Auditability & Explainability of OBLV Deployments
Auditing Enclave Environments

Auditing Enclave Environments

The OBLV deployment system supports comprehensive auditing capabilities. Its transparent and intuitive manifests and robust trust model enable real-time auditability for key acquisition and data transmission, as well as retrospective analysis through secure audit logs.

Proxy-Based Auditing

The client proxy in OBLV deployments, available as both a CLI and an SDK, facilitates pre-emptive auditing and securing communications with enclaves. It validates enclave configurations before transmitting sensitive data.

Attestation for Pre-Transmission Validation

Client proxy functions include:

The document presents an in-depth technical analysis of the auditibility and explainability of OBLV deployment system, a solution that supports secure computing with enhanced data security and privacy in organisations

At its core, OBLV utilises confidential computing (also referred to as secure enclaves) for the deployment of applications i.e. containers and pods, ensuring that sensitive data processing occurs in secure and isolated environments. This approach significantly mitigates risks associated with data breaches and unauthorised access. OBLV’s explainable architecture is grounded in a thorough attestation process, which certifies the integrity and authenticity of secure enclaves. The explainability is achieved via manifests, which provide detailed blueprints of internal configurations and operational parameters of each enclave. These manifests cover aspects such internal structure, data flow, logging, authentication protocols, health checks, telemetry, outbound traffic control, and service communication permissions. This level of detail not only enhances the security of the system but also simplifies compliance.

The trust model within OBLV is established on cryptographic attestation and incorporates a certificate chain that traces back to the AWS Root Certificate Authority. Manifests and the trust model coupled with the core building blocks of OBLV Deployment system such as secure proxy and key management service integrations offer auditability both in real time and via secure logs.

This comprehensive approach to auditability and explainability positions OBLV as a highly secure, reliable, and transparent solution for data processing in risk-conscious environments.

  • Verifying Enclave Configurations: Before data transmission, the proxy assesses the enclave's configurations against predefined standards, ensuring compliance with the user’s security requirements.
  • Authenticating the Base Image: It attests to the authenticity of the enclave's base image, confirming it runs the approved version of OBLV Deploy EIF, establishing the enclave's integrity.

TLS Integration with Attestation

To enhance data transmission security, OBLV employs TLS with attestation:

  • Secure Communication: The proxy establishes end-to-end TLS encryption for data interaction with the enclave, safeguarding data during transit.
  • Attestation-Enhanced TLS: This setup uses enclave attestation and traditional certificate authorities, ensuring that only the verified enclave hosted by the intended domain accesses the data.
  • Linking Identity and Configuration: This method combines the enclave's configuration, verified through attestation, with its identity established by the TLS certificate, ensuring data is accessed only by the intended, verified environment.

Log-Based Auditing

OBLV logs extensive system details for enhanced security and operational transparency. This includes:

  • Manifests Logging: Real-time logging of manifests provides an audit trail for configuration changes, aiding in compliance and analysis.
  • Metadata Logging: Detailed records of inbound and outbound communications can be configured to be logged based on the users’ requirements, offering insights into system performance and potential security threats.

Key Management Service (KMS) Controls

OBLV integrates with AWS KMS for additional security and validation. It does this by creating a ****digests of the secondary manifest and integrating these into the attestation document. This digest is representative of the specific enclave configuration. This integration enhances the granularity of security checks in key access, while the creation of the secondary manifest digest can be done on-the-fly those managing the KMS.

AWS KMS first confirms the OBLV base image's authenticity, then checks additional PCRs, including the secondary manifest’s digest, to ensure the requesting enclave's configuration aligns with authorised access parameters.

Reproducible Builds

Reproducible builds are a key aspect of OBLV's trust model, allowing for an exact recreation of enclave environments from specified manifests. This aids in maintaining consistency, transparency, and understanding of any changes during the enclave's lifecycle.

2024 Oblivious Software Ltd. All rights reserved.