"Confidential computing" might seem to refer to homomorphic encryption, but has nothing to do with it in its usage here. After searching around a bit, I suspect that Microsoft Azure first used it in 2017 to refer to code running within a trusted enclave.<p>It looks to me that while Asylo is agnostic about the specific TEE used, it is primarily targeted at Intel SGX [1]. Instead of having to trust Google to run your code correctly and not read your data, you'd have to trust Intel to manufacture a secure enclave and essentially bake in a private key that cannot be read. You could use the public key to encrypt your code and workload, and it would run in a part of the processor that Google presumably cannot access (or measure [2]).<p>A good further introduction might be this paper [3] (especially the diagram on page 2), or this answer [4].<p>I'll repeat my main concern with this system: you will reinforce Intel's position as 'feudal lord' in this model [5].<p>[1] <a href="https://github.com/google/asylo/tree/master/asylo/identity/sgx" rel="nofollow">https://github.com/google/asylo/tree/master/asylo/identity/s...</a><p>[2] <a href="https://arxiv.org/abs/1702.08719" rel="nofollow">https://arxiv.org/abs/1702.08719</a><p>[3] <a href="https://eprint.iacr.org/2016/086.pdf" rel="nofollow">https://eprint.iacr.org/2016/086.pdf</a><p>[4] <a href="https://security.stackexchange.com/questions/175749/what-are-the-functional-similarity-and-difference-between-tpm-and-sgx-in-trust-c" rel="nofollow">https://security.stackexchange.com/questions/175749/what-are...</a><p>[5] <a href="https://news.ycombinator.com/item?id=15936121" rel="nofollow">https://news.ycombinator.com/item?id=15936121</a>
Make no mistake: this is nothing more than the old "treacherous computing" that RMS warned about a long time ago, but coming back in new clothes, and is going to be used the most by DRM and other user-hostile applications. They're just trying to sneak it past everyone under the guise of "security" and other ostensibly-somewhat-friendly uses, but don't be fooled.<p><a href="https://www.gnu.org/philosophy/can-you-trust.en.html" rel="nofollow">https://www.gnu.org/philosophy/can-you-trust.en.html</a><p><a href="https://en.wikipedia.org/wiki/Next-Generation_Secure_Computing_Base" rel="nofollow">https://en.wikipedia.org/wiki/Next-Generation_Secure_Computi...</a>
The main TEE wikipedia article wasn't very informative for me (about as high level as this blog post). Looking through links off of that brought me to Intel's "Software Guard Extensions" wikipedia[1] article, which actually defines enclaves:<p>"Intel SGX is a set of central processing unit (CPU) instruction codes from Intel that allows user-level code to allocate private regions of memory, called enclaves, that are protected from processes running at higher privilege levels."<p>I still don't fully understand the security model of enclaves (for instance, the same wikipedia page also talks about modifying spectre to work against enclaves[2]).<p>[1]<a href="https://en.wikipedia.org/wiki/Software_Guard_Extensions" rel="nofollow">https://en.wikipedia.org/wiki/Software_Guard_Extensions</a>
[2]<a href="https://github.com/lsds/spectre-attack-sgx" rel="nofollow">https://github.com/lsds/spectre-attack-sgx</a><p>(disclaimer: I work at Google, but obviously not on this)
This is really promising. The use of enclave is strongly chained to its Hardware. Having a Framework with a plugin-like architecture definitely helps. I may be wrong, but I have the impression that the development of TEE within Virtual Machines and Containers is still in its early stages. I am looking forward to see how Asylo will help on this.
Does this all hinge on EPID? So will cloud workloads have to phone home to Intel for assertions to be satisfied?<p>My question is built on the presumption that SGX is the only real TEE available right now.<p>Also, how is Google dealing with PRM/EPC memory limitations of SGX?
The name doesn’t inspire confidence to me. Too close to Asylum, but I guess they’re going for “a silo”.<p><i>It's just my opinion.</i> I know the meaning of the word Asylum, but as I explained below...it's the association that I get from it. It's like using the word Niggardly - even though the definition is not related to race, people don't use it because it just sounds wrong.