Advocate -- Trustworthy Evidence in Cloud Systems

TL;DR

Advocate is an agent-based system that generates verifiable, tamper-resistant evidence of cloud-native application operations, enhancing trust and auditability in dynamic cloud environments.

Contribution

It introduces a novel, extensible system that integrates with existing cloud tools to provide trustworthy, privacy-preserving evidence for cloud applications.

Findings

Supports auditing and policy verification in cloud systems

Provides tamper-resistant and privacy-preserving evidence trails

Easily integrates with Kubernetes and tracing tools

Abstract

The rapid evolution of cloud-native applications, characterized by dynamic, interconnected services, presents significant challenges for maintaining trustworthy and auditable systems, especially in sensitive contexts, such as finance or healthcare. Traditional methods of verification and certification are often inadequate due to the fast-past and dynamic development practices common in cloud computing. This paper introduces Advocate, a novel agent-based system designed to generate verifiable evidence of cloud-native application operations. By integrating with existing infrastructure tools, such as Kubernetes and distributed tracing systems, Advocate captures, authenticates, and stores evidence trails in a tamper-resistant manner. This approach not only supports the auditing process but also allows for privacy-preserving evidence aggregation. Advocate's extensible architecture facilitates its deployment in diverse environments, enabling the verification and adherence to policies and enhance trust in cloud services.