A Scalable, Trustworthy Infrastructure for Collaborative Container Repositories

Abstract: We present a scalable "Trustworthy Container Repository" (TCR) infrastructure for the storage of software container images, such as those used by Docker. Using an authenticated data structure based on index-ordered Merkle trees (IOMTs), TCR aims to provide assurances of 1) Integrity, 2) Availability, and 3) Confidentiality to its users, whose containers are stored in an untrusted environment. Trust within the TCR architecture is rooted in a low-complexity, tamper-resistant trusted module. The use of IOMTs allows such a module to efficiently track a virtually unlimited number of container images, and thus provide the desired assurances for the system's users. Using a simulated version of the proposed system, we demonstrate the scalability of platform by showing logarithmic time complexity up to $2^{25}$ (32 million) container images. This paper presents both algorithmic and proof-of-concept software implementations of the proposed TCR infrastructure.