SCONE
E653460
SCONE is a secure container runtime and framework that enables running containerized applications inside Intel SGX enclaves to provide end-to-end confidential computing.
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
confidential computing framework
ⓘ
secure container runtime ⓘ software framework ⓘ |
| category |
confidential computing solution
ⓘ
container security technology ⓘ |
| compatibleWith |
Linux
NERFINISHED
ⓘ
cloud environments ⓘ on-premises deployments ⓘ |
| designedFor |
cloud-native applications
ⓘ
confidential computing ⓘ microservices architectures ⓘ multi-tenant environments ⓘ untrusted infrastructure ⓘ |
| enables | running containerized applications inside Intel SGX enclaves ⓘ |
| focusesOn |
end-to-end encryption of data
ⓘ
minimal application changes ⓘ secure container orchestration ⓘ transparent application protection ⓘ |
| goal |
minimize trusted computing base
ⓘ
protect application confidentiality ⓘ protect code integrity ⓘ protect data in use ⓘ |
| implements | remote attestation ⓘ |
| provides | end-to-end confidential computing ⓘ |
| requires |
Intel SGX-capable CPU
ⓘ
SGX-enabled operating system ⓘ |
| supports |
Docker containers
ⓘ
Kubernetes NERFINISHED ⓘ Kubernetes pods ⓘ sidecar containers ⓘ |
| supportsDeployment |
Kubernetes clusters
NERFINISHED
ⓘ
hybrid cloud ⓘ private cloud ⓘ public cloud ⓘ |
| supportsFeature |
automatic key provisioning
ⓘ
configuration management ⓘ encrypted images ⓘ encrypted volumes ⓘ policy-based access control ⓘ remote attestation of enclaves ⓘ secrets management ⓘ secure environment variables ⓘ secure service mesh integration ⓘ secure session management ⓘ transparent file system encryption ⓘ transparent network encryption ⓘ |
| supportsTechnology | Intel SGX NERFINISHED ⓘ |
| uses |
Intel SGX enclaves
ⓘ
hardware-based trusted execution environments ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.