Google Announces Asylo Framework for Confidential Computing
In a recent post on the Google Cloud Platform Blog, Google announced Asylo, the firm’s newest open-source framework (and SDK), for securing and protecting applications and data that are contained within a trusted execution environment or TSE.
With the Asylo framework, developers can reduce the risk of attacks on the back-end hardware and software layers that applications run on. This is done by enabling developers to create trusted execution environments (or “enclaves”), which prevent unauthorized access to the data and processes that are running within them. Asylo also helps to increase security by providing checks for code integrity and by offering the ability to encrypt communications that contain private or otherwise sensitive information.
Asylo’s aim is to make it easy to implement these security features by making trusted execution environments more widely available, whether it be for local environments or those based in the cloud. Previously, securing applications and data in a similar manner could have required specialized hardware and also hiring someone with expertise in configuring and managing the secure environment (as TSEs are traditionally found within a processor itself).
Google designed Asylo with portability in mind so that developers can easily create applications without worrying about the specific environment or back-end the trusted execution environments are built on. Asylo can be deployed on a wide array of hardware options. And because Asylo is an open-source framework, users can begin using it for free and can even explore or modify the underlying codebase should they wish to do so.
For those interested in implementing Google’s new Asylo framework, it is available as a Docker image within the Google Container Registry. This image includes everything that is required to get a container up and running so that developers can take advantage of the features that Asylo has to offer.
While there are many options available for securing and protecting applications and data, many of them can be quite complex and require large amounts of effort to configure and manage. Not only that, but existing options may not be able to be deployed on a wide variety of both local and cloud-based environments – something that Google’s Asylo was designed for. And given that Asylo is an open-source framework, it’s likely that it will continue to be updated to work with an even wider array of hardware as time goes on. Another benefit of being open-source is that developers can try using Asylo for free if they want to get a feel for what it’s like to configure and work with the framework.
Keeping applications and data secure can be a stressful and time-consuming task, especially in today’s data-driven world with many applications running in the cloud. Services and frameworks like Google’s Asylo can help developers and admins sleep a bit easier knowing that the applications, data, and even communications are secure and contained within a trusted execution environment.