Google’s Asylo to Protect Confidentiality

Friday, May 4, 2018 @ 03:05 PM gHale

Google released of an open-source framework and software development kit called Asylo which should make it easier to protect the confidentiality and integrity of applications and data in isolated, confidential computing environments.

Asylo is a framework and software development kit (SDK) for developing applications that run in trusted execution environments (TEEs).

RELATED STORIES
Oracle Access Manager Cyrptographic Hole
Attack Group Targets Healthcare, Manufacturing
How to Start a Security Program
Pipeline Firms Hit; Gas Still Flowing

TEEs help defend against attacks targeting underlying layers of the stack, including the operating system, hypervisor, drivers, and firmware, by providing specialized execution environments known as “enclaves,” said Google researchers in a post.

The newly announced Asylo framework “includes features and services for encrypting sensitive communications and verifying the integrity of code running in enclaves, which help protect data and applications,” Google researchers said.

Until now, specialized knowledge and tools were required for creating and running applications in a TEE, and implementations have been tied to specific hardware environments. With Asylo, TEEs become more broadly accessible to the developer community, allowing for the creation of applications that target various on-premises and in the cloud hardware.

With the Asylo framework, developers can easily build applications and make them portable, thus ensuring they can be deployed on various software and hardware backends. Google also provides a Docker image via Google Container Registry, offering all of the dependencies needed to run a container anywhere.

Because of this increased flexibility, developers can leverage hardware architectures with TEE support without having to modify their source code. Developers can quickly port their applications across different enclave backends (laptop, workstation, a virtual machine in an on-premises server, or an instance in the cloud).



Leave a Reply

You must be logged in to post a comment.