NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Hardware-Enabled Security: Container Platform Security Prototype

Published

Author(s)

Murugiah Souppaya, Michael Bartock, Karen Scarfone, Jerry Wheeler, Tim Knoll, Uttam Shetty, Ryan Savino, Joseprabu Inbaraj, Stefano Righi

Abstract

In today's cloud data centers and edge computing, attack surfaces have significantly increased, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the first layer for any layered security approach and provides the initial protections to help ensure that higher-layer security controls can be trusted. This report explains an approach based on hardware-enabled security techniques and technologies for safeguarding container deployments in multi-tenant cloud environments. It also describes a proof-of-concept implementation of the approach—a prototype—that is intended to be a blueprint or template for the general security community.
Citation
NIST Interagency/Internal Report (NISTIR) - 8320A
Report Number
8320A
NIST Pub Series
NIST Interagency/Internal Report (NISTIR)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.IR.8320A
Local Download

Keywords

container, hardware-enabled security, hardware root of trust, platform security, trusted compute pool, virtualization
Cybersecurity and privacy and Cloud computing and virtualization

Citation

Souppaya, M. , Bartock, M. , Scarfone, K. , Wheeler, J. , Knoll, T. , Shetty, U. , Savino, R. , Inbaraj, J. and Righi, S. (2021), Hardware-Enabled Security: Container Platform Security Prototype, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8320A, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932329 (Accessed October 1, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created June 17, 2021, Updated November 29, 2022
Was this page helpful?