Tectonic Provides Cryptographic Chain of Trust from Application Layer to Hardware, Turns DRM on its Head
At Tectonic Summit, CoreOS is upping the ante for enterprise security by introducing industry-first Distributed Trusted Computing in Tectonic Enterprise. Starting today, we have the most advanced security for enterprise infrastructure.
Now, all Tectonic Enterprise customers will have the ability to establish a cryptographic chain of trust from the distributed cluster to their physical servers. With this capability, infrastructure will be secured for enterprises across layers and across machines, from the distributed application itself, to the container, to the hardware.
Today’s State of Enterprise Security
Today’s vulnerabilities - Heartbleed, Shellshock, Poodle - have a brand. When vulnerabilities have a brand and your favorite companies are making front page news for getting hacked, you know enterprise security is due for a change. Although our everyday lives have been changed by the connection we have to the Internet though the Internet of Things, online apps and more, many enterprises’ server security practices have yet to change.
Today in our effort to continue our CoreOS mission to secure the Internet, we are making it possible to better protect against everyday threats. We started this mission with CoreOS Linux, where we provide automatic security and software patches to all servers. We led the industry forward with container security pioneered by rkt, and then again with Clair, the open source container vulnerability assessment tool.
And today we take our mission one step further with the introduction of Distributed Trusted Computing for Tectonic Enterprise.
What is Distributed Trusted Computing?
Distributed Trusted Computing secures every layer of the stack from the hardware to the application layer.
The complete trusted computing environment includes:
- Kubernetes - Only machines that are Secure Booted are allowed into the cluster. Secure materials, such as SSL private keys, are distributed only once the machine is verified to be in a trusted state.
- Container Runtime
- rkt - The operating system verifies that rkt is configured in a secure manner. Only containers signed with trusted keys are allowed to run on the cluster, extending the chain of trust into the container execution environment. Additionally, rkt utilizes the TPM to create a cryptographically verifiable, hardware-protected audit log of the containers executed across a cluster.
- Operating System
- CoreOS Linux - The operating system is verified before boot to ensure it has not been modified, including the hardware provider or cloud provider. If modified, the machine will not boot.
- Hardware Enablement
- Firmware - The customer’s key is embedded in the firmware, giving control to the user to run whatever software they choose, and validate that it is exactly that software they deploy.
- Trusted Platform Module (TPM) - Provides a tamper-proof audit log of everything that has booted.
Giving the Enterprise Control Over Digital Rights
One of the most exciting parts of this effort, includes the ability for us to put control back into the operations teams hands, while still giving the benefits of trusted computing. Trusted Computing is used to ensure that hardware only runs cryptographically authorized software. Traditionally, this method created the benefit of enhanced security, however compromised a user’s freedom to run whatever software they choose.
“Trusted Computing, Secure Boot and the TPM (Trusted Platform Module) bring immensely powerful security functionality to users,” said Matthew Garrett, principal security software engineer at CoreOS and a board member of the Free Software Foundation. “These technologies are often thought of as restrictive DRM (digital rights management). But rather than taking away freedom or flexibility, our implementation builds on top of customer-controlled keys embedded in their server firmware, empowering operations teams to specify and verify exactly what software their systems run. They can trust their systems without giving up control.”
Tectonic Enterprise with Distributed Trusted Computing turns Digital Rights Management (DRM) on its head, enabling customers to put their cryptographic keys into the firmware of their servers. Our implementation builds on top of customer-controlled keys embedded in their server firmware, empowering operations teams to specify and verify exactly what software their systems run. This means the servers can run only the software explicitly authorized by the enterprise, and nothing else, giving customers advanced security assurance without vendor lock-in. Users can trust their systems without giving up control, which is a part of furthering our commitment to openness and choice.
Learn More About Tectonic with Distributed Trusted Computing
Read the technical brief for more in-depth details. We are showcasing Tectonic with Distributed Trusted Computing at Tectonic Summit in New York on December 2 and 3, so be sure to ask a team member for more information if you are attending. Sign up for Tectonic Enterprise with Distributed Trusted Computing here.
Tectonic Trusted Computing is available as a configuration to all users of Tectonic. Tectonic can be run in any environment; the Trusted Computing feature is optimized for bare metal configurations.