BTW, I saw MSR has an interesting research work to integrate MapReduce with
SGX to analyze big data in an privacy-preserved way:
https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/vc3-oakland2015.pdf.
I'm looking forward to the potential integration between this project with
a few big data project under ASF.
On Sun, Aug 4, 2019 at 10:07 AM Mingshen Sun wrote:
> Thanks for your interests.
>
> Regarding to you question, no, you cannot use it to sandbox arbitrary code.
> Trusted computing/confidential computing is not just about isolation and
> sandbox.
> For the SGX setup, because lots of sources (e.g., system calls, IO
> functions, etc.)
> are not trusted, which will break the treat model of trusted computing.
> Normally, you should design a code with “trusted” part and “untrusted”
> part.
> For legacy code, it needs to be carefully tailored or separated. But
> sometimes,
> untrusted sources are still needed (e.g., a web service needs network
> capabilities),
> they should be as minimal as possible and easy to audit.
>
> Yesterday, ted gave a very good use case (
> https://signal.org/blog/private-contact-discovery/).
> But there are others listed in the doc:
> https://github.com/mesalock-linux/mesatee/blob/master/docs/case_study.md
>
>
> > On Aug 4, 2019, at 8:37 AM, Matt Sicker wrote:
> >
> > I’ve read through a bit of the site and blog posts. I’m pretty interested
> > in the project, especially any efforts to support more programming
> > languages.
> >
> > Is it possible to use this to sandbox arbitrary code?
> >
> > On Sat, Aug 3, 2019 at 17:22, Mingshen Sun
> wrote:
> >
> >> Yes, this project can be used for securing general computations.
> >> You can simply use the `mesatee_core` library to write an SGX encalve.
> >> In addition, MesaTEE provides others features like function as a
> service.
> >> That’s why we call it a universal securing computing framework.
> >>
> >> Best,
> >> Mingshen Sun
> >>
> >> On 2019/08/03 15:27:41, Matt Sicker wrote:
> >>> Would this project be useful in securing general computations? You
> >> mention>
> >>> big data and AI a lot, though I’m wondering if this is also usable for>
> >>> things like, say, general multi tenant applications?>
> >>>
> >>> On Sat, Aug 3, 2019 at 03:27, Mingshen Sun
> >> wrote:>
> >>>
> Hi,>
> >
> This is Mingshen Sun from Baidu X-Lab. Recently, we have open-sourced>
> a universal secure computing framework called MesaTEE (>
> https://mesatee.org/).>
> The MesaTEE project enables general computing service for>
> security-critical scenarios,>
> which attracts many attentions from academia and industry.>
> >
> To better build up the whole ecosystem, we decide to donate the
> >> MesaTEE>
> project to>
> Apache Foundation. Therefore, we’d like to propose our project to go>
> through>
> the incubation process.>
> >
> Attached is our incubation proposal for open discussion. Thank you so
> >> much.>
> >
> Best,>
> Mingshen Sun>
> Baidu X-Lab>
> >
> >
> Here is the proposal details:>
> >
> ==>
> >
> MesaTEE Apache Incubation Proposal>
> >
> = Abstract =>
> >
> MesaTEE is a framework for universal secure computing.>
> >
> = Proposal =>
> >
> MesaTEE is the next-gen solution to enable general computing service
> >> for>
> security-critical scenarios. It will allow even the most sensitive
> >> data to>
> be>
> securely processed to enable offshore businesses without leakage.>
> >
> The solution combines the advanced Hybrid Memory Safety (HMS) model
> >> and the>
> power of the Trusted Computing technologies (e.g., TPM) as well as
> >> the>
> Confidential Computing technologies (e.g., Intel SGX).>
> >
> * Code base:>
> * https://github.com/mesalock-linux/mesatee>
> * https://github.com/baidu/rust-sgx-sdk>
> * Website: https://mesatee.org>
> * Documentation: https://mesatee.org/doc/mesatee_sdk/>
> >
> = Background =>
> >
> The emerging technologies of big data analytics, machine learning,>
> cloud/edge>
> computing, and blockchain are significantly boosting our productivity,
> >> but>
> at>
> the same time they are bringing new confidentiality and integrity>
> concerns. On>
> public cloud and blockchain, sensitive data like health and financial>
> records>
> may be consumed at runtime by untrusted computing processes running
> >> on>
> compromised platforms; during in-house data exchange, confidential>
> information>
> may cross different clearance boundaries and possibly fall into the
> >> wrong>
> hands;>
> also not to mention the privacy issue arises in offshore data supply>
> chains.>
> >
> Although the consequences of data breaching have been extensively>
> elaborated, we>
> should also note