[ad_1]
Microsoft continues its broad campaign to contribute to open source projects by joining the newly created consortium Confident Computing Computing, an initiative launched by The Linux Foundation that aims to improve the security of data currently used by applications on a computer or in applications. the cloud (as opposed to at rest or not used).
Microsoft is far from alone in this business and is joined by Intel in the consortium, alongside ARM, Baidu, Google Cloud, IBM, Red Hat and other technology giants.
The main objective is the adoption of "confidential computer technology" and the use of secure execution environments (TEEs) to secure actively used data.
The Linux Foundation explains: "Current approaches to cloud computing deal with data at rest and in transit, but data encryption in use is seen as the third step and perhaps the next step. more difficult to provide a fully encrypted life cycle for sensitive data.
"Confidential computing will allow encrypted data to be stored in memory without exposing it to the rest of the system, reducing the exposure of sensitive data and providing better control and greater transparency to users."
In other words, the operating system could be compromised by a type of malware, but the data used in a program would still be encrypted, and thus safe from attackers.
Open Enclave
To do this, a number of core elements are needed, and Microsoft's contribution lies in its Open Enclave SDK, an open source framework that facilitates the creation (and verification) of secure applications protected by hardware. . These TEE-enabled applications will run on multiple hardware architectures, including Intel SGX and ARM TrustZone (as well as Linux and Windows software).
The Software Guard Extensions (SGX) SDK is an important part of Intel's open source puzzle here, as is Red Hat Enarx, which offers hardware independence for securing applications via TEEs. The latter is similar to Open Enclave, but not surprisingly with a more Linux-centric focus.
The ultimate goal here should be better security for important data at all levels, and while this consortium and its objectives are obviously business-oriented, remember that it is often your personal data that these large organizations are dealing with. deal. So, in a very concrete way, in terms of data breach, etc., your security is often at stake.
Mark Russinovich, Technical Manager at Microsoft, said, "The Open Enclave SDK is already a popular tool for developers working on trusted runtime environments, one of the most promising areas for protecting people. data used.
"We hope that this contribution to the consortium will make the tools available to a greater number of developers and accelerate the development and adoption of applications that will improve trust and confidence. security in the cloud and advanced computing. "
Via Tom's Hardware
[ad_2]
Source link