Protection Score¶
The protection score is a numeric summary of which defense mechanisms are active for a cloudtaser-protected process. It provides a quick, auditable measure of security posture and makes it immediately clear when a deployment is running below recommended levels.
The maximum score is 115 points across 12 checks.
For the complete reference with per-check explanations and per-platform guidance, see Protection Score Reference.
Score Breakdown¶
| Check | Points | What It Proves |
|---|---|---|
memfd_secret |
15 | Secret pages physically removed from kernel direct map (Linux 5.14+) |
mlock |
10 | Secret pages pinned in RAM, cannot be swapped to disk |
core_dump_exclusion |
5 | Secret pages excluded from core dumps via MADV_DONTDUMP |
dumpable_disabled |
5 | Process is non-dumpable; /proc access restricted, ptrace blocked |
token_protected |
10 | OpenBao authentication token stored in protected memory (not on disk or in env) |
environ_scrubbed |
5 | Wrapper's /proc/self/environ is structurally clean -- secrets enter wrapper memory only after exec, so the kernel's frozen envp[] snapshot never contained them |
getenv_interposer |
10 | Optional LD_PRELOAD interposer blocks getenv() from returning secrets on the heap (glibc-only enhancement) |
ebpf_agent_connected |
10 | eBPF enforcement agent is active and monitoring this process |
cpu_mitigations |
5 | Spectre/Meltdown hardware mitigations active |
ebpf_enforce_mode |
15 | eBPF agent running in blocking mode (not just monitoring) |
ebpf_kprobes |
15 | Synchronous syscall blocking via kprobe override |
confidential_vm |
10 | Hardware memory encryption (AMD SEV-SNP) active |
Maximum score: 115 points
Score Interpretation¶
| Score Range | Assessment | Recommendation |
|---|---|---|
| 105--115 | Full protection | Production ready. All critical defenses active. |
| 80--104 | Strong protection | Most defenses active. Review which checks are missing and evaluate risk. |
| 55--79 | Partial protection | Key mechanisms missing. Not recommended for regulated workloads. |
| Below 55 | Insufficient | Multiple critical mechanisms inactive. Investigate immediately. |
A score below 55 means secrets are vulnerable to a determined attacker
Without memfd_secret (15 points), ebpf_enforce_mode (15 points), and ebpf_kprobes (15 points), a determined root attacker can read process memory through standard kernel interfaces. These are the three most critical checks.
Point Allocation Rationale¶
The point values reflect the relative security impact of each mechanism:
memfd_secret: 15 points¶
This is the only mechanism that provides a hardware-backed guarantee against root. All other mechanisms can theoretically be bypassed by a root attacker with kernel module access. memfd_secret cannot, because the pages are physically absent from the kernel direct map.
ebpf_enforce_mode: 15 points¶
The eBPF agent in blocking mode actively prevents syscalls that would leak secrets. Without enforce mode, the agent only monitors and logs. This is the difference between detection and prevention.
ebpf_kprobes: 15 points¶
Synchronous kprobe blocking stops attacks before the syscall executes. Without kprobe override, the agent falls back to reactive kill (SIGKILL after tracepoint detection), which has a theoretical gap between syscall execution and process termination.
mlock: 10 points¶
Pins secret pages in physical RAM, preventing the kernel from swapping them to disk where they could be recovered.
token_protected: 10 points¶
OpenBao authentication token is the keys to the kingdom. If the token is stored in an environment variable or a file, an attacker can steal it and fetch secrets directly from OpenBao.
getenv_interposer: 10 points¶
Optional glibc-only enhancement. Eliminates the heap copy created when getenv() is called by intercepting it via LD_PRELOAD and returning a pointer to memfd_secret-backed memory. Requires a glibc-based container image (not Alpine/musl). All binaries still receive secrets through the default env-var delivery path regardless of interposer availability.
ebpf_agent_connected: 10 points¶
Confirms the eBPF agent is actively monitoring the protected process. Without the agent, memory protections are the only defense.
confidential_vm: 10 points¶
Closes the hypervisor gap -- the cloud provider's hypervisor cannot read VM memory with AMD SEV-SNP active.
core_dump_exclusion, dumpable_disabled, environ_scrubbed, cpu_mitigations: 5 points each¶
Defense-in-depth mechanisms that each close a specific attack vector. Essential but not sufficient alone.
Checking the Score¶
Wrapper Logs¶
The wrapper logs the protection score at startup:
[cloudtaser-wrapper] Protection score: 115/115
[cloudtaser-wrapper] memfd_secret: OK (+15)
[cloudtaser-wrapper] mlock: OK (+10)
[cloudtaser-wrapper] core_dump_exclusion: OK (+5)
[cloudtaser-wrapper] dumpable_disabled: OK (+5)
[cloudtaser-wrapper] token_protected: OK (+10)
[cloudtaser-wrapper] environ_scrubbed: OK (+5)
[cloudtaser-wrapper] getenv_interposer: OK (+10)
[cloudtaser-wrapper] ebpf_agent_connected: OK (+10)
[cloudtaser-wrapper] cpu_mitigations: OK (+5)
[cloudtaser-wrapper] ebpf_enforce_mode: OK (+15)
[cloudtaser-wrapper] ebpf_kprobes: OK (+15)
[cloudtaser-wrapper] confidential_vm: OK (+10)
A degraded startup shows which mechanisms failed:
[cloudtaser-wrapper] Protection score: 80/115
[cloudtaser-wrapper] memfd_secret: OK (+15)
[cloudtaser-wrapper] mlock: OK (+10)
[cloudtaser-wrapper] core_dump_exclusion: OK (+5)
[cloudtaser-wrapper] dumpable_disabled: OK (+5)
[cloudtaser-wrapper] token_protected: OK (+10)
[cloudtaser-wrapper] environ_scrubbed: OK (+5)
[cloudtaser-wrapper] getenv_interposer: FAIL (+0) musl libc detected
[cloudtaser-wrapper] ebpf_agent_connected: OK (+10)
[cloudtaser-wrapper] cpu_mitigations: OK (+5)
[cloudtaser-wrapper] ebpf_enforce_mode: OK (+15)
[cloudtaser-wrapper] ebpf_kprobes: FAIL (+0) CONFIG_BPF_KPROBE_OVERRIDE not set
[cloudtaser-wrapper] confidential_vm: FAIL (+0) no confidential computing hardware
CLI Status Command¶
Kubernetes Events¶
The wrapper emits Kubernetes events on the pod for score changes:
Events:
Type Reason Message
---- ------ -------
Normal ProtectionActive Protection score: 115/115 (all defenses active)
Warning ProtectionDegraded Protection score: 80/115 (getenv_interposer, ebpf_kprobes, confidential_vm unavailable)
Alerting on Low Scores¶
Prometheus Metrics¶
The wrapper exposes the protection score as a Prometheus metric:
# HELP cloudtaser_protection_score Current protection score
# TYPE cloudtaser_protection_score gauge
cloudtaser_protection_score{pod="my-app-7d8f9c6b4-xk2mn",namespace="production"} 115
# HELP cloudtaser_protection_max Maximum possible protection score
# TYPE cloudtaser_protection_max gauge
cloudtaser_protection_max{pod="my-app-7d8f9c6b4-xk2mn",namespace="production"} 115
Example Alert Rule¶
groups:
- name: cloudtaser
rules:
- alert: CloudTaserProtectionDegraded
expr: cloudtaser_protection_score < 80
for: 5m
labels:
severity: critical
annotations:
summary: "cloudtaser protection score below threshold"
description: >
Pod {{ $labels.pod }} in namespace {{ $labels.namespace }}
has protection score {{ $value }}/115.
Secrets may be vulnerable to root-level extraction.
Enforcing Minimum Scores¶
Use the CLOUDTASER_MIN_PROTECTION_SCORE environment variable to prevent the wrapper from starting if the score is too low:
Recommended minimum scores by environment
| Environment | Minimum Score | Rationale |
|---|---|---|
| Production (regulated) | 105 | All software protections active |
| Production (general) | 80 | Core protections with eBPF enforcement |
| Staging | 55 | Allow testing without full enforcement |
| Development | 0 | No enforcement |
Full Protection Score Reference | Security Model | Memory Protection | eBPF Enforcement