AWS Nitro Enclaves Ecosystem (1) — Chain of trust

Background

It’s been 2 years since AWS introduced AWS Nitro Enclaves. Looking back, it was really difficult for developers to build their enclave applications. But today, there are already many tools and cloud platforms which allow us to easily build and use Nitro Enclaves to process sensitive data.

If you are new to AWS Nitro Enclaves, please read my previous blog posts to understand more:

1. Running Python App on AWS Nitro Enclaves
2. How to Use AWS Nitro Enclaves Attestation Document

Security is not always inherited

In the following weeks, I’m going to share my thoughts on different open-source tools and cloud platforms that are built on top of AWS Nitro Enclaves, from a security perspective.

There is no shortage of documents telling you how secure the Nitro Enclaves infrastructure is. But building on top of a secure infrastructure doesn’t always mean the application you use is also secure and trustworthy.

So before sharing my thoughts on different tools, I want to talk about chain of trust and what role does attestation document play in this topic.

Trust hierarchy of an enclave application

AWS Nitro Enclaves provides a function called attestation document. It provides you with an assurance that you are interacting with something which is running…