Hardening Containers for Cross-Domain Applications

Cross-domain platforms control the sharing of information at multiple classification levels. For example, some cross-domain systems allow a single user to view multiple screens, at different security classification levels, on a single monitor. The core security guarantees rest on a base-of-trust in hardware established primarily through hypervisor technology. Unfortunately, over the years, hypervisors and their associated management interfaces have steadily grown in complexity, to the point where they now exceed the size of the operating system kernels they seek to protect. This has made it increasingly difficult to verify security properties in the face of kernel-level zero-day exploits and advanced persistent threats. At the same time, there has been a radical shift in computing methodology motivated by the realization that reliable deployment at scale requires an application to be associated with a specific operating system version with carefully designated libraries. This realization has resulted in an alternative computing paradigm ― containers - that wrap application attributes and execute through a shared kernel. This paper describes a novel embedded systems technology, the nano-marshal: a light-weight container system, compliant with the Open Containers Initiative (OCI), that supports cross-domain applications. The system permits container security to be hardened through innovative hardware mechanisms, hidden within Field Programmable Gate Arrays (FPGA's).