Jamal Mahboob

Jamal Mahboob

Authored Publications
Sort By
  • Title
  • Title, descending
  • Year
  • Year, descending
    A Kubernetes CI/CD Pipeline with Asylo as a Trusted Execution Environment Abstraction Framework
    Joel Coffman
    The 11th Annual Computing and Communication Workshop and Conference (CCWC) (2021)
    Preview abstract Modern commercial software development organizations often pre-scribe to a development and deployment pattern for releases known as continuous integration / continuous deployment (CI/CD). Kubernetes, a cluster-based distributed application platform, is often used to implement this pattern. While the abstract concept is fairly well understood, CI/CD implementations vary widely. Resources are scattered across on-premise and cloud-based services, and systems may not be fully automated. Additionally, while a development pipeline may aim to ensure the security of the finished artifact, said artifact may not be protected from outside observers or cloud providers during execution. This paper describes a complete CI/CD pipeline running on Kubernetes that addresses four gaps in existing implementations. First, the pipeline supports strong separation-of-duties, partition-ing development, security, and operations (i.e., DevSecOps) roles. Second, automation reduces the need for a human interface. Third, resources are scoped to a Kubernetes cluster for portability across environments (e.g., public cloud providers). Fourth, deployment artifacts are secured with Asylo, a development framework for trusted execution environments (TEEs). View details