Executive Summary
The document presents an in-depth technical analysis of the auditability and explainability of the OBLV deployment system, a solution that supports secure computing with enhanced data security and privacy in organisations
At its core, OBLV utilises confidential computing, also referred to as secure enclaves, for the deployment of applications (containers and pods), ensuring that sensitive data processing occurs in secure and isolated environments. This approach significantly mitigates risks associated with data breaches and unauthorised access. OBLV’s explainable architecture is grounded in a thorough attestation process, which certifies the integrity and authenticity of secure enclaves. The explainability is achieved via manifests, which provide detailed blueprints of internal configurations and operational parameters of each enclave. These manifests cover aspects such internal structure, data flow, logging, authentication protocols, health checks, telemetry, outbound traffic control, and service communication permissions. This level of detail not only enhances the security of the system but also simplifies compliance.
The trust model within OBLV is established on cryptographic attestation and incorporates a certificate chain that traces back to the AWS Root Certificate Authority. Manifests and the trust model coupled with the core building blocks of the OBLV deployment system such as the secure proxy and key management service integrations offer auditability both in real time and via secure logs.
This comprehensive approach to auditability and explainability positions OBLV as a highly secure, reliable, and transparent solution for data processing in risk-conscious environments.