Asylo
Fleeting- Référence externe : https://asylo.dev/docs/guides/quickstart.html
- Référence externe : https://cloud.google.com/blog/products/identity-security/introducing-asylo-an-open-source-framework-for-confidential-computing
- See
Introducing Asylo: an open-source framework for confidential computing | Google Cloud Blog
Asylo: an open-source framework for confidential computing
Asylo (Greek for “safe place”), a new open-source framework that makes it easier to protect the confidentiality and integrity of applications and data in a confidential computing environment.
Asylo makes it easy to attach container-based applications to securely isolate computations.
you can port your apps across different enclave backends with no code changes. Your apps can run on your laptop, a workstation under your desk, a virtual machine in an on-premises server, or an instance in the cloud.
We are exploring future backends based on AMD Secure Encryption Virtualization (SEV) technology, Intel® Software Guard Extensions (Intel® SGX), and other industry-leading hardware technologies that could support the same rebuild-and-run portability.
Coming soon, Asylo will also allow you to run your existing applications in an enclave—just copy your app into the Asylo container, specify the backend, rebuild, and run!
download the Asylo sources and pre-built container image from Google Container Registry. Be sure to check out the samples in the container, expand on them, or use them as a guide when building your own Asylo apps from scratch
verifiable isolation for their most sensitive workloads—capabilities which have become known as confidential computing
Asylo is an open-source framework and SDK for developing applications that run in trusted execution environments (TEEs).
specialized execution environments known as “enclaves”
encrypting sensitive communications and verifying the integrity of code running in enclaves
Asylo makes TEEs much more broadly accessible to the developer community, across a range of hardware—both on-premises and in the cloud
easily build applications and make them portable
we supply a Docker image via Google Container Registry that includes all the dependencies you need to run your container anywhere.
An enclave is a special execution context where code can run protected from even the OS kernel, with the guarantee that even a user running with root privileges cannot extract the enclave’s secrets or compromise its integrity
Asylo is an open source framework for developing enclave applications. It defines an abstract enclave model that can be mapped transparently onto a variety of enclave technologies (a.k.a., enclave backends).
In Asylo, an enclave runs in the context of a user-space application
refer to the code running outside the enclave as the untrusted application and the code running inside the enclave as the trusted application, or simply the enclave.
We refer to the process of switching from an untrusted application to an enclave as entering the enclave and the process of switching from an enclave to an untrusted application as exiting an enclave
Notes pointant ici
- Can I Use Intel’s SGX for Secure Computation in the Cloud Yet?
- Google Cloud Confidential Computing with Confidential VMs