Visible to the public A Kubernetes CI/CD Pipeline with Asylo as a Trusted Execution Environment Abstraction Framework

Submitted by grigby1 on Mon, 12/20/2021 - 1:18pm
TitleA Kubernetes CI/CD Pipeline with Asylo as a Trusted Execution Environment Abstraction Framework
Publication TypeConference Paper
Year of Publication2021
AuthorsMahboob, Jamal, Coffman, Joel
Conference Name2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC)
Date PublishedJan. 2021
PublisherIEEE
ISBN Number978-1-6654-1490-6
KeywordsAir gaps, Asylo, cloud computing, composability, Conferences, Containers, continuous integration / continuous deployment (CI/CD), devsecops, Harbor, Human Behavior, Kaniko, Kubernetes, Metrics, Organizations, Pipelines, pubcrawl, resilience, Resiliency, security, Tekton, trusted execution environment (TEE), Virtual machining
AbstractModern commercial software development organizations frequently prescribe to a development and deployment pattern for releases known as continuous integration / continuous deployment (CI/CD). Kubernetes, a cluster-based distributed application platform, is often used to implement this pattern. While the abstract concept is fairly well understood, CI/CD implementations vary widely. Resources are scattered across on-premise and cloud-based services, and systems may not be fully automated. Additionally, while a development pipeline may aim to ensure the security of the finished artifact, said artifact may not be protected from outside observers or cloud providers during execution. This paper describes a complete CI/CD pipeline running on Kubernetes that addresses four gaps in existing implementations. First, the pipeline supports strong separation-of-duties, partitioning development, security, and operations (i.e., DevSecOps) roles. Second, automation reduces the need for a human interface. Third, resources are scoped to a Kubernetes cluster for portability across environments (e.g., public cloud providers). Fourth, deployment artifacts are secured with Asylo, a development framework for trusted execution environments (TEEs).
URLhttps://ieeexplore.ieee.org/document/9376148
DOI10.1109/CCWC51732.2021.9376148
Citation Keymahboob_kubernetes_2021
Groups: