Deploying and managing data-centric confidential applications in the cloud with EdgelessDB and MarbleRun
A tutorial to easily get started with data-centric confidential computing applications.
Kubernetes was originally designed to run stateless workloads and wasn’t built for handling stateful workloads like databases, message queues or key-value stores. However, the Cloud Native Computing Foundation’s 2020 survey shows that 55% of the participants use stateful applications in containers in production. This is following the new cloud computing strategy of many organizations to move their entire workloads and data to the cloud. Yet despite this comprehensive cloud-first approach, few solutions exist to bring confidential computing protection to data-centric applications.
In this tutorial, we show you how to easily get started with data-centric confidential computing applications by leveraging EdgelessDB and MarbleRun.
We recently announced EdgelessDB, the tailor-made SQL database for confidential computing.
EdgelessDB is a full SQL database that runs entirely inside runtime-encrypted Intel SGX enclaves. In contrast to conventional databases, EdgelessDB ensures that all data is always encrypted — in memory at runtime as well as on disk.
Another tool in our open-source technology stack is MarbleRun. With MarbleRun, your entire Kubernetes cluster becomes end-to-end encrypted and end-to-end verifiable.
MarbleRun is an open-source control plane that simplifies deploying, scaling, and verifying SGX-based apps. It is designed to run on Kubernetes — whether alongside a service mesh or as a standalone service.
Together they are a perfect match for protecting and managing the data flow in your confidential computing cloud application. EdgelessDB is a great fit for the confidential storage of your application and can replace your usual MySQL-compatible database. MarbleRun augments the control plane of your cluster and takes care of managing confidential microservices. Think of a service mesh for confidential computing.
For this tutorial, we created a simple data-centric application. It stores customer data in EdgelessDB centrally. Customers are added periodically by a service called writer. Think of an e-commerce backend. On the other end, a so-called reader service can access EdgelessDB for reading customer data and displaying it to clients, for example, your data analysts. In practice, you might want a privacy-preserving pipeline in between like a filter or an AI training, but for the simplicity of this demo, we show the customer data directly in a web interface. Now, EdgelessDB allows you to take control of your data access and define access policies that are enforced using confidential computing technology. MarbleRun takes care of authenticating the reader and writer services as well as EdgelessDB. It establishes secure communication channels between all components and hence ensures all customer data is always encrypted and data flow adheres to your predefined configuration. The architecture of our demo application looks like the following:
Let’s look a bit deeper into what the deployment of our application looks like in practice. EdgelessDB allows us to configure your access defining policy with a simple JSON manifest. The manifest needs to be provided to EdgelessDB at the initial start of the database. Access to the database is authenticated using TLS certificates. This leaves us with three tasks at hand. Providing EdgelessDB with the configurational manifest. Verifying and authenticating each new reader or writer instance and finally, distributing the certificates and private keys.
Here comes MarbleRun into play. (1) We can tell MarbleRun the topology of our application including configurations for EdgelessDB and our other services. (2) MarbleRun will take care of bootstrapping EdgelessDB with your policy. Further, MarbleRun will generate and manage certificates and keys for the EdgelessDB authentication. (3) Each new reader or writer service will be authenticated by MarbleRun and provided with their credentials. Finally, (4) MarbleRun allows us to get a concise attestation statement for the whole deployment, including the EdgelessDB manifest. Such a statement can be used by clients to verify the application before accessing the web interface to obtain the customers’ data.
In the lifetime of this deployment, MarbleRun allows us to update, scale and, configure the individual services. We keep full control of the EdgelessDB access by initially providing our desired policy. Hence, we keep full control of our customers’ data.
Together, EdgelessDB and MarbleRun compose the simplest way of deploying and managing data-centric confidential applications in the cloud. For a full hands-on walk-through of this demo please see our GitHub repository.
