 Trusted Hst TPM v1.2 VM1 VM2 Hrizn Trust VM launch Trusted Cntainer Launch Remte Attestatin API Attestatin Authrity (OAT) 5 Nva + Agents Qemu OS Trusted Hst Nva + Agents OS Qemu TPM TPM v1.2 v1.2 TPM v1.2 Trust Nt Verified. 1 Hrizn/API Server : Initiate Launch f Image (with Hypervisr_Type Prperty) 2 Nva Scheduler: ImagePrp Filter excludes Hsts that dn t met Image Hypervisr Type. 3 Nva Scheduler: Runs Trust/Lcatin Filter t identify Trusted Hst (fr VM r Dcker Cntainer) 4 Attestatin Authrity: Challenges Hst t Attest. Prvides Signed Attestatin Reprt t Scheduler t use. Identifies Trusted Hst fr VMs r Dcker Cntainers. 5 Nva Cmpute: Dwnlad Glance Image and Launch. Fr Dcker Images: Nva uses DckerDriver t dwnlad, and laded t Dcker File system with Dcker lad Cmmand.
[ Changes needed in OpenStack Infrastructure OpenStack changes 1. Add hypervisr_type prperty t images Value=qemu fr VM images Value=dcker fr dcker images 2. Activate ImagePrperties filter filters ut hsts that dn t match Value frm Image Hypervisr Type 3. Activate Trust filter in penstack scheduler and trust prperties in images 4. Cnfigure Nva-cmpute t use dcker driver. DEFAULT] cmpute_driver = nvadcker.virt.dcker.dckerdriver Steps at: https://wiki.penstack.rg/wiki/dcker) Dcker Specific changes Fr Dcker Image Integrity: Mdified Dcker daemn t intercept cntainer launch request and call measurement agent befre launch Manifest/trust-plicy created and assciated with each Dcker layer Infrastructure related changes TXT/TPM hardware; TXT/TPM activatin n the clusters Attestatin Server is setup
Dem
Summary & Call t Actin Intel s fcus: Enable Hardware-based Integrity assurance fr Dcker Cntainers Trusted Dcker Cntainers Enabling the same mdel as we have dne fr VMs. Intel TXT and Attestatin Sftware becmes the fundatin fr asserting Dcker Hst Integrity.. Intel ikgt (Kernel Guard Technlgy) can help in runtime integrity prtectin f the Linux Kernel. OpenStack can launch VMs and Cntainers with the extensins that are already mainstream (Trusted Cmpute Pls) Get engaged, get started with Trusted VMs and OpenStack. Extensins t OpenStack fr Trusted Dcker cntainers, will be available in Q3 timeframe. ikgt is available nw n 01.rg. Dwnlad it and try it ut.
Q & A