U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST IR 8320A (Initial Public Draft)

Hardware-Enabled Security: Container Platform Security Prototype

Date Published: December 2020
Comments Due: January 29, 2021 (public comment period is CLOSED)
Email Questions to: hwsec@nist.gov

Author(s)

Michael Bartock (NIST), Murugiah Souppaya (NIST), Jerry Wheeler (Intel), Timothy Knoll (Intel), Uttam Shetty (Intel), Ryan Savino (Intel), Joseprabu Inbaraj (AMI), Stefano Righi (AMI), Karen Scarfone (Scarfone Cybersecurity)

Announcement

In today’s cloud data centers and edge computing, attack surfaces have significantly increased, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the first layer for any layered security approach and provides the initial protections to help ensure that higher-layer security controls can be trusted.

This report explains an approach based on hardware-enabled security techniques and technologies for safeguarding container deployments in multi-tenant cloud environments. It also describes a proof-of-concept implementation of the approach—a prototype—that is intended to be a blueprint or template for the general security community.

We welcome your comments and feedback.

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

container; hardware-enabled security; hardware root of trust; platform security; trusted compute pool; virtualization
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8320A-draft
Download URL

Supplemental Material:
Trusted Cloud projects

Other Parts of this Publication:
IR 8320
IR 8320

Document History:
12/07/20: IR 8320A (Draft)
06/17/21: IR 8320A (Final)

Topics

Security and Privacy

roots of trust

Technologies

cloud & virtualization, hardware, servers