Friday, 23 August 2019

Microsoft, Intel and others are doubling down on open source Linux security

Microsoft is continuing its broad ongoing push to contribute with open sourceprojects, joining the newly created Confidential Computing Consortium, an initiative launched by The Linux Foundation which aims to provide better security for data which is actually in use by apps on a computer, or in the cloud (as opposed to at rest, or not being used).
Microsoft is far from alone in this endeavor, and is joined by Intel in the consortium, along with ARM, Baidu, Google Cloud, IBM, Red Hat and other tech giants.
The overarching aim is the adoption of ‘confidential computing’ and the use of Trusted Execution Environments (TEEs) to secure data which is actively being used.
The Linux Foundation explains: “Current approaches in cloud computing address data at rest and in transit but encrypting data in use is considered the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.
“Confidential computing will enable encrypted data to be processed in memory without exposing it to the rest of the system and reduce exposure for sensitive data and provide greater control and transparency for users.”
In other words, the operating system could be compromised by some kind of malware, but the data being used in a program would still be encrypted, and therefore safe from an attacker.
Open Enclave
There are a number of central elements going towards achieving this, and Microsoft’s contribution is its Open Enclave SDK, an open source framework that facilitates the building (and verifying) of hardware-protected trusted apps. These TEE-toting apps will be able to run across multiple hardware architectures, currently including Intel SGX and ARM TrustZone (and Linux and Windows on the software front).
The SGX (Software Guard Extensions) SDK is a big part of the puzzle which Intel is open sourcing here, along with Red Hat Enarx, which provides hardware independence when it comes to securing apps via TEEs. The latter is similar to Open Enclave, but unsurprisingly with more of a Linux focus.
The ultimate end goal here should be better security for important data across the board, broadly speaking, and while this consortium and its aims obviously have a business focus, remember it’s often your personal data that these big organizations are processing and crunching. So, in a very real way when it comes to data breaches and the like, it’s often your security that is at stake.
Mark Russinovich, chief technical officer at Microsoft, enthused: “The Open Enclave SDK is already a popular tool for developers working on Trusted Execution Environments, one of the most promising areas for protecting data in use.
“We hope this contribution to the Consortium can put the tools in even more developers’ hands and accelerate the development and adoption of applications that will improve trust and security across cloud and edge computing.”

0 comments:

Post a Comment