Privacy-preserving Remote Attestation of pods in Kubernetes

The advent of cloud computing has led to a paradigm shift in application and data management, offering greater flexibility, availability and cost-efficiency. Unlike traditional on-premises environments, wherein data and computations are executed locally, cloud-based systems abstract both storage and processing, thereby enabling dynamic resource allocation. The contemporary tendency towards the adoption of fully virtualised environments, wherein multiple tenants' workloads are shared across a common infrastructure, is indicative of this transition. While this model enhances efficiency and reduces operational costs, it also introduces new security challenges, particularly in ensuring the integrity of cloud-based workloads and protecting sensitive data from unauthorised access. In this context, Remote Attestation emerges as a security mechanism designed to verify the integrity of running applications by analysing system measurements, thus ensuring trust in cloud-based workloads despite the inherent risks of shared infrastructure. These measurements, recorded in Measurement Logs (ML) by the Integrity Measurement Architecture (IMA) in Linux, provide a snapshot of the system's state, ensuring that applications and their dependencies remain unaltered. However, in multi-tenant cloud environments, where multiple verifiers evaluate system integrity, these logs can inadvertently reveal details about unrelated applications, potentially leading to data leaks. The complexity of remote attestation increases in large-scale deployments, where multiple independent verifiers operate without full visibility into the workloads they are assessing, making it difficult to enforce fine-grained access controls. This thesis proposes a solution to the aforementioned challenges by enhancing the traditional attestation framework with privacy-preserving capabilities. The present study proposes a novel IMA template, whose implementation ensures unpredictable measurements and enforces discretion when verifiers access restricted logs. It is evidenced that such restrictions enable the retrieval of data pertinent to the verifier's attestation tasks while ensuring the secrecy of all other system details. A master node will act as a proxy, managing the access control aspect. The initiative adheres to the standards set forth by the Trusted Computing Group (TCG), leveraging the capabilities of the Trusted Platform Module (TPM) 2.0, the IMA, and a widely adopted remote attestation framework. As demonstrated by performance tests conducted in the laboratory, the proposed solution effectively safeguards privacy, mitigates the risk of unauthorized data exposure, and ensures secure pod attestation while concealing cluster details in cloud-native environments. The results further confirm that this approach is highly scalable. It addresses the limitations of existing methods and provides a robust framework for privacy-aware workload verification in Kubernetes-based deployments.