Isolated Build Environments for Supply Chain Security: 
Defending Against Insider Threats

Karthikeyan Thirumalaisamy

doi:https://doi.org/10.14445/22312803/IJCTT-V73I7P106

Research Article | Open Access | Download PDF

Volume 73 | Issue 7 | Year 2025 | Article Id. IJCTT-V73I7P106 | DOI : https://doi.org/10.14445/22312803/IJCTT-V73I7P106

Isolated Build Environments for Supply Chain Security: Defending Against Insider Threats

Karthikeyan Thirumalaisamy

Received	Revised	Accepted	Published
30 May 2025	23 Jun 2025	15 Jul 2025	28 Aug 2025

Citation :

Karthikeyan Thirumalaisamy, "Isolated Build Environments for Supply Chain Security: Defending Against Insider Threats," International Journal of Computer Trends and Technology (IJCTT), vol. 73, no. 7, pp. 44-54, 2025. Crossref, https://doi.org/10.14445/22312803/IJCTT-V73I7P106

Abstract

The rise in frequency and sophistication of software supply chain attacks has highlighted insider threats as a significant vulnerability in the build process for software. Insiders likely have access and trust in the build system, whether as a developer, administrator, or compromised CI/CD build infrastructure, to place malicious software, alter dependencies, or modify outputs - typically without the owner's knowledge. This paper proposes isolated build environments using secure enclaves, such as Intel SGX and AMD SEV, as a way to improve the integrity and confidentiality of the build process by executing it in isolated hardware-protected environments. It outlines a secure build pipeline using enclaves for attesting build environments, preventing data exfiltration, and isolating unauthorized code changes. This paper proposes a design that integrates with existing DevOps tools, employs reproducible builds, supports artefact signing, and enables secure key management using enclaves. This paper conducts threat modeling, provides implementation techniques, and also provide performance evaluation to claim that enclave-based isolated build systems can substantially reduce the attack surface while blocking insider threats with low performance overhead. Enclaves offer a scalable and effective way to improve trust in the software supply chain and are well-suited for high-assurance or regulated environments.

Keywords

Isolated Build, Secure Enclaves, Secure CI, Confidential Compute, Supply chain security, Insider Threats.

References

[1] Microsoft, What is an Insider Threat?, 2022. [Online]. Available: https://www.microsoft.com/en-us/security/business/security-101/what is-insider-threat
[2] Microsoft, Learn about Insider Risk Management, 2025. [Online]. Available: https://learn.microsoft.com/en-us/purview/insider-risk management
[3] IBM, What are Insider Threats?, 2021. [Online]. Available: https://www.ibm.com/think/topics/insider-threats
[4] Narendan Vaideeswaran, Insider Threats Explained, 2025. [Online]. Available: https://www.crowdstrike.com/en-us/cybersecurity 101/identity-protection/insider-threat/
[5] Matt Heusser, CI/CD Pipeline Security: Know the Risks and Best Practices, 2024. [Online]. Available: https://www.techtarget.com/searchitoperations/tip/9-ways-to-infuse-security-in-your-CI-CD-pipeline
[6] Martin Hermannsen, Intel SGX Enclave Instructions — Explained, 2020. [Online]. Available: https://medium.com/magicofc/establish an-intel-sgx-enclave-c6208f820ff9
[7] Microsoft, Confidential Containers on Azure Container Instances, 2024. [Online]. Available: https://learn.microsoft.com/en-us/azure/container-instances/container-instances-confidential-overview
[8] AWS, What is Nitro Enclaves?. [Online]. Available: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html
[9] CNCF, Securing Build Pipelines. [Online]. Available: https://tag-security.cncf.io/community/publications/supply-chain-security tools/securing-build-pipelines/
[10] Ron Powell, How to Secure Your CI Pipeline, 2024. [Online]. Available: https://circleci.com/blog/secure-ci-pipeline/
[11] Fortinet, What Is An Insider Threat?. [Online]. Available: https://www.fortinet.com/resources/cyberglossary/insider-threats
[12] Sentinelone, What are Insider Threats? Types, Prevention & Risks, 2025. [Online]. Available: https://www.sentinelone.com/cybersecurity-101/threat-intelligence/insider-threats/
[13] Robert C. Swanson et al., “Method to Increase Cloud Availability and Silicon Isolation Using Secure Enclaves,” US9798641B2, 2017.
[Google Scholar] [Publisher Link]
[14] Pradipta Banerjee, and Samuel Ortiz, Understanding the Confidential Containers Attestation Flow, 2022. [Online]. Available: https://www.redhat.com/en/blog/understanding-confidential-containers-attestation-flow
[15] Microsoft, Confidential Containers on Azure, 2023. [Online]. Available: https://learn.microsoft.com/en-us/azure/confidential computing/confidential-containers
[16] Matthew A. Johnson et al., “Confidential Container Groups: Implementing Confidential Computing on Azure Container Instances,” Queue, vol. 22, no. 2, pp. 57-86, 2024.
[CrossRef] [Google Scholar] [Publisher Link]