Beyond Containers: Anjuna Seaglass pioneers Confidential Pods in Azure Kubernetes Service

Beyond Containers: Anjuna Seaglass pioneers Confidential Pods in Azure Kubernetes Service
Ofir Azoulay-Rozanes
Director of Product Management
Published on
Jan 30, 2024
Confidential Computing is a pivotal technology in securely migrating sensitive workloads to the cloud and bolstering the security of existing cloud-based operations, and is a powerful approach to address brand-new cyber risks created by AI data processing and model protection.
https://www.anjuna.io/blog/beyond-containers-anjuna-seaglass-pioneers-confidential-pods-in-azure-kubernetes-service

Confidential Computing is a pivotal technology in securely migrating sensitive workloads to the cloud and bolstering the security of existing cloud-based operations, and is a powerful approach to address brand-new cyber risks created by AI data processing and model protection.

This technology solves critical trust challenges and protection of data and code, and serves a crucial role by thwarting potential breaches from malicious insiders, whether they are employees of the Cloud Service Provider (CSP) or administrators within your organization. It achieves this by safeguarding sensitive data at all stages: while at rest, in transit, and during active use.

By leveraging remote attestation, Confidential Computing acts as a barrier against unauthorized access to crucial initial secrets and sensitive configuration data required when starting the application. This initial data, imperative for your workloads to initialize, typically necessitates storage in plaintext on disk in the absence of Confidential Computing, exposing the sensitive data directly to anyone who has access to the application images on the disk.

As cloud workloads increasingly utilize Kubernetes as the primary orchestrator, there's a growing necessity to integrate support for Confidential Computing within Kubernetes.

“A record high of 96% of organizations are either using or evaluating Kubernetes – a major increase from 83% in 2020 and 78% in 2019”  - State of Kubernetes 2023: Report Roundup - Splunk

In November of 2023, we announced Anjuna Seaglass, the world’s first Universal Confidential Computing Platform. Anjuna Seaglass pioneered Confidential Computing integration with Kubernetes by supporting AWS Elastic Kubernetes Service (EKS) on AWS Nitro Enclaves. Now, we're excited to extend our generally available support to Microsoft Azure Kubernetes Service (AKS) leveraging AMD SEV-SNP technology.

Confidential Nodes or Confidential Pods?

When considering support for Confidential Computing in Kubernetes, two approaches emerge: deploying a Confidential Node or utilizing a Confidential Pod.

The Confidential Node method involves running the entire Kubernetes node within a Trusted Execution Environment (TEE).

With the Confidential Pod approach, individual Pods requiring heightened security operate within their own distinct TEEs.

While both approaches harness Confidential Computing technology, the Confidential Pod method offers a heightened security level for two primary reasons:

  • A reduced attack surface and
  • The ability to leverage remote attestation

Reduced Attack Surface

In a Confidential Node setup, the entire node constitutes the attack surface. If a malicious administrator gains SSH access, they can potentially breach the memory of each Pod running within it. Similarly, any zero-day vulnerability that opens a back door into the node, enables access to any Pod’s memory.

Conversely, with a Confidential Pod setup, even with root access to the node, accessing the memory of individual Pods is infeasible as each Pod operates within its own TEE, providing an added layer of security.

In considering the attack surface of a Pod within a Confidential Node, a critical concern is the vulnerability to a malicious insider through SSH or `exec` access to the Pod, thereby obtaining unrestricted access to its sensitive data and the ability to modify its code. The implementation of a Confidential Pod addresses this vulnerability by default, effectively blocking SSH access. This proactive measure serves as a robust defense, preventing potential exploits and ensuring comprehensive protection of sensitive resources.

Remote Attestation

When a workload operates within a TEE, an attestation quote can be generated, providing robust hardware-backed evidence for two key aspects:

  • Confirmation of the workload's execution within the TEE.
  • Measurement of the software encapsulated within the TEE.

By combining these pieces of evidence, a remote client or server interfacing with the workload can validate its execution within the TEE, ensuring the right software version is in use before granting access to sensitive content.

In a Confidential Node scenario, the attestation quote will be generated for the entire node before any Pod initializes within it. Consequently, the software measurement reflects the state of the entire node, regardless of the specific Pods that will later run within it. This approach significantly diminishes the effectiveness of remote attestation for Pods running within a Confidential Node.

Within a Confidential Pod scenario, the attestation quote is tailored to the individual Pod, ensuring that the software measurement accurately represents the specific workload. This precision enables the effective use of remote attestation, fostering trust in workloads operating within Confidential Pods.

Anjuna Seaglass adds support for Microsoft AKS with AMD SEV-SNP

Anjuna Seaglass is now capable of facilitating the launch of Confidential Pods within Azure's Managed Kubernetes Service, leveraging AMD SEV-SNP technology.

Our seamless integration empowers users to effortlessly configure any existing Pod to operate within a Confidential Pod on AKS without requiring modifications to the original Pod.

Operating your Pod within a Confidential Pod grants access to remote attestation capabilities, ensuring the delivery of secrets exclusively to Pods executing within a TEE and operating with trusted software versions. This approach diverges from traditional Kubernetes methods, where cluster administrators can access provided secrets. Remote attestation guarantees that only the Confidential Pod itself can access the secrets it receives. Additionally, as each Confidential Pod operates within its own TEE, isolated from others, access to dedicated secrets remains exclusive to the specific Confidential Pod.

One of the critical features of Anjuna Seaglass is the Anjuna Policy Manager, an attestation-aware secrets store that enables the exclusive delivery of secrets to trusted Confidential Pods based on their unique software measurements.

By introducing support for running Confidential Pods on Microsoft AKS with AMD-SEV-SNP, Anjuna remains at the forefront of enabling Confidential Computing across diverse cloud platforms, on-premises environments, various Confidential Computing technologies, and multiple runtime environments.

If you want to take our universal platform for a test run, register for the Anjuna Seaglass free trial.

More like this
Get Started Free with Anjuna Seaglass

Try free for 30 days on AWS, Azure or Google Cloud, and experience the power of intrinsic cloud security.

Start Free