Collaboration yields results. At the ONUG Digital Live event this past spring, leading contributors to the ONUG Security Working Group presented a reference architecture for container security, which was then followed by an open reference solution that matched the outlined architecture. Years of work and input from industry leaders yielded a solution that ensures confidentiality, integrity and availability for container-based workloads. Forrest Bennett of FedEx served as moderator, while Bob Wysocki and Anmol Kulkarni of Microland, Michael Clark of Renaissance Technology, and Adam Hughes of Sylabs explained the architecture and the solution. Here’s a summary of their discussion.
The ONUG Security Working Group focused their attention on developing reference architecture that addresses flaws in the confidentiality, integrity and availability of container-based workloads. While not going so far as to say the reference solution is ONUG-approved, it does provide a viable security approach in the complex multi-cloud, open source world. Michael Clark opened the discussion by providing an overview of the vulnerabilities of container security.
Clark emphasized that container security is only as secure as its underlying infrastructure. The container workload itself has not provided protection against runtime, side channel attacks that come from compromised hardware, microarchitecture defects, subverted microcode or implants. Additionally, there is no protection from runtime memory introspection attacks that come from host operating environments. Attackers pose a threat to both the confidentiality and integrity of a container workload.
The Linux Kernel is not exempt from security flaws. Vulnerabilities exist related to namespace handling, which can cause privilege escalation and/or container breakout. Container runtime patching does not fix any of these issues. Adding to the complexity, is the fact that security models vary across cloud security providers (CSP). There is no comprehensive set of standards that all CSPs must adhere to. In a nutshell, private cloud security does not address container security adequately.
The main goal of the reference architecture is to address the above challenges. Through use cases and collaboration the ONUG group’s aim was to “identify what could be done to secure the confidentiality and integrity of a given workload as it resides and transits through a container environment,” explained Clark.
Productivity was given priority over security when container technology was being developed. To fill the security gap, we must identify the trustworthiness of the overall environment, monitoring for changes during runtime, both within the container and the larger environment. At the same time, Clark explained we must see the workload as a discrete unit that we are trying to protect. To boost the confidentiality and integrity of container workloads, the reference architecture has three requirements.
In order for the reference work to function as intended, Clark identified these assumptions that must be made.
Next, the group discussed how Microland and Sylabs worked together to take the reference architecture and turn it into a solution for container security that was easily reproducible, and required little cost and minimal integration. Bob Wysocki and Adam Hughes explained these five pillars of the solution.
Wysocki explained that Singularity and its SIF ensure the confidentiality and integrity of the workload, while the OPA and SB ensure the confidentiality and integrity of the runtime environment.
Bob Wysocki next explained how to put the solution into practice using three operating modes.
Don’t forget to mark your calendar for the Fall ONUG conference on October 14th and 15th.