In multi-tenant environments, Linux containers managed by Docker or
Kubernetes have a lower resource footprint, faster startup times, and higher
I/O performance compared to virtual machines (VMs) on hypervisors. Yet their
weaker isolation guarantees, enforced through software kernel mechanisms,
make it easier for attackers to compromise the confidentiality and integrity
of application data within containers.
SCONE: Secure Linux Container Environments with Intel SGX
We describe SCONE, a secure container mechanism for Docker that uses the SGX
trusted execution support of Intel CPUs to protect container processes from
outside attacks. The design of SCONE leads to (i) a small trusted computing
base (TCB) and (ii) a low performance overhead: SCONE offers a secure C
standard library interface that transparently encrypts/decrypts I/O data; to
reduce the performance impact of thread synchronization and system calls
within SGX enclaves, SCONE supports user-level threading and asynchronous
system calls. Our evaluation shows that it protects unmodified applications
with SGX, achieving 0.6x - 1.2x of native throughput.