Google yesterday open-sourced Asylo, a confidential computing development framework. Asylo means safe place in Greek, and the framework aims to provide a development framework and SDK for applications executed in Trusted Execution Environments (TEEs) to ensure the security of applications and data.
TEE uses a special execution environment Enclave to effectively prevent attacks against underlying software such as operating systems, firmware, drivers, etc., and reduce the risk of internal malicious personnel or unauthorized third parties leaking data. An enclave is an emerging technical specification, or a special execution environment whose code is protected within the operating system kernel and guaranteed that even a user running with root privileges cannot extract information or compromise its integrity .
Google describes Asylo as a new type of framework that includes functions and services for encrypting sensitive communications, helping to protect data and applications. In the past, developing and running software in a TEE required specialized knowledge and tools, and deployment needed to be tied to a specific hardware environment. The advent of the Asylo framework has enabled more developers to use TEEs and support a variety of hardware - from on-premises systems to the cloud.
Google said: "Asylo enables developers to build applications that are portable and easily deployable to different software and hardware backends. Asylo already includes all the dependencies needed to execute containers, this flexibility will allow developers to fully Leveraging the benefits of TEE, applications can be ported quickly without additional code modifications. With Asylo, we can work with the community to create the next generation of confidential computing applications."