Zero Trust is a novel cybersecurity model that focuses on continually evaluating trust to prevent the initiation and horizontal spreading of attacks. A cloud-native Service Mesh is an example of Zero Trust Architecture that can filter out external threats. However, the Service Mesh does not shield the Application Owner from internal threats, such as a rogue administrator of the cluster where their application is deployed. In this work, we are enhancing the Service Mesh to allow the definition and reinforcement of a Verifiable Configuration that is defined and signed off by the Application Owner. Backed by automated digital signing solutions and confidential computing technologies, the Verifiable Configuration allows changing the trust model of the Service Mesh, from the data plane fully trusting the control plane to partially trusting it. This lets the application benefit from all the functions provided by the Service Mesh (resource discovery, traffic management, mutual authentication, access control, observability), while ensuring that the Cluster Administrator cannot change the state of the application in a way that was not intended by the Application Owner.

翻译：零信任是一种新型的网络安全模式,其重点是持续评估信任以防止攻击的开始和横向传播。云端服务网是一个零信任架构的例子,可以排除外部威胁。然而,服务网并不保护应用程序所有者免受内部威胁,例如其应用程序被部署的群集的无赖管理员。在这项工作中,我们正在加强服务网,允许定义和加强由应用程序所有者定义和签署的可核查配置。以自动数字签名解决方案和保密计算技术为后盾,可验证配置允许改变服务网网的信托模式,从完全信任控制平面的数据平面到部分信任它。这使应用程序受益于服务网提供的所有功能(资源发现、交通管理、相互认证、访问控制、易用性),同时确保集管管理员不能以应用程序所有者不想要的方式改变应用程序的状况。