The underlying problem is the lack of isolation between an application and privileged accounts or the operating system. While the root account needs to be able to configure the host, there is no reason for it to be able to peek into one’s application data. To that end we advise running your applications inside secure enclaves while also sealing the persistent state of the application. Secure enclaves, such as Intel SGX, can guarantee that the application’s memory and persistent state are accessible only to the application, and not even an administrator would be able to access them.
Anjuna provides an easy way to run an entire application inside a secure enclave without the need to rearchitect it. This approach essentially decouples the application security from the security of the host on which the application is executed, and tightens the security perimeter to be around the application itself rather than having to deal with a larger security perimeter that is hard to address.
If you are interested in learning more about how Anjuna can help protect against similar kinds of threats, you are welcome to reach out to us through our website.
New Linux Systemd security holes uncovered: https://www-zdnet-com.cdn.ampproject.org/v/s/www.zdnet.com/google-amp/article/new-linux-systemd-security-holes-uncovered/?amp_js_v=0.1