Motivation

Veracruz is a research project exploring how secure distributed systems can be built using strong containerisation technology and remote attestation protocols. Here, "strong containerisation" is an idiosyncratic term that we use for any technology that exists on a continuum between pure hardware secure enclaves to high-assurance hypervisor-based isolation. The common factor in all "strong containerisation" technologies is that they successfully isolate code within a container — providing strong confidentiality and integrity guarantees, even against privileged software co-tenanted on the same machine — whilst attempting to significantly minimise the trusted compute base.

Depending on the biases and interests of a particular audience, Veracruz can be explained in a number of ways:

• Veracruz as a platform for privacy-preserving computation: under this view, Veracruz is an exploration of how to build flexible and efficient collaborative privacy-preserving computations between a group of mutually-distrusting collaborators, or principals. In this light, Veracruz aims to support similar use-cases to Advanced Cryptographic techniques, like homomorphic encryption, functional encryption, and secure multi-party computations, but uses a mixture of strong containerisation technology, remote attestation, and transport layer security protocols — instead of pure cryptography — to affect these computations.
• Veracruz as a demonstrator for strong containerisation technology: under this view, Veracruz is an exploration of how strong containerisation and remote attestation facilitate the design of data-intensive distributed systems. Our working thesis is that these are technologies that will allow engineers to build systems capable of exhibiting fine-grained control over data. Veracruz is an exploration, or demonstrator, of what can be done in this space — preparation for a future where large pools of data are a liability, rather than an asset.
• Veracruz as an abstraction layer for strong containerisation technology: under this view, Veracruz is an abstraction layer for strong containerisation mechanisms, abstracting away low-level details of remote attestation protocols, secret provisioning, and container life management. Moreover, Veracruz provides users with a uniform — if restrictive — programming model irrespective of the particular containerisation technology that a computation is being run on top of. The same program, compiled for the Veracruz platform, can be executed on any of the containerization technologies capable of hosting Veracruz.