Docker, LXC, Podman or other container solutions isolate application environments mainly to prevent untrusted/unsafe code or undesired events by certain programs from affecting other tenants of the host or the host itself. However, the latter can peak inside the container and execute code; there is no obsolute restriction to that. This makes an application running inside a container vulnerable to « actions » triggered by the host.

Asylo1, an open source framework by Google, does the opposite of what most container solutions do. It allows an application to run inside a Trusted Execution Environment (TEE), which is a specialized environment that prevents attacks from happening even from the OS. I quote from the blog article2 by the Google Cloud Team:

TEEs help defend against attacks targeting underlying layers of the stack, including the operating system, hypervisor, drivers, and firmware, by providing specialized execution environments known as “enclaves”. TEEs can also help mitigate the risk of being compromised by a malicious insider or an unauthorized third-party.