Kubernetes

CoreOS offers a Trusted Computing Platform for Distributed Containers

2 Dec 2015 8:20am, by

CoreOS has launched a trusted computing platform to run secure containers.

The package, called Distributed Trusted Computing, can be used to secure the entire operational stack. “From the all the way down to hardware up to the distributed system, you have a high degree of integrity and trust of what is running in your environment,” said Alex Polvi, CEO of CoreOS. CoreOS debuted the package at the company’s Tectonic Conference, held this week in New York.

The package could help make container-based architectures feasible in highly secure or policy-driven environments that might have eschewed containers before due to a lack of verification about the security of the system.

Distributed Trusted Computing is unusual in that it uses Trusted Platform Modules (TPM), a standard for generating processor-based encryption keys. With a processor that supports TPM, a system can establish a chain of trust that verifies that the software hasn’t been compromised down to the hardware layer.

“Trusted computing ensures that a computer is only running what has been authorized to run,” Polvi said. “Before the [server] OS is even booted, the firmware on the machine verifies that what it is about to launch is trusted, and the thing that it launches then in turn verifies the next step, and so forth. We carry the chain all the way up to the Kubernetes layer.”

A trusted system of this sort could be valuable in a number of ways, Polvi explained. By blocking low-level attacks through the firmware or the OS, the system could provide the basis for secure computing even in multi-tenant environments. It could provide a way to verify that the containers of a container have not been tampered with, and provide a verifiable record of when containers are run.

The package also includes Kubernetes, which is used for managing large numbers of containers, as well as CoreOS’ own container runtime, called rkt, and the company’s eponymously-named container-focused Linux distribution.

With Distributed Trusted Computing, Kubernetes will only recognize servers that have been booted and verified through TPM. Likewise, only containers that have been digitally signed with trusted keys can run on the Kubernetes cluster.

Trusted-Computing-002-dark[6]

Security has been an increasing concern in the world of containers and microservices. Last month Docker  unveiled new technologies to sign container images, using the YubiKey two-factor authentication.

“The YubiKey solution that Docker announced addresses a slightly different problem space, and is focused on the build, ship, run workflow, allowing developers to easily integrate with notary, and produce signed containers,” wrote RedMonk industry analyst Fintan Ryan, in an e-mail.

In contrast, “the support for the TPM modules built into individual compute nodes from CoreOS is aimed at securing the hardware as well, and is particularly interesting to organizations [that] may be hosted in a third-party data center or using a managed service provider, and who wish to ensure that their entire stack, from firmware up, can be verified,” Ryan wrote. He expects similar packages to be offered by additional companies over the coming year.

“We’re pretty excited about trusted computing,” said Paul Morgan, systems architect, for the International Securities Exchange, during a presentation at the Tectonic Summit.  “As a regulated financial service, we owe it to our members and ourselves to have guarantees about the integrity of our software and hardware.”

CoreOS and Docker are sponsors of The New Stack.

Feature Image: Robert Cornish, Paul Morgan, of the International Securities Exchange, speaking at the Tectonic Summit.

A newsletter digest of the week’s most important stories & analyses.