SGX-Aware Container Orchestration for Heterogeneous Clusters

TL;DR

This paper explores integrating Intel SGX secure enclaves into Kubernetes for heterogeneous cloud clusters, detailing architecture, implementation, and performance evaluation to enhance container security.

Contribution

It introduces a comprehensive architecture and implementation for SGX support in Kubernetes, including scheduler, OS support, and kernel extensions, with real-world performance analysis.

Findings

Successful integration of SGX in Kubernetes environment

Performance trade-offs identified for SGX-enabled containers

Evaluation using Google Borg traces demonstrates practical viability

Abstract

Containers are becoming the de facto standard to package and deploy applications and micro-services in the cloud. Several cloud providers (e.g., Amazon, Google, Microsoft) begin to offer native support on their infrastructure by integrating container orchestration tools within their cloud offering. At the same time, the security guarantees that containers offer to applications remain questionable. Customers still need to trust their cloud provider with respect to data and code integrity. The recent introduction by Intel of Software Guard Extensions (SGX) into the mass market offers an alternative to developers, who can now execute their code in a hardware-secured environment without trusting the cloud provider. This paper provides insights regarding the support of SGX inside Kubernetes, an industry-standard container orchestrator. We present our contributions across the whole stack supporting execution of SGX-enabled containers. We provide details regarding the architecture of the scheduler and its monitoring framework, the underlying operating system support and the required kernel driver extensions. We evaluate our complete implementation on a private cluster using the real-world Google Borg traces. Our experiments highlight the performance trade-offs that will be encountered when deploying SGX-enabled micro-services in the cloud.