The Asylo framework has partial support for POSIX APIs and system calls. Each programming language implementation that implicitly depends on system calls in either its generated code or runtime environment will need to be inspected and tested. Languages that depend on unimplemented system calls or POSIX APIs to provide basic functionality will pose some challenge, depending on just which system it needs. If a runtime forwards calls to non-crucial system calls that Asylo does not currently support, then Asylo would need extending to satisfy the linker with at least a stub implementation that calls abort().
Asylo does provide support for basic I/O, sockets, and threads, so basic language functionality within Asylo should not be a significant challenge. We welcome any pull requests you might have to support your favorite language.
Developers using Asylo still must be concerned about writing buggy code. If you write past the end of a buffer with user data passed into the enclave, that code is still vulnerable. We haven’t fixed that part of the software development process.
The Asylo framework has partial support for POSIX APIs and system calls. Each programming language implementation that implicitly depends on system calls in either its generated code or runtime environment will need to be inspected and tested. Languages that depend on unimplemented system calls or POSIX APIs to provide basic functionality will pose some challenge, depending on just which system it needs. If a runtime forwards calls to non-crucial system calls that Asylo does not currently support, then Asylo would need extending to satisfy the linker with at least a stub implementation that calls abort().
Asylo does provide support for basic I/O, sockets, and threads, so basic language functionality within Asylo should not be a significant challenge. We welcome any pull requests you might have to support your favorite language.
Developers using Asylo still must be concerned about writing buggy code. If you write past the end of a buffer with user data passed into the enclave, that code is still vulnerable. We haven’t fixed that part of the software development process.