2022-03-29 ยท 3 min read



  • MarbleRun is a #confidential-computing aware service mesh for kubernetes
  • Coordinator
    • the control plane
    • communicates w/ data plane via gRPC
    • exposes REST interface to clients
    • clients are
      • owners/providers/admins who need to deploy applications and admin
      • users/customers who do remote attestation w/ Coordinator
  • Marbles
    • the data plane
    • run your application code in secure enclaves
// coordinator-era.json
	"SecurityVersion": 1,
	"ProductID": 3,
	"SignerID": "43361affedeb75affee9baec7e054a5e14883213e5a121b67d74a0e12e9d2b7a",
	"Debug": true

EGo & Marblerun Talk #

Video: EGo & Marblerun - Moritz Eckert - OC3 2021

  • EGo

    • Mostly transparently wraps existing Go code to run inside enclave
    • Built on openenclave (provides the low-level interface and compatibility layer)
    • Fairly lightweight? Contains only Application Code, Go Runtime, and small OpenEnclave layer.
  • Challenges deploying Go enclaves on k8s

    • top-level DevOps user
      • don't really care whether we're running one big service or many microservices (?)
      • just want one big attestation of the whole cluster, rather than doing individual attestations with each service.
    • services
      • packaged as k8s pods
      • services want to communicate with each other / share data
      • service 2 service communication needs attestations so service enclaves can securely communicate w/ each other.
    • secrets distribution
      • ex: web frontend instances all need to share same cert
      • secret distribution must happen via secure channels between enclaves
    • sealing and persistence
      • pod migration (pod gets shutdown and migrated to other host) is difficult w/ enclaves
      • enclave's sealing key is unique to each enclave. data encryted with enclave's sealing key can only be decrypted by that enclave.
      • "virtual" sealing key, so this is somehow abstracted and data not bound to one node
    • secure connections
      • all connections b/w enclaves must be through secure mTLS connections terminated inside enclaves
    • code updates
      • how to ship new enclave code and have other outside enclaves recognize this
  • Why do existing service meshes not work?

    • Threat model only considers network-bound adversaries
    • Threat model considers hosts & cloud provider to be trusted third parties.
    • TLS is only terminated at service mesh sidecar proxies
    • Secrets handled in unsecured memory on-node
    • Not SGX aware, no remote attestations
  • Marblerun

    • extends enclave concept to entire cluster
    • E2E Confidentiality, Integrity, Verifiability
    • Updatable, Cloud-native
    • Integrates w/ k8s and existing service meshes like
      • { Consul, Linkerd, Istio (Envoy) }
    • Supports EGo, Gramine (experimental), and Occlum (experimental) runtimes.
    • cloud agnostic
  • DevOps

    • Provides Manifest (JSON) which describes cluster?
    • doesn't need to worry too much about CC
    • can use existing tooling
    • don't need to change too much code
  • User

    • Asks marblerun control plane for attestation w/ Quote, Cert, and Manifest
    • can verify everything in one step
      • everything runs in enclaves
      • everything always encrypted
      • cluster topology
      • cluster identities