Google has open-sourced a new framework called Asylo, to help enterprises secure cloud applications and data in a confidential computing environment.
Asylo is a Greek word which means ‘safe place’. Google aims to provide additional capabilities using which the enterprises can get better isolation for sensitive cloud workloads.
It encompasses a framework and software development kit (SDK) to build applications that run in trusted execution environments (TEEs). The TEEs are secure environments which defend against attacks operating systems, drivers, hypervisors, and firmware. These environments can also mitigate the insider attacks by workers, as well as the unauthorized third-parties.
Google anticipated that developers will welcome the Asylo, since it doesn’t need specialized tools and knowledge to develop and run applications in TEEs. They will be able to create apps with taking advantages of security properties of TEEs.
The new tool will make TEEs broadly accessible to the developers, both on-premises and in the cloud. It will enable them to easily build applications and deploy them on several software and hardware backends.
“With Asylo, we supply a Docker image via Google Container Registry that includes all the dependencies you need to run your container anywhere. This flexibility allows you to take advantage of various hardware architectures with TEE support without modifying your source code,” wrote Google in a blog post.
Asylo is a portable solution, so that developers can port their apps across a variety of enclave backends without any changes in the code. They can run the apps on their laptops, virtual machine in an on-premises server, or any cloud instance.
“We are exploring future backends based on AMD Secure Encryption Virtualization (SEV) technology, Intel® Software Guard Extensions (Intel SGX), and other industry-leading hardware technologies that could support the same rebuild-and-run portability,” write Google.
The developers can get started with Asylo by downloading the Asylo sources and pre-built container images from Google Container Registry.