High Assurance Containerization and Orchestration

TECHNOLOGY AREAS: Information Systems OBJECTIVE: Develop high assurance containerization and orchestration capabilities for assuring security, resiliency and readiness of various Air Force and Space Force capability deployments. Deployments should target specific use-cases involving cross domain solutions, microservices in critical aircraft flight control systems, and multi-domain connectivity; deployments should also be compatible with the broader context including cloud, IoT, and Edge computing. DESCRIPTION: Containers and container orchestration technology are becoming more popular due to the performance benefits, portability, and the ability to leverage them in many different environments/architectures. However, security remains the barrier to widespread adoption in operational environments. The container threat model is headlined with the lack of high assurance and weak security isolation properties. Design and develop an architecture for high assurance container and container orchestration capabilities. The challenge is for the architecture to integrate well with existing containerization technologies (e.g. Docker, Kubernetes, etc.) and be applicable to both cloud computing and IoT environments while providing high assurance through the following essential security properties: data separation, authorized information flow, assured sanitization, damage limitation, and attestation. Results must show a clear mitigation for the following risks associated with containerization without relying on security or trust of pre-existing containerized applications: cross-tenant attacks (failed isolation), data breach, access control violation, large tech stack, and container-host overload (DOS related). In other words, the architecture must not need to trust container applications in order to provide high assurance to the host and API nodes. PHASE I: Define and develop initial architecture concept for high assurance containerization and orchestration capabilities. Target cloud and IoT environments with high assurance guarantees to protect applications such as cross domain solutions, aircraft flight control systems, and multi-domain connectivity. Include high-level capabilities design and description for a prototype that would be built in Phase 2. PHASE II: Based on initial architecture concept, high-level capabilities prototype design and description, develop a detailed framework and architecture design for a high assurance containerization and orchestration ecosystem. Develop and demonstrate a high assurance prototype that can be applied to both cloud and IoT environments and fit well within existing technology stacks. Testing requirements include performance evaluation using micro and large-scale distributed benchmark suites and security guarantees and requirements validation. Demonstrate capabilities against set of test scenarios. PHASE III DUAL USE APPLICATIONS: The goal for Phase III is to utilize containerization capabilities developed in Phase 2 beyond the DoD. The expected Phase III entry is at TRL6 with an ending at TRL9. The Phase III effort would bring the developed technology to the following DoD and commercial markets/applications: automotive, satellites, space systems, cloud deployment. Success and transition of containerization capabilities depends on communication/interoperability with multiple sectors. REFERENCES: 1. SCONE: Secure Linux Containers with Intel SGX - https://www.usenix.org/system/files/conference/osdi16/osdi16-arnautov.pdf; 2. A review of native container security for running applications - https://www.sciencedirect.com/science/article/pii/S187705092031704X; 3. DoD Enterprise DevSecOps Strategy Guide - https://dl.dod.cyber.mil/wp-content/uploads/devsecops/pdf/DoDEnterpriseDevSecOpsStrategyGuide.pdf; 4. Container Security: Issues, Challenges, and The Road Ahead - https://ieeexplore.ieee.org/document/8693491; 5. vCDS: A Virtualized Cross Domain Solution Architecture - https://ieeexplore.ieee.org/document/9652903 KEYWORDS: Secure Containerization; High Assurance Containerization; Secure Container Orchestration; High Assurance Container Orchestration; Assured Container Isolation; Cross Domain Solution; Microservice Architecture;