Microsoft's edgy Open Enclave SDK goes cross platform

Arm TrustZone now a thing for Azure IoT Edge devs


Microsoft's Azure IoT team has made available a cross-platform version its Open Enclave SDK with an eye to securing devices at that mysterious entity, the Edge.

These days, Microsoft is all about the Intelligent Edge, where the likes of cameras and sensors lurk. In the past, these devices were relatively simple, with all processing being done on centralised servers.

Microsoft's Azure IoT Edge vision, on the other hand, is geared up toward shovelling more intelligence locally, with Azure AI, services and custom code finding their way onto devices at the Edge where poor connectivity or latency issues might have prevented a constant connection to the cloud.

Hence Intelligent Edge.

However, making these devices smarter increases the risk of tampering. Redmond has pitched Azure Sphere as a way of securing things and making operations more trustworthy at the Edge, but having to build devices with a Sphere-compliant MCU is not always an option which, of course, increases the threat surface.

Engineers striving to stay secure at the Edge need fear no more, however, because Azure is here to save the day. The Azure IoT Edge security manager exists to protect the IoT Edge device by abstracting the secure silicon hardware, and onto this platform Microsoft has welcomed OEMs and their hardware security modules.

However, with the emergence of the Intelligent Edge comes the need to protect the data lurking at the Edge, which complicates matters further. To this end Microsoft launched the Open Enclave SDK a couple of months ago, aimed at creating a single enclaving abstraction for developers building Trusted Execution Environment (TEE)-based apps.

An enclave application has two components: the host, which is untrusted and runs unmodified on the untrusted OS, and the enclave, a trusted component which runs in the protected containers of the TEE. Microsoft refers to the securing of workloads within TEEs as Confidential Computing.

The goal of the SDK is that devs can build once and then deploy over multiple platforms, from cloud to Edge, and on Linux or Windows.

Unfortunately, the first version of the SDK only supported TEE hardware based on the Intel Software Extension Guard (SGX) and Linux. Today's announcement continues the cross-platform vision and allows Azure IoT Edge devs to write Trusted Applications (TA) that root trust in any secure silicon TEE built on the likes of Arm TrustZone, Intel SGX and embedded Secure Elements using Windows or Linux.

Microsoft has also released a preview of the integration of its Azure IoT Edge security manager with Open Enclave. ®


Other stories you might like

  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • Wi-Fi hotspots and Windows on Arm broken by Microsoft's latest patches
    Only way to resolve is a rollback – but update included security fixes

    Updated Microsoft's latest set of Windows patches are causing problems for users.

    Windows 10 and 11 are affected, with both experiencing similar issues (although the latter seems to be suffering a little more).

    KB5014697, released on June 14 for Windows 11, addresses a number of issues, but the known issues list has also been growing. Some .NET Framework 3.5 apps might fail to open (if using Windows Communication Foundation or Windows Workflow component) and the Wi-Fi hotspot features appears broken.

    Continue reading
  • Start using Modern Auth now for Exchange Online
    Before Microsoft shutters basic logins in a few months

    The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

    In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.

    "Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."

    Continue reading

Biting the hand that feeds IT © 1998–2022