Primitives

Enclaves

Evervault Enclaves are the easiest way to build, deploy and scale applications in a Confidential Computing environment.

Evervault Enclaves allow developers to easily deploy Docker containers in a Secure Enclave, powered by AWS Nitro Enclaves. They offer easy deployment, invocation and attestation of Secure Enclaves without the engineering overhead.


Why Enclaves?

A Secure Enclave is a highly constrained compute environment which supports cryptographic attestation of the code that it is running. They have no persistent storage, no shell access and no networking by default.

Secure Enclaves allow you to run sensitive workloads in completely segregated environments with heavily restricted external access. These constraints create a powerful security model. However, it can be a challenge to marry the requirements of your service with the restrictions of a Secure Enclave.

Evervault Enclaves make it easy for Docker-based sensitive services to be deployed to a Secure Enclave without compromising on security. Enclaves apply the same security fundamentals (no shell access, no persistent storage, no network access, attestable workloads) with the ability to enable egress networking, automated cert issuance and more. Enclaves also integrate seamlessly with the rest of the Evervault Primitives.

Anatomy of an Enclave

High level stylized Enclave diagram

Evervault Enclaves are built on top of AWS Nitro Enclaves. A Nitro Enclave is an isolated set of cores on an AWS EC2 instance which provides a segregated environment for running sensitive workloads. Nitro Enclaves are only accessible from the parent EC2 instance over a local VSock channel, have no persistence or networking support.

Evervault Enclaves build on this by making it easy to migrate existing Docker-based workloads by abstracting away VSock, supporting optional egress networking, and exposing attestation measures that can be verified by our open source clients. An Evervault Enclave is comprised of two processes to make this possible: the Control Plane, and the Data Plane.

Control Plane

The Control Plane is a daemon process which runs on the host EC2 instance. The main function of the Control Plane is to act as a TCP passthrough for incoming TLS connections to the Enclave. The Control Plane also proxies any outgoing network connections for the Enclave, enforcing the defined allowlist, and produces the transaction logs for the Enclave.

Data Plane

The Data Plane runs within the Enclave as a sidecar. The Data Plane performs several functions to allow your process to run without any major changes:

  • Proxies Traffic from VSock to TCP: One of the biggest barriers to Enclave adoption is the ability to use VSock with popular frameworks/languages. The Data Plane abstracts away the in-Enclave networking and forwards incoming traffic to the loopback interface. Your process can bind to a TCP port as normal.
  • Terminating TLS: The Data Plane provisions a trusted TLS certificate to the Enclave on start-up. This certificate is used to terminate TLS on incoming connections, ensuring that your requests are only decrypted within the Enclave itself.
  • Authenticates requests: The Data Plane ensures that incoming requests have a valid Evervault API Key with permissions to invoke this Enclave. Note: this feature can be disabled to support invoking the Enclave from an untrusted client.
  • Decrypts Evervault Encrypted Data: Evervault encrypted data that is sent to an Enclave will be transparently decrypted within the Data Plane before forwarding to your process. This allows the you to share encrypted data with your process and handle it in plaintext.
  • Enables easy attestation: The Evervault SDKs help you to ensure every request to your Enclave is attested within the TLS handshake. This attestation protocol is enabled by the Data Plane's position in the Enclave. When an Evervault Client needs to attest an Enclave, it pulls an attestation document from the data plane, and uses it to validate every subsequent connection. You read more about our attestation protocol here.
  • Produces request transaction logs: Running scalable, production services within an Enclave can be challenging due to the lack of observability. To combat this, the Data Plane produces a transaction log of every request. The transaction logs cover a minimal amount of information (status code, request path, standard HTTP headers etc.) to aid debugging without eroding the secure enclave's security model. Note: this feature is configurable, and can be disabled.