Member-only story
AWS Nitro Enclaves Ecosystem (1) — Chain of trust
Background
It’s been 2 years since AWS introduced AWS Nitro Enclaves. Looking back, it was really difficult for developers to build their enclave applications. But today, there are already many tools and cloud platforms which allow us to easily build and use Nitro Enclaves to process sensitive data.
If you are new to AWS Nitro Enclaves, please read my previous blog posts to understand more:
Security is not always inherited
In the following weeks, I’m going to share my thoughts on different open-source tools and cloud platforms that are built on top of AWS Nitro Enclaves, from a security perspective.
There is no shortage of documents telling you how secure the Nitro Enclaves infrastructure is. But building on top of a secure infrastructure doesn’t always mean the application you use is also secure and trustworthy.
So before sharing my thoughts on different tools, I want to talk about chain of trust and what role does attestation document play in this topic.
Trust hierarchy of an enclave application
AWS Nitro Enclaves provides a function called attestation document. It provides you with an assurance that you are interacting with something which is running inside a Nitro Enclave.
There is a caveat:
The attestation provides me with the measurement of the application, which is a hash value, but what value should I expect and how trustworthy is this hash value?
This question goes down to how far an end-user can gain visibility along the supply chain of the application.
Chain of trust
This diagram shows an example of the chain of trust:
(In the following section, I will use (1), (2), etc. to represent the annotation in the diagram)
Attestation Document
As (1) shows, the attestation document is generated by the hardware (in Nitro Enclaves, it’s…
