Microsoft’s Azure IoT team released a cross-platform version of its Open Enclave SDK with an eye to securing devices at that mysterious entity, the Edge. These days, Microsoft is all about the Intelligent Edge, where the likes of smart cameras and IoT sensors lurk. In the past, these devices were relatively simple, with all processing being done on centralized servers.
Microsoft’s Azure IoT Edge vision, on the other hand, is geared up toward shoveling more intelligence locally, with Azure artificial intelligence (AI), services and custom code finding their way onto devices at the Edge where poor connectivity or latency issues prevented a constant connection to the cloud.
However, making these devices smarter significantly increases the risk of tampering. Redmond has pitched Azure Sphere as a way of securing things and making operations more trustworthy at the Edge, but having to build devices with a Sphere-compliant microcontroller (MCU) is not always an option which, of course, increases the attack surface.
However, the Azure IoT Edge security manager exists to protect the IoT Edge device by abstracting the secure silicon hardware, and onto this platform, Microsoft has welcomed OEMs and their hardware security modules. Yet, with the emergence of the Intelligent Edge comes the need to protect the data lurking at the Edge, which complicates matters further. To this end Microsoft launched the Open Enclave SDK a couple of months ago, aimed at creating a single enclaving abstraction for developers building Trusted Execution Environment (TEE)-based apps.
An open enclave application has two components: the host, which is untrusted and runs unmodified on the untrusted OS, and the enclave, a trusted component which runs in the protected containers of the TEE. Microsoft refers to the securing of workloads within TEEs as Confidential Computing.
The aim of the SDK is that developers can build once and then deploy over multiple platforms, from cloud to Edge, and on Linux or Windows.