Hardware-Enforced Integrity and Provenance for Distributed Code Deployments. (arXiv:2106.09843v1 [cs.CR])

Deployed microservices must adhere to a multitude of application-level
security requirements and regulatory constraints imposed by mutually
distrusting application principals–software developers, cloud providers, and
even data owners. Although these principals wish to enforce their individual
security requirements, they do not currently have a common way of easily
identifying, expressing and automatically enforcing these requirements at
deployment time. CDI (Code Deployment Integrity) is a security policy framework
that enables distributed application principals to establish trust in deployed
code through high-integrity provenance information. We observe that principals
expect the software supply chain to preserve certain code security properties
throughout the creation of an executable bundle, even if the code is
transformed or inspected through various tools (e.g., compilation inserts stack
canaries for memory safety). Our key insight in designing CDI is that even if
application principals do not trust each other directly, they can trust a
microservice bundle to meet their security policies if they can trust the tools
involved in creating the bundle.