Earlier this month, Google introduced the release of Asylo, a new open-source framework. Asylo aims to help developers and coders build apps that target Trusted Execution Environments (TEEs). Asylo, which means “safe place” in Greek, could make it easier for them to secure the privacy and integrity of the apps in remote and discreet computing conditions.
The open-source framework is developed to shield against assaults directed at base tiers of the stack. These include the operating system, drivers and firmware of a device. The TEEs provide tailored setup settings known as “enclaves.” They also offset the possibility of compromise through an unauthorized third party.
Furthermore, Asylo framework consists of features and tools necessary to encrypt sensitive communications. It verifies the integrity of the codes that run in the enclaves, which in turn helps protect applications and data.
Asylo for “Confidential Computing”
Asylo, at present, is still experimental. But it has the potential to ultimately allow developers to handle the basic issues relating to apps in any multi-tenant setting. Google’s new open source framework is geared toward the advancement of “confidential computing” cloud apps. The primary goal of the software development kit (SDK) is to enable developers to create protected apps that can be accessed in various cloud architectures. These environments include shared settings – even if they’re not necessarily reliable.
Docker and Kubernetes, popular container orchestration systems, are developed mainly to let untrusted programs work without subjecting the underlying OS to harmful tech infections. On the contrary, Asylo is designed to resolve the opposite problem. It’s designed to make it possible for trusted apps to run TEEs.
Rob Sadowski, a marketing lead in Google’s Trust and Security, mentioned in an interview that most people are wary about rootkits, which are at the bottom tier of the OS stack. He noted that security, particularly when people store their information in a shared infrastructure, is always a valid concern. As such, there is almost antagonism when people verify repeatedly how they’ve guaranteed the only ones that can access their data.
At the moment, most cloud services already offer steps and actions to help in monitoring and locking down app environments. Several applications call for a lot more assurances of their security. These guarantees include encryption key management and financial apps. The need to elevate many of these applications increases. As a result, it’s vital for developers to find a way to boost them up in a more secured cloud sharing environment.
The TEE Concept
The Trusted Execution Environment(s) concept was initially outlined a decade ago by the Open Mobile Terminal Platform (OMTP). The OMTP is comprised of mobile network providers and mobile device distributors. It is an organization that is a part of a hardened mobile environment that focuses on mobile commerce. These days, the TEE concept is used in building hardened apps that are “enclave-ized.”
Developers and coders don’t have to be fully aware of the ins and outs of specific TEEs. With Asylo, they can easily port apps across various enclave backends without having to change codes. Eventually, they can simply run Asylo in an enclave by just replicating their source code into the container.