incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zhijie Shen <zjshen.apa...@gmail.com>
Subject Re: [DISCUSS] Incubation Proposal of MesaTEE
Date Mon, 05 Aug 2019 18:14:03 GMT
BTW, I saw MSR has an interesting research work to integrate MapReduce with
SGX to analyze big data in an privacy-preserved way:
https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/vc3-oakland2015.pdf.
I'm looking forward to the potential integration between this project with
a few big data project under ASF.

On Sun, Aug 4, 2019 at 10:07 AM Mingshen Sun <mingshen.sun@gmail.com> wrote:

> Thanks for your interests.
>
> Regarding to you question, no, you cannot use it to sandbox arbitrary code.
> Trusted computing/confidential computing is not just about isolation and
> sandbox.
> For the SGX setup, because lots of sources (e.g., system calls, IO
> functions, etc.)
> are not trusted, which will break the treat model of trusted computing.
> Normally, you should design a code with “trusted” part and “untrusted”
> part.
> For legacy code, it needs to be carefully tailored or separated. But
> sometimes,
> untrusted sources are still needed (e.g., a web service needs network
> capabilities),
> they should be as minimal as possible and easy to audit.
>
> Yesterday, ted gave a very good use case (
> https://signal.org/blog/private-contact-discovery/).
> But there are others listed in the doc:
> https://github.com/mesalock-linux/mesatee/blob/master/docs/case_study.md
>
>
> > On Aug 4, 2019, at 8:37 AM, Matt Sicker <boards@gmail.com> wrote:
> >
> > I’ve read through a bit of the site and blog posts. I’m pretty interested
> > in the project, especially any efforts to support more programming
> > languages.
> >
> > Is it possible to use this to sandbox arbitrary code?
> >
> > On Sat, Aug 3, 2019 at 17:22, Mingshen Sun <mingshen.sun@gmail.com>
> wrote:
> >
> >> Yes, this project can be used for securing general computations.
> >> You can simply use the `mesatee_core` library to write an SGX encalve.
> >> In addition, MesaTEE provides others features like function as a
> service.
> >> That’s why we call it a universal securing computing framework.
> >>
> >> Best,
> >> Mingshen Sun
> >>
> >> On 2019/08/03 15:27:41, Matt Sicker <b...@gmail.com> wrote:
> >>> Would this project be useful in securing general computations? You
> >> mention>
> >>> big data and AI a lot, though I’m wondering if this is also usable for>
> >>> things like, say, general multi tenant applications?>
> >>>
> >>> On Sat, Aug 3, 2019 at 03:27, Mingshen Sun <ms...@cse.cuhk.edu.hk>
> >> wrote:>
> >>>
> >>>> Hi,>
> >>>>>
> >>>> This is Mingshen Sun from Baidu X-Lab. Recently, we have open-sourced>
> >>>> a universal secure computing framework called MesaTEE (>
> >>>> https://mesatee.org/).>
> >>>> The MesaTEE project enables general computing service for>
> >>>> security-critical scenarios,>
> >>>> which attracts many attentions from academia and industry.>
> >>>>>
> >>>> To better build up the whole ecosystem, we decide to donate the
> >> MesaTEE>
> >>>> project to>
> >>>> Apache Foundation. Therefore, we’d like to propose our project to
go>
> >>>> through>
> >>>> the incubation process.>
> >>>>>
> >>>> Attached is our incubation proposal for open discussion. Thank you so
> >> much.>
> >>>>>
> >>>> Best,>
> >>>> Mingshen Sun>
> >>>> Baidu X-Lab>
> >>>>>
> >>>>>
> >>>> Here is the proposal details:>
> >>>>>
> >>>> ======>
> >>>>>
> >>>> MesaTEE Apache Incubation Proposal>
> >>>>>
> >>>> = Abstract =>
> >>>>>
> >>>> MesaTEE is a framework for universal secure computing.>
> >>>>>
> >>>> = Proposal =>
> >>>>>
> >>>> MesaTEE is the next-gen solution to enable general computing service
> >> for>
> >>>> security-critical scenarios. It will allow even the most sensitive
> >> data to>
> >>>> be>
> >>>> securely processed to enable offshore businesses without leakage.>
> >>>>>
> >>>> The solution combines the advanced Hybrid Memory Safety (HMS) model
> >> and the>
> >>>> power of the Trusted Computing technologies (e.g., TPM) as well as
> >> the>
> >>>> Confidential Computing technologies (e.g., Intel SGX).>
> >>>>>
> >>>>  * Code base:>
> >>>>    * https://github.com/mesalock-linux/mesatee>
> >>>>    * https://github.com/baidu/rust-sgx-sdk>
> >>>>  * Website: https://mesatee.org>
> >>>>  * Documentation: https://mesatee.org/doc/mesatee_sdk/>
> >>>>>
> >>>> = Background =>
> >>>>>
> >>>> The emerging technologies of big data analytics, machine learning,>
> >>>> cloud/edge>
> >>>> computing, and blockchain are significantly boosting our productivity,
> >> but>
> >>>> at>
> >>>> the same time they are bringing new confidentiality and integrity>
> >>>> concerns. On>
> >>>> public cloud and blockchain, sensitive data like health and financial>
> >>>> records>
> >>>> may be consumed at runtime by untrusted computing processes running
> >> on>
> >>>> compromised platforms; during in-house data exchange, confidential>
> >>>> information>
> >>>> may cross different clearance boundaries and possibly fall into the
> >> wrong>
> >>>> hands;>
> >>>> also not to mention the privacy issue arises in offshore data supply>
> >>>> chains.>
> >>>>>
> >>>> Although the consequences of data breaching have been extensively>
> >>>> elaborated, we>
> >>>> should also note that proprietary computing algorithms themselves,
> >> such as>
> >>>> AI>
> >>>> models, also need to be well protected. Once leaked, attackers can
> >> steal>
> >>>> the>
> >>>> intellectual properties, or launch whitebox attacks and easily exploit
> >> the>
> >>>> weaknesses of the models.>
> >>>>>
> >>>> Facing all these risky scenarios, we are in desperate need of a
> >> trusted and>
> >>>> secure mechanism, enabling us to protect both private data and
> >> proprietary>
> >>>> computing models during a migratable execution in potentially unsafe>
> >>>> environments, yet preserving functionalities, performance,
> >> compatibility,>
> >>>> and>
> >>>> flexibility. MesaTEE is targeting to be, as we call it, the full
> >> "Universal>
> >>>> Secure Computing" stack, so it can help users resolve these runtime>
> >>>> security>
> >>>> risks.>
> >>>>>
> >>>> MesaTEE aims to promote the development of universal secure computing>
> >>>> ecosystem>
> >>>> through open source and openness, to provide basic support for trust>
> >>>> protection>
> >>>> for the productivity revolution brought by big data and AI, to
> >> completely>
> >>>> solve>
> >>>> the data exchange or multi-party computing between
> >> departments/companies,>
> >>>> to>
> >>>> enable privacy-crucial services such as financial and medical care
> >> using>
> >>>> blockchain/cloud services, and to convoy businesses that are closely>
> >>>> related to>
> >>>> life and safety such as autonomous driving. MesaTEE has been working>
> >>>> closely>
> >>>> with mainstream cloud computing/blockchain/chip vendors and>
> >>>> universities/research institutions to promote hardware TEE, software
> >> memory>
> >>>> safety, and versatile computing services to create an internationally>
> >>>> protected>
> >>>> and flexible secure computing framework. MesaTEE’s open-source release
> >> will>
> >>>> greatly accelerate the development of the next generation of big data>
> >>>> business>
> >>>> applications, and it is also of great importance to promoting AI ​​in
> >> all>
> >>>> business>
> >>>> areas.>
> >>>>>
> >>>> = Rationale =>
> >>>>>
> >>>> MesaTEE stack redefines future AI and big data analytics by providing
> >> a>
> >>>> trusted>
> >>>> and secure offshore computing environment. The confidentiality and
> >> privacy>
> >>>> of>
> >>>> data and models can be well protected with MesaTEE, even if data and
> >> model>
> >>>> originate from different parties with no mutual trust. Moreover, the>
> >>>> computing>
> >>>> platform itself is not necessarily trusted either. The Trusted
> >> Computing>
> >>>> Base>
> >>>> (TCB) can thus be largely reduced to MesaTEE framework alone. A
> >> detailed>
> >>>> description of target use-cases can be found at>
> >>>>
> >>
> https://github.com/mesalock-linux/mesatee/blob/master/docs/case_study.md.>
> >>
> >>>>>
> >>>> We believe that Apache way of open source community empowers MesaTEE
> >> to>
> >>>> attract>
> >>>> a diverse set of contributors who can bring new ideas into the
> >> project.>
> >>>>>
> >>>> = Initial Goals =>
> >>>>>
> >>>>  * Move the existing codebase, website, documentation, and mailing
> >> lists>
> >>>> to an>
> >>>>    Apache-hosted infrastructure.>
> >>>>  * Integrate with the Apache development process.>
> >>>>  * Ensure all dependencies are compliant with Apache License version
> >> 2.0.>
> >>>>  * Incrementally develop and release per Apache guidelines.>
> >>>>>
> >>>> = Current Status =>
> >>>>>
> >>>> The MesaTEE project (and its sub-project Rust SGX SDK) has been
> >> designed>
> >>>> and>
> >>>> developed at Baidu since 2017, and was open sourced under the Apache>
> >>>> License,>
> >>>> Version 2.0 in 2019. The source code is currently hosted at
> github.com>
> >>
> >>>> (https://github.com/mesalock-linux/mesatee and>
> >>>> https://github.com/baidu/rust-sgx-sdk), which will seed the Apache
> >> git>
> >>>> repository.>
> >>>>>
> >>>> == Meritocracy ==>
> >>>>>
> >>>> We are fully committed to open, transparent, and meritocratic
> >> interactions>
> >>>> with>
> >>>> our community. In fact, one of the primary motivations for us to enter
> >> the>
> >>>> incubation process is to be able to rely on Apache best practices that
> >> can>
> >>>> ensure meritocracy. This will eventually help incorporate the best
> >> ideas>
> >>>> back>
> >>>> into the project and enable contributors to continue investing their
> >> time>
> >>>> in the>
> >>>> project. We already have some guidelines to help external
> >> contributors:>
> >>>>>
> >>>>  *>
> >>>>
> >>
> https://github.com/mesalock-linux/mesatee/blob/master/docs/rust_guideline.md
> >
> >>
> >>>>  *>
> >>>>
> >>
> https://github.com/mesalock-linux/mesatee/blob/master/docs/how_to_add_your_function.md
> >
> >>
> >>>>  *>
> >>>>
> >>
> https://github.com/mesalock-linux/mesatee/blob/master/CODE_OF_CONDUCT.md>
> >>>>>
> >>>> == Community ==>
> >>>>>
> >>>> The MesaTEE community is fairly young. Since our sub-project (Rust
> >> SGX>
> >>>> SDK) was>
> >>>> open sourced in 2017, we received many contributions from various>
> >>>> companies and>
> >>>> individual researchers (https://github.com/baidu/rust-sgx-sdk/pulls).
> >> Our>
> >>>> primary goal during the incubation would be to grow the community and>
> >>>> groom our>
> >>>> existing active contributors for committers.>
> >>>>>
> >>>> == Core Developers ==>
> >>>>>
> >>>> Current core developers work at Baidu. We are confident that
> >> incubation>
> >>>> will>
> >>>> help us grow a diverse community in an open and collaborative way.>
> >>>>>
> >>>> == Alignment ==>
> >>>>>
> >>>> MesaTEE is designed as a framework for universal secure computing.
> >> This is>
> >>>> complementary to the Apache's projects, providing a trusted and
> >> secure>
> >>>> computing>
> >>>> framework.>
> >>>>>
> >>>> Our sincere hope is that being a part of the Apache foundation would>
> >>>> enable us>
> >>>> to drive the future of the project in alignment with the other Apache>
> >>>> projects>
> >>>> for the benefit of thousands of organizations that already leverage
> >> these>
> >>>> projects.>
> >>>>>
> >>>> = Known Risks =>
> >>>>>
> >>>> == Orphaned Products ==>
> >>>>>
> >>>> The risk of abandonment of MesaTEE is low. MesaTEE has been incubated
> >> at>
> >>>> Baidu>
> >>>> for over two years. Baidu is committed to the further development of
> >> the>
> >>>> project>
> >>>> and will keep investing resources towards the Apache processes and>
> >>>> community>
> >>>> building, during the incubation period.>
> >>>>>
> >>>> == Inexperience with Open Source ==>
> >>>>>
> >>>> Even though the initial committers are new to the Apache world, some
> >> have>
> >>>> considerable open source experience - Yu Ding, Yiming Jing, Mingshen
> >> Sun.>
> >>>> We>
> >>>> have been successfully managing the current open source community,>
> >>>> answering>
> >>>> questions, and taking feedback already. Moreover, we hope to obtain>
> >>>> guidance and>
> >>>> mentorship from current ASF members to help us succeed in the
> >> incubation.>
> >>>>>
> >>>> == Length of Incubation ==>
> >>>>>
> >>>> We expect the project to be in incubation for 2 years or less.>
> >>>>>
> >>>> == Homogenous Developers ==>
> >>>>>
> >>>> Currently, the lead developers for MesaTEE are from Baidu. However,
> >> we>
> >>>> have an>
> >>>> active set of early contributors/collaborators from Alibaba and other>
> >>>> companies,>
> >>>> which we hope will increase the diversity going forward. Once again,
> >> a>
> >>>> primary>
> >>>> motivation for the incubation is to facilitate this in the Apache
> >> way.>
> >>>>>
> >>>> == Reliance on Salaried Developers ==>
> >>>>>
> >>>> Both the current committers and early contributors have several years
> >> of>
> >>>> core>
> >>>> expertise around designing trusted computing systems. Current
> >> committers>
> >>>> are>
> >>>> very passionate about the project and have already invested hundreds
> >> of>
> >>>> hours>
> >>>> towards helping and building the community. Thus, even with employer>
> >>>> changes, we>
> >>>> expect they will be able to actively engage in the project either
> >> because>
> >>>> they>
> >>>> will be working in similar areas even with newer employers or out of>
> >>>> belief in>
> >>>> the project.>
> >>>>>
> >>>> == Relationships with Other Apache Products ==>
> >>>>>
> >>>> To the best of our knowledge, there are no directly competing projects
> >> with>
> >>>> MesaTEE that offer all of the feature set - memory safety, secure>
> >>>> computing,>
> >>>> multi-party computation, etc. However, some projects share similar
> >> goals,>
> >>>> e.g.,>
> >>>> OpenWhisk which provides a serverless cloud platform. We are committed
> >> to>
> >>>> open>
> >>>> collaboration with such Apache projects and incorporating changes to>
> >>>> MesaTEE or>
> >>>> contributing patches to other projects, with the goal of making it
> >> easier>
> >>>> for>
> >>>> the community at large, to adopt these open source technologies.>
> >>>>>
> >>>> == Excessive Fascination with the Apache Brand ==>
> >>>>>
> >>>> The Apache Brand is very respected. We are very honored to have the>
> >>>> opportunity>
> >>>> to join ASF, with the understanding that its brand policies shall be>
> >>>> respected.>
> >>>> And we hope Apache can help us build the ecosystem around MesaTEE and>
> >>>> attract>
> >>>> more developers.>
> >>>>>
> >>>> = Documentation =>
> >>>>>
> >>>>  * Detailed documentation: https://github.com/mesalock-linux/mesatee>
> >>
> >>>>  * MesaTEE SDK API documentation:
> >> https://mesatee.org/doc/mesatee_sdk/>
> >>>>>
> >>>> = Initial Source =>
> >>>>>
> >>>> The codebase is currently hosted on Github:>
> >>>>>
> >>>>  * https://github.com/mesalock-linux/mesatee>
> >>>>  * https://github.com/baidu/rust-sgx-sdk>
> >>>>>
> >>>> During incubation, the codebase will be migrated to an Apache>
> >>>> infrastructure.>
> >>>> The source code of MesaTEE is under Apache version 2.0 License, while
> >> Rust>
> >>>> SGX>
> >>>> SDK is under BSD 3-Clauses License.>
> >>>>>
> >>>> = Source and Intellectual Property Submission Plan =>
> >>>>>
> >>>> We will work with the committers to get ICLAs signed. We will provide
> >> a>
> >>>> Software>
> >>>> Grant Agreement from an authorized signer per>
> >>>> https://www.apache.org/licenses/software-grant-template.pdf>
> >>>>>
> >>>> = External Dependencies =>
> >>>>>
> >>>> MesaTEE directly depends on these third-party Rust crates:>
> >>>>>
> >>>>  * adler32, 1.0.3, BSD-3-Clause>
> >>>>  * aho-corasick, 0.7.4, Unlicense/MIT>
> >>>>  * array_tool, 1.0.3, MIT>
> >>>>  * assert_matches, 1.3.0, MIT/Apache-2.0>
> >>>>  * autocfg, 0.1.4, Apache-2.0/MIT>
> >>>>  * base64, 0.10.1, MIT/Apache-2.0>
> >>>>  * bincode, 1.1.4, MIT>
> >>>>  * bit-vec, 0.6.1, MIT/Apache-2.0>
> >>>>  * bitflags, 1.1.0, MIT/Apache-2.0>
> >>>>  * byteorder, 1.3.2, MIT/Unlicense>
> >>>>  * bytes, 0.5.0, MIT>
> >>>>  * cc, 1.0.37, MIT/Apache-2.0>
> >>>>  * cfg-if, 0.1.9, MIT/Apache-2.0>
> >>>>  * chrono, 0.4.7, MIT/Apache-2.0>
> >>>>  * color_quant, 1.0.1, MIT>
> >>>>  * crc32fast, 1.2.0, MIT>
> >>>>  * ctor, 0.1.9, Apache-2.0>
> >>>>  * deflate, 0.7.20, MIT/Apache-2.0>
> >>>>  * either, 1.5.2, MIT/Apache-2.0>
> >>>>  * env_logger, 0.6.2, MIT/Apache-2.0>
> >>>>  * erased-serde, 0.3.9, MIT>
> >>>>  * fnv, 1.0.6, Apache-2.0>
> >>>>  * getrandom, 0.1.6, MIT>
> >>>>  * ghost, 0.1.0, MIT/Apache-2.0>
> >>>>  * gif, 0.10.2, MIT/Apache-2.0>
> >>>>  * gzip-header, 0.3.0, MIT/Apache-2.0>
> >>>>  * half, 1.3.0, MIT/Apache-2.0>
> >>>>  * hashbrown, 0.3.1, Apache-2.0/MIT>
> >>>>  * heapsize, 0.4.2, MIT/Apache-2.0>
> >>>>  * hex, 0.3.2, MIT>
> >>>>  * http, 0.1.17, MIT/Apache-2.0>
> >>>>  * httparse, 1.3.4, MIT/Apache-2.0>
> >>>>  * humantime, 1.2.0, MIT/Apache-2.0>
> >>>>  * image, 0.21.0, MIT>
> >>>>  * inflate, 0.4.5, MIT>
> >>>>  * inventory, 0.1.3, MIT>
> >>>>  * inventory-impl, 0.1.3, MIT>
> >>>>  * iovec, 0.2.0, MIT/Apache-2.0>
> >>>>  * itertools, 0.8.0, MIT/Apache-2.0>
> >>>>  * itoa, 0.4.4, MIT>
> >>>>  * jpeg-decoder, 0.1.15, MIT>
> >>>>  * lazy_static, 1.3.0, MIT/Apache-2.0>
> >>>>  * libc, 0.2.59, MIT>
> >>>>  * linked-hash-map, 0.5.2, MIT/Apache-2.0>
> >>>>  * log, 0.4.7, MIT>
> >>>>  * lzw, 0.10.0, MIT/Apache-2.0>
> >>>>  * matrixmultiply, 0.2.2, MIT/Apache-2.0>
> >>>>  * md5, 0.6.1, Apache-2.0/MIT>
> >>>>  * memchr, 2.2.1, Unlicense/MIT>
> >>>>  * memory_units, 0.3.0, MPL-2.0>
> >>>>  * net2, 0.2.33, MIT/Apache-2.0>
> >>>>  * num, 0.2.0, MIT/Apache-2.0>
> >>>>  * num-bigint, 0.2.2, MIT/Apache-2.0>
> >>>>  * num-complex, 0.2.3, MIT/Apache-2.0>
> >>>>  * num-integer, 0.1.41, MIT/Apache-2.0>
> >>>>  * num-iter, 0.1.39, MIT/Apache-2.0>
> >>>>  * num-rational, 0.2.2, MIT/Apache-2.0>
> >>>>  * num-traits, 0.2.8, MIT/Apache-2.0>
> >>>>  * parity-wasm, 0.31.3, MIT/Apache-2.0>
> >>>>  * png, 0.14.1, MIT/Apache-2.0>
> >>>>  * proc-macro2, 0.4.30, MIT/Apache-2.0>
> >>>>  * profiler_builtins, 0.1.0, profiler_builtins>
> >>>>  * quick-error, 1.2.2, MIT/Apache-2.0>
> >>>>  * quote, 0.3.15, MIT>
> >>>>  * quote, 0.6.13, MIT>
> >>>>  * rand, 0.6.5, MIT/Apache-2.0>
> >>>>  * rand_core, 0.4.0, MIT/Apache-2.0>
> >>>>  * rand_hc, 0.1.0, MIT/Apache-2.0>
> >>>>  * rand_pcg, 0.1.2, MIT/Apache-2.0>
> >>>>  * rawpointer, 0.1.0, MIT/Apache-2.0>
> >>>>  * regex, 1.1.9, MIT/Apache-2.0>
> >>>>  * regex-syntax, 0.6.8, MIT/Apache-2.0>
> >>>>  * ring, 0.14.6, ISC-style>
> >>>>  * rulinalg, 0.4.2, MIT>
> >>>>  * rustls, 0.15.2, Apache-2.0/ISC/MIT>
> >>>>  * rusty-machine, 0.5.4, MIT>
> >>>>  * ryu, 1.0.0, Apache-2.0>
> >>>>  * sct, 0.5.0, Apache-2.0/ISC/MIT>
> >>>>  * serde, 1.0.94, MIT>
> >>>>  * serde_cbor, 0.10.0, MIT/Apache-2.0>
> >>>>  * serde_derive, 1.0.94, MIT>
> >>>>  * serde_json, 1.0.40, MIT>
> >>>>  * sha1, 0.6.0, BSD-3-Clause>
> >>>>  * sha2, 0.8.0, sha2>
> >>>>  * spin, 0.5.0, MIT>
> >>>>  * syn, 0.11.11, MIT>
> >>>>  * syn, 0.15.39, MIT>
> >>>>  * synom, 0.11.3, MIT/Apache-2.0>
> >>>>  * termcolor, 1.0.5, Unlicense>
> >>>>  * thread_local, 0.3.6, Apache-2.0/MIT>
> >>>>  * tiff, 0.3.
> >> [message truncated...]
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> >> For additional commands, e-mail: general-help@incubator.apache.org
> >>
> >> --
> > Matt Sicker <boards@gmail.com>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message