-
Notifications
You must be signed in to change notification settings - Fork 48
Glossary
Note:
Many terms not defined here are defined in the Kata Containers glossary.
See also the Acronyms page.
0-9 | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
IBM Adjunct Processor (AP) is the bus used by IBM Crypto Express hardware security modules on IBM Z & LinuxONE (s390x).
A form of cryptography that uses different keys for encryption and decryption. See Public Key Cryptography.
A process allowing to establish the identity or integrity of a computer resource. In the case of confidential containers, attestation offers guarantees to the owner about the execution environment as well as about the workload running in it.
See Attestation agent.
A user space authentication service that runs as a daemon inside the VM guest. It provides services to an encrypted container library to help decrypt the encrypted image layers.
The Attestation Agent provides secrets to guest user space after facilitating the measurement of the guest. Usually these secrets are container decryption keys used by the encrypted container library to decrypt confidential workloads.
The Attestation Agent has a modular interface that supports many different Key Broker Clients (KBCs). KBCs carry out secret provisioning in conjunction with a trusted Key Broker Service (KBS):
-
A
GetResourcegRPC call to the agent results in it requesting one of the following resources:- Public keyring (the Key Encryption Key) from the KBS.
- Policy File.
-
sigstore. - Configuration file.
-
An encrypted container library makes an
UnWrapKeyKeyProvidergRPC call. The agent selects the appropriate KBC by looking at the name specified in theUnwrapKeycall and uses this to call the appropriate KBS to decrypt the encrypted payload stored in the image layer annotation.
Decoupling the encrypted container library from the KBS implementations provides flexibility since the agent can provide a generic, consistent interface to potentially differing KBS implementations.
In RATS parlance, the AA is the "attester".
See Encrypted Container Image.
A server, such as the attestation agent, that provides attestation services.
Verifies the measurement provided to it by the key broker service.
In RATS parlance, the AS is the "verifier".
A form of encryption that assures the confidentiality and authenticity of data.
A form of authenticated encryption that allows the recipient to check the integrity of both the encrypted and unencrypted information in a message.
The three desirable features of a secure system:
- Confidentiality
- Integrity
- Availability
A form of computing that protects in-use data, as opposed to data at rest (in persistent storage) or in transit (network communications).
See Confidential Computing Technology.
Arm confidential computing technology.
| Vendor | Architecture | Technology |
|---|---|---|
| AMD |
x86_64, amd64
|
SEV-ES, SEV-SNP |
| ARM | aarch64 |
CCA |
| IBM | Power (ppc64le) |
PEF |
| IBM | Z & LinuxONE (s390x) |
SE |
| Intel |
x86_64, amd64
|
SGX, TDX |
An application of confidential computing to run containers. Confidential Containers.
The Confidential Computing Consortium is a community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration.
In Intel TDX Virtual Firmware, a configuration volume measured at runtime, to include all the provisioned data.
A searchable collection of container images such as https://hub.docker.com and https://quay.io. May be local or accessible remotely.
The result of the signing process used to sign the Encrypted Container Image.
Contains two artefacts:
- JSON payload
- OpenPGP cryptographic signature of JSON payload created by signing the JSON payload using the owner's private key.
Once created, this will either live in a registry along
with the Encrypted Container Image, or
in a sigstore.
The part of the system that starts and stops the data plane.
The Cloud Native Computing Foundation (CNCF) serves as the vendor-neutral home for many of the fastest-growing open source projects, including Kubernetes, Prometheus, and Envoy.
Cloud Native Security is the security framework in which confidential containers is being developed.
Cloud service providers are companies that establish public clouds, manage private clouds, or offer on-demand cloud computing components (also known as cloud computing services) like Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service(SaaS). Cloud services can reduce business process costs when compared to on-premise IT.
Working with potentially untrusted infrastructure provided by cloud service providers is an important design objective for confidential containers.
Another name for the Container Image Signature File.
Extensible volume layer for Kubernetes.
A Cryptographic Service Provider provides encryption and decryption services, possibly with the benefit of hardware acceleration.
The part of the system that processes data.
See Control plane.
Generally refers to decoding the encrypted layers in an Encrypted Container Image.
Before the image can be decrypted it needs to be pulled from an image registry.
When the encrypted image is available locally, only the intended recipient of the image will be able to decrypt it since the encrypted layers of the image were created using the recipients public key and only the recipient has the corresponding private key.
To perform the decryption, the
Kata Containers agent,
via the encrypted container library,
calls the Attestation Agent's
UnwrapKey API for each layer in the image, specifying
the following details:
- Key Broker Client name
- Key Broker Service URI
- The Image layer annotation details.
The Attestation Agent then communicates these details to the KBS and returns the decrypted PLBCO, including the LEK.
See also Encryption.
An extension to the CIA triad that adds the following properties:
- Distributed
- Immutable
- Ephemeral
Generally refers to uploading an Encrypted Container Image to an image repository.
Alternative image validation technology to the Encrypted Container Image method.
A secure set of resources. The term is used extensively when referring to Software Guard Extensions.
For more details, see the definition in the Kata Containers Glossary.
A set of mechanisms, initially defined in Inclavare Containers, to perform attestation across enclaves.
Allows a secure and trusted TLS channel to be established between the Key Broker Client (KBC) and the Key Broker Service (KBS). The TLS channel is used to send the decryption key of the encryption container image.
A container image based on the OCI image specification but with the addition of encrypted layer metadata.
Notes:
- In the context of Confidential Containers, the image only exists in the context of the enclave / Container: it is not accessible from the host environment.
- An "encrypted image" has to contain at least one encrypted layer, but may also contain any number of unencrypted layers.
See Encryption and Decryption.
Projects such as
ocicrypt and
ocicrypt-rs that
implement the encrypted layer media type of the
OCI image specification.
Generally refers to encoding one or more layers in an Encrypted Container Image.
Steps:
-
A symmetric key is generated.
-
The symmetric key is used to encrypt the relevant image layer(s) to create an Encrypted Container Image.
This is handled by the Kata Containers agent calling the Attestation Agent's
WrapKeyAPI for each layer in the image.The Attestation Agent communicates the request to the KBS which encrypts the PLBCO using the KEK.
-
The symmetric key is then wrapped using KEK, which is owned by the intended recipient of the image.
-
The wrapped key is added to the container image manifest
The key becomes part of the encrypted PLBCO.
The encrypted image and the wrapped key can then be uploaded to a public registry (distribution).
See also Decryption.
The Extensible Firmware Interface (EFI) is the original Intel portable platform firmware for Itanium and x86, which evolved into UEFI)
A part of the quote being send during attestation.
A storage volume accessible by the firmware. See Configuration Firmware Volume
Firmware is low-level control software for a particular device or platform. In the case of confidential containers, two pieces of firmware are particularly relevant: the host platform firmware, which provides services necessary to establish a trusted execution environment, and the guest firmware, part of the initial guest boot sequence, which, depending on the platform, may need to provide secrets to the guest or be part of the measured payload during attestation.
TODO: Add explanation of relevance for CC.
A libOS for Software Guard Extensions.
See:
GSC refers to containers protected by Intel SGX enclaves using the Gramine Library OS.
TODO: Add explanation of relevance for CC.
Another term for Key broker service.
A type of encryption that allows operations to be performed on the encrypted data without decrypting it first.
TODO: Add explanation of relevance for CC.
IBM-specific host certificate.
A physical device that safeguards and/or manages cryptographic keys, and provides cryptographic processing, typically to protect the keys against tampering or to enforce specific cryptographic protocols.
Hardware-based trusted execution environment.
TODO: Add explanation of relevance for CC.
In the context of confidential containers, this usually refers to the OCI Image Format specification.
Intel Security Libraries for Data Center, also known as SECL-DC or ISECL, is an open-source remote attestation implementation.
TODO: Add explanation of relevance for CC.
An implementation of a container runtime that uses virtualization to provide additional isolation. There is a significant overlap both in terms of code and community between Kata Containers and Confidential Containers.
A Key Broker Client (KBC) is a module of the Attestation Agent and a client of a Key Broker Service (KBS). A KBC carries out whatever operations are required from a guest to facilitate a measurement and receives secrets from a trusted KBS.
-
An online KBC creates a persistent secure connection with a KBS that can be used to receive secrets for the duration of the guest.
-
An offline KBC does not have a persistent secure connection and instead relies on secret material injected at startup or provided via a secure boot image.
A specific instance of the
An instantiated Key Broker Client object that
exists in the Attestation Agent and which
actually handles [UnWrapKey] requests.
A Key Broker Service (KBS) is a trusted service that verifies guest measurements and conditionally provides secrets to a Key Broker Client. Note that this can also be called "Key Broker Server" or Guest Owner Proxy.
In RATS parlance, the KBS is the "relying party".
The KBS:
- Provides services to the attestation agent.
- Sends the measurement to the Attestation service which verifies it.
- Requests a key from the key management service.
- Returns the key to the attestation agent.
The protocol used by the Key Broker Service and Key Broker Client to communicate. Examples are:
The KEK is the public key used to encrypt the symmetric key which is used to encrypt and decrypt an image.
See Encrypted Container Image.
The Key Management Interoperability Protocol is an extensible communication protocol to exchange cryptographic keys with a key management service server.
A key management service facilitates the storage, management and exchange of cryptographic keys.
An application that implements the Key Provider Protocol.
The Key Provider Protocol provides a protocol for handling Wrapped keys. It defines the following APIs:
An application, such as the Attestation Agent, that implements the Key Provider Protocol API.
In the encrypted image specification, the Layer Encryption Key is an encryption key specific to each individual layer in the Encrypted Container Image.
A "libOS" is a lightweight "runtime" for applications running inside an
Enclave. It is usually implemented as a shared library and
provides support for libc and system calls.
An example is Gramine.
Linux Unified Key Setup (LUKS)
is the Linux disk encryption specification used by dm-crypt and cryptsetup.
Confidential containers will use LUKS for in-guest storage, in order to ensure
that data at rest remains inaccessible to the host.
Attestation between two parties on the same physical hardware system.
The opposite of Remote attestation.
A kind of attack where a "bad actor" (malicious entity) attempts to listen to and possibly modify a secure communication between two parties.
A signed document that provides "evidence" of the system (details of a system artefact, such as an SGX enclave).
TODO: Add explanation of relevance for CC.
The Open Policy Agent is a policy-based control for cloud native environments.
Open VM Firmware is a specific UEFI firmware used by hypervisors.
Functions provided by Gramine's libOS that provide host ABI support for workloads running inside an SGX enclave.
TODO: Add explanation.
TODO: Add explanation.
A JSON file called policy.json which is a required artefact that
specifies how Encrypted Container Images
are pulled from a registry.
A base64 (ASCII) encoded digital signature.
On AMD SEV, the firmware identifies itself by an asymmetric signing key generated during the one-time configuration steps taken before the platform may be put into production. This key is called the Platform Endorsement Key (PEK) and is used to sign the Platform Diffie-Hellman key (PDH). By signing this key, the firmware authenticates the cryptographic contexts built with the PDH. Reference: section 1.2.2 of Secure Encrypted virtualization API
An Encrypted Container Image that has also been signed.
IBM Power 9 feature that enables SVM's.
See public key and private key.
PKI is a system for managing digital certificates.
Refers to downloading an image from a registry.
The secret half of an public key cryptography asymmetric key pair that must never be shared with other parties. Used for signing.
The non-private half of an public key cryptography asymmetric key pair that can be shared publicly to any number of parties. Used for checking a file signed with a private key and encrypting files to send to the owner of the private key.
A JSON object defined in the encrypted image format that is used to convey private metadata about layer encryption. It is part of a container image's layer annotation.
A JSON object defined in the encrypted image format that is used to store public metadata about layer encryption.
TODO: Add explanation.
Attestation between two parties on different physical hardware systems.
The opposite of Local attestation.
Remote Attestation Procedures (RATS) is an IETF specification that defines how a remote entity can assess the trustworthiness of a particular peer.
Method used by the Key Broker Service (KBS) to facilitate guest attestation and secret injection.
A Trusted Execution Environment that allows code to be executed privately and in a tamper proof manner.
See Confidential Computing Technology and Software Guard Extension.
IBM SE is a hardware-based security technology built into IBM Z & LinuxONE systems.
Another name for the Container Image Signature File.
A signature store. This may be a container registry or a separate storage facility (even a local directory).
AMD's Secure Encrypted Virtualization (SEV) provides memory encryption, using one key per virtual machine to isolate guests and the hypervisor from one another.
Two variants relevant to confidential variants are:
-
SEV-ES AMD's Secure Encrypted Virtualization-Encrypted State Adds CPU state integrity protection to SEV by encrypting all CPU register contents in the hypervisor-accessible state.
-
SEV-SNP AMD's Secure Encrypted Virtualization Secure Nested Paging. SEV-SNP extends SEV-ES to provide integrity protection for memory pages, interrupts and more. Unlike SEV-ES, SEV-SNP provides an attestation report to the guest at runtime.
A secured VM.
Adding a digital signature to a file (which may be in binary or ASCII armored format). The signature is a hash of the original data that is then encrypted using the private key.
This is useful since if it is possible to decrypt the signature with a copy of the public key, this proves the unencrypted file must have been encrypted with the private key, which proves the unencrypted version of the file must have originated from the holder of the private key.
Intel Software Guard Extensions (SGX), see also SGX in the Kata Containers Glossary.
A secure hash algorithm (SHA) is a family of cryptographically-secure hash functions.
TODO: Add explanation of relevance for CC.
A form of cryptographic encryption which uses the same (symmetric) key for encryption as decryption. An example is AES.
A cryptographic key that is used for both encryption and decryption. Note the difference between this key and a public key or private key: if you possess the symmetric key, you have "full control" over encryption and decryption.
In the context of Confidential Containers, a wrapped symmetric key is used to encrypt and decrypt an image: the underlying symmetric key is protected since it is encoded with the Key Encryption Key.
See also: Encryption.
A Linux kernel iSCSI target (server):
TCM in Userspace. A UIO iSCSI target (server).
The process which "owns" or lives inside the container.
Transparent Data Encryption TODO: Add explanation of relevance for CC.
A virtual machine protected by Intel(r) Trust Domain Extensions
Trust Domain Extensions (TDX) is one of Intel's core technology for confidential computing. See TDX in the Kata Containers Glossary.
Trust Domain Extensions is sometimes miswritten as Trusted rather than Trust. See TDX in the Kata Containers Glossary.
The amount of the system relied on for secure operation of the workload in question. See Trusted Computing Base.
A Trusted Execution Environment (TEE) is a secure partitioning of memory and compute. It is implemented through technologies like SGX, TDX or SEV.
Cryptographic protocol used to provide a secure channel over a computer network. Used by the Enclave Attestation Architecture.
A trusted platform module (TPM) is a dedicated secure cryptoprocessor or microcontroller used to store secrets such as cryptographic keys.
Intel's Trusted Execution Technology (TXT) is a set of hardware extensions to Intel processors and chipsets that allow the authenticity of a system to be attested.
A Key Provider Protocol API that unwraps (or unpacks) a wrapped key as part of the decryption process.
Linux kernel feature that allows device drivers to be run outside the kernel:
Unified Extensible Firmware Interface (UEFI) is a standardized version of EFI.
TODO: Add explanation of relevance for CC.
TODO: Add explanation of relevance for CC.
A Key Provider Protocol API that wraps a key as part of the encryption process.
A cryptographic key that has been encrypted using another private key. The protocol used is defined by the Key Provider Protocol.
A compression algorithm
also referred to as zstd, used by the
image-rs
project to handle compressed container image layers.
See Zstandard.
0-9 | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z