Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • Google has announced Asylo, an open source framework for developers to run their apps in a trusted execution environment.
  • Asylo is portable and flexible, as apps can be run across different enclave backends with no code changes.

On Thursday, Google unveiled Asylo, a new open source framework aimed at protecting apps and data by running them in a confidential computing environment. According to a Google blog post, Asylo also encompasses an SDK, and is geared toward developing applications that run in trusted execution environments (TEEs).

In the post, Google describes the work of TEEs as defending “against attacks targeting underlying layers of the stack, including the operating system, hypervisor, drivers, and firmware, by providing specialized execution environments known as ‘enclaves.'” It also noted that TEEs can help in mitigating risks around compromise from outside parties.

Asylo works by encrypting sensitive communications and also “verifying the integrity of code running in enclaves,” the post said. This helps protect both the applications and data in the environment.

SEE: Hiring kit: User experience specialist (Tech Pro Research)

Using a TEE used to require special knowledge and niche tools, typically also bringing the burden of custom hardware tie-in. The goal of Asylo is to make TEEs more accessible to developers without the specialized tools, in the cloud and on premises, the post said.

“Using Asylo, we envision our customers gaining deployment flexibility across multiple cloud environments and the assurance of meeting strict regulatory requirements for data protection and encryption key ownership,” Todd Moore, senior vice president of Data Protection at Gemalto, said in the post.

Apps built on the Asylo framework can be deployed on a host of software and hardware backends, the post said. In using Asylo, developers will be provided with a Docker image (via Google Container Registry) containing all the dependencies they’ll need to run the actual container, the post said.

To use Asylo, developers will not need to rewrite their apps, or understand a bunch of specifics about TEEs, the post said. With Asylo, apps “can run on your laptop, a workstation under your desk, a virtual machine in an on-premises server, or an instance in the cloud,” the post said. Google is also working on Asylo support for AMD Secure Encryption Virtualization (SEV) technology, Intel Software Guard Extensions (Intel® SGX), and more.

Developers can download the sources and container image here. More documentation is available on the framework website.