We started with C/C++ mostly because that's what we need for the bottom layer of a POSIX-like stack. For instance, to use OpenSSL we need to be able to build C and if we wanted to support, for instance, Python we would need to build its C language components. Some of the applications we want to target include Redis and SQLite and, again, there we need C and broad support for POSIX APIs. Ideally, those applications would build for Asylo out of the box, but we have some work to do to get that to work.
Going forward, we are very interested in broader language support. For instance, we are currently working on support for Go. Rust would also be interesting because it (potentially) offers an orthogonal set of security guarantees at compile time.
Makes sense. Eagerly waiting for NodeJS and Mono to be recompiled using Asylo. Do you foresee additional complexity in supporting managed languages ? I'm guessing a mono program with base recompiled to Asylo would be more secure than using SecureString in C#.
The Asylo framework has partial support for POSIX APIs and system calls. Each programming language implementation that implicitly depends on system calls in either its generated code or runtime environment will need to be inspected and tested. Languages that depend on unimplemented system calls or POSIX APIs to provide basic functionality will pose some challenge, depending on just which system it needs. If a runtime forwards calls to non-crucial system calls that Asylo does not currently support, then Asylo would need extending to satisfy the linker with at least a stub implementation that calls abort().
Asylo does provide support for basic I/O, sockets, and threads, so basic language functionality within Asylo should not be a significant challenge. We welcome any pull requests you might have to support your favorite language.
Developers using Asylo still must be concerned about writing buggy code. If you write past the end of a buffer with user data passed into the enclave, that code is still vulnerable. We haven’t fixed that part of the software development process.
We started with C/C++ mostly because that's what we need for the bottom layer of a POSIX-like stack. For instance, to use OpenSSL we need to be able to build C and if we wanted to support, for instance, Python we would need to build its C language components. Some of the applications we want to target include Redis and SQLite and, again, there we need C and broad support for POSIX APIs. Ideally, those applications would build for Asylo out of the box, but we have some work to do to get that to work.
Going forward, we are very interested in broader language support. For instance, we are currently working on support for Go. Rust would also be interesting because it (potentially) offers an orthogonal set of security guarantees at compile time.