A Scalable, Trustworthy Infrastructure for Collaborative Container Repositories

TL;DR

This paper introduces a scalable and trustworthy infrastructure for storing container images, ensuring integrity, availability, and confidentiality using Merkle trees and a trusted module, capable of handling millions of images efficiently.

Contribution

The paper presents a novel scalable architecture for container repositories that guarantees security properties using index-ordered Merkle trees and a trusted module, with demonstrated logarithmic scalability.

Findings

Scalable to 32 million images with logarithmic time complexity

Provides integrity, availability, and confidentiality assurances

Includes algorithmic and software proof-of-concept implementations

Abstract

We present a scalable "Trustworthy Container Repository" (TCR) infrastructure for the storage of software container images, such as those used by Docker. Using an authenticated data structure based on index-ordered Merkle trees (IOMTs), TCR aims to provide assurances of 1) Integrity, 2) Availability, and 3) Confidentiality to its users, whose containers are stored in an untrusted environment. Trust within the TCR architecture is rooted in a low-complexity, tamper-resistant trusted module. The use of IOMTs allows such a module to efficiently track a virtually unlimited number of container images, and thus provide the desired assurances for the system's users. Using a simulated version of the proposed system, we demonstrate the scalability of platform by showing logarithmic time complexity up to $2^{25}$ (32 million) container images. This paper presents both algorithmic and proof-of-concept software implementations of the proposed TCR infrastructure.