I support this proposal and would like to be listed in the interested parties.
Cheers, Antoine Toulme > On Aug 5, 2019, at 8:14 PM, Zhijie Shen <zjshen.apa...@gmail.com> wrote: > > BTW, I saw MSR has an interesting research work to integrate MapReduce with > SGX to analyze big data in an privacy-preserved way: > https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/vc3-oakland2015.pdf. > I'm looking forward to the potential integration between this project with > a few big data project under ASF. > > On Sun, Aug 4, 2019 at 10:07 AM Mingshen Sun <mingshen....@gmail.com> wrote: > >> Thanks for your interests. >> >> Regarding to you question, no, you cannot use it to sandbox arbitrary code. >> Trusted computing/confidential computing is not just about isolation and >> sandbox. >> For the SGX setup, because lots of sources (e.g., system calls, IO >> functions, etc.) >> are not trusted, which will break the treat model of trusted computing. >> Normally, you should design a code with “trusted” part and “untrusted” >> part. >> For legacy code, it needs to be carefully tailored or separated. But >> sometimes, >> untrusted sources are still needed (e.g., a web service needs network >> capabilities), >> they should be as minimal as possible and easy to audit. >> >> Yesterday, ted gave a very good use case ( >> https://signal.org/blog/private-contact-discovery/). >> But there are others listed in the doc: >> https://github.com/mesalock-linux/mesatee/blob/master/docs/case_study.md >> >> >>> On Aug 4, 2019, at 8:37 AM, Matt Sicker <boa...@gmail.com> wrote: >>> >>> I’ve read through a bit of the site and blog posts. I’m pretty interested >>> in the project, especially any efforts to support more programming >>> languages. >>> >>> Is it possible to use this to sandbox arbitrary code? >>> >>> On Sat, Aug 3, 2019 at 17:22, Mingshen Sun <mingshen....@gmail.com> >> wrote: >>> >>>> Yes, this project can be used for securing general computations. >>>> You can simply use the `mesatee_core` library to write an SGX encalve. >>>> In addition, MesaTEE provides others features like function as a >> service. >>>> That’s why we call it a universal securing computing framework. >>>> >>>> Best, >>>> Mingshen Sun >>>> >>>> On 2019/08/03 15:27:41, Matt Sicker <b...@gmail.com> wrote: >>>>> Would this project be useful in securing general computations? You >>>> mention> >>>>> big data and AI a lot, though I’m wondering if this is also usable for> >>>>> things like, say, general multi tenant applications?> >>>>> >>>>> On Sat, Aug 3, 2019 at 03:27, Mingshen Sun <ms...@cse.cuhk.edu.hk> >>>> wrote:> >>>>> >>>>>> Hi,> >>>>>>> >>>>>> This is Mingshen Sun from Baidu X-Lab. Recently, we have open-sourced> >>>>>> a universal secure computing framework called MesaTEE (> >>>>>> https://mesatee.org/).> >>>>>> The MesaTEE project enables general computing service for> >>>>>> security-critical scenarios,> >>>>>> which attracts many attentions from academia and industry.> >>>>>>> >>>>>> To better build up the whole ecosystem, we decide to donate the >>>> MesaTEE> >>>>>> project to> >>>>>> Apache Foundation. Therefore, we’d like to propose our project to go> >>>>>> through> >>>>>> the incubation process.> >>>>>>> >>>>>> Attached is our incubation proposal for open discussion. Thank you so >>>> much.> >>>>>>> >>>>>> Best,> >>>>>> Mingshen Sun> >>>>>> Baidu X-Lab> >>>>>>> >>>>>>> >>>>>> Here is the proposal details:> >>>>>>> >>>>>> ======> >>>>>>> >>>>>> MesaTEE Apache Incubation Proposal> >>>>>>> >>>>>> = Abstract => >>>>>>> >>>>>> MesaTEE is a framework for universal secure computing.> >>>>>>> >>>>>> = Proposal => >>>>>>> >>>>>> MesaTEE is the next-gen solution to enable general computing service >>>> for> >>>>>> security-critical scenarios. It will allow even the most sensitive >>>> data to> >>>>>> be> >>>>>> securely processed to enable offshore businesses without leakage.> >>>>>>> >>>>>> The solution combines the advanced Hybrid Memory Safety (HMS) model >>>> and the> >>>>>> power of the Trusted Computing technologies (e.g., TPM) as well as >>>> the> >>>>>> Confidential Computing technologies (e.g., Intel SGX).> >>>>>>> >>>>>> * Code base:> >>>>>> * https://github.com/mesalock-linux/mesatee> >>>>>> * https://github.com/baidu/rust-sgx-sdk> >>>>>> * Website: https://mesatee.org> >>>>>> * Documentation: https://mesatee.org/doc/mesatee_sdk/> >>>>>>> >>>>>> = Background => >>>>>>> >>>>>> The emerging technologies of big data analytics, machine learning,> >>>>>> cloud/edge> >>>>>> computing, and blockchain are significantly boosting our productivity, >>>> but> >>>>>> at> >>>>>> the same time they are bringing new confidentiality and integrity> >>>>>> concerns. On> >>>>>> public cloud and blockchain, sensitive data like health and financial> >>>>>> records> >>>>>> may be consumed at runtime by untrusted computing processes running >>>> on> >>>>>> compromised platforms; during in-house data exchange, confidential> >>>>>> information> >>>>>> may cross different clearance boundaries and possibly fall into the >>>> wrong> >>>>>> hands;> >>>>>> also not to mention the privacy issue arises in offshore data supply> >>>>>> chains.> >>>>>>> >>>>>> Although the consequences of data breaching have been extensively> >>>>>> elaborated, we> >>>>>> should also note that proprietary computing algorithms themselves, >>>> such as> >>>>>> AI> >>>>>> models, also need to be well protected. Once leaked, attackers can >>>> steal> >>>>>> the> >>>>>> intellectual properties, or launch whitebox attacks and easily exploit >>>> the> >>>>>> weaknesses of the models.> >>>>>>> >>>>>> Facing all these risky scenarios, we are in desperate need of a >>>> trusted and> >>>>>> secure mechanism, enabling us to protect both private data and >>>> proprietary> >>>>>> computing models during a migratable execution in potentially unsafe> >>>>>> environments, yet preserving functionalities, performance, >>>> compatibility,> >>>>>> and> >>>>>> flexibility. MesaTEE is targeting to be, as we call it, the full >>>> "Universal> >>>>>> Secure Computing" stack, so it can help users resolve these runtime> >>>>>> security> >>>>>> risks.> >>>>>>> >>>>>> MesaTEE aims to promote the development of universal secure computing> >>>>>> ecosystem> >>>>>> through open source and openness, to provide basic support for trust> >>>>>> protection> >>>>>> for the productivity revolution brought by big data and AI, to >>>> completely> >>>>>> solve> >>>>>> the data exchange or multi-party computing between >>>> departments/companies,> >>>>>> to> >>>>>> enable privacy-crucial services such as financial and medical care >>>> using> >>>>>> blockchain/cloud services, and to convoy businesses that are closely> >>>>>> related to> >>>>>> life and safety such as autonomous driving. MesaTEE has been working> >>>>>> closely> >>>>>> with mainstream cloud computing/blockchain/chip vendors and> >>>>>> universities/research institutions to promote hardware TEE, software >>>> memory> >>>>>> safety, and versatile computing services to create an internationally> >>>>>> protected> >>>>>> and flexible secure computing framework. MesaTEE’s open-source release >>>> will> >>>>>> greatly accelerate the development of the next generation of big data> >>>>>> business> >>>>>> applications, and it is also of great importance to promoting AI in >>>> all> >>>>>> business> >>>>>> areas.> >>>>>>> >>>>>> = Rationale => >>>>>>> >>>>>> MesaTEE stack redefines future AI and big data analytics by providing >>>> a> >>>>>> trusted> >>>>>> and secure offshore computing environment. The confidentiality and >>>> privacy> >>>>>> of> >>>>>> data and models can be well protected with MesaTEE, even if data and >>>> model> >>>>>> originate from different parties with no mutual trust. Moreover, the> >>>>>> computing> >>>>>> platform itself is not necessarily trusted either. The Trusted >>>> Computing> >>>>>> Base> >>>>>> (TCB) can thus be largely reduced to MesaTEE framework alone. A >>>> detailed> >>>>>> description of target use-cases can be found at> >>>>>> >>>> >> https://github.com/mesalock-linux/mesatee/blob/master/docs/case_study.md.> >>>> >>>>>>> >>>>>> We believe that Apache way of open source community empowers MesaTEE >>>> to> >>>>>> attract> >>>>>> a diverse set of contributors who can bring new ideas into the >>>> project.> >>>>>>> >>>>>> = Initial Goals => >>>>>>> >>>>>> * Move the existing codebase, website, documentation, and mailing >>>> lists> >>>>>> to an> >>>>>> Apache-hosted infrastructure.> >>>>>> * Integrate with the Apache development process.> >>>>>> * Ensure all dependencies are compliant with Apache License version >>>> 2.0.> >>>>>> * Incrementally develop and release per Apache guidelines.> >>>>>>> >>>>>> = Current Status => >>>>>>> >>>>>> The MesaTEE project (and its sub-project Rust SGX SDK) has been >>>> designed> >>>>>> and> >>>>>> developed at Baidu since 2017, and was open sourced under the Apache> >>>>>> License,> >>>>>> Version 2.0 in 2019. The source code is currently hosted at >> github.com> >>>> >>>>>> (https://github.com/mesalock-linux/mesatee and> >>>>>> https://github.com/baidu/rust-sgx-sdk), which will seed the Apache >>>> git> >>>>>> repository.> >>>>>>> >>>>>> == Meritocracy ==> >>>>>>> >>>>>> We are fully committed to open, transparent, and meritocratic >>>> interactions> >>>>>> with> >>>>>> our community. In fact, one of the primary motivations for us to enter >>>> the> >>>>>> incubation process is to be able to rely on Apache best practices that >>>> can> >>>>>> ensure meritocracy. This will eventually help incorporate the best >>>> ideas> >>>>>> back> >>>>>> into the project and enable contributors to continue investing their >>>> time> >>>>>> in the> >>>>>> project. We already have some guidelines to help external >>>> contributors:> >>>>>>> >>>>>> *> >>>>>> >>>> >> https://github.com/mesalock-linux/mesatee/blob/master/docs/rust_guideline.md >>> >>>> >>>>>> *> >>>>>> >>>> >> https://github.com/mesalock-linux/mesatee/blob/master/docs/how_to_add_your_function.md >>> >>>> >>>>>> *> >>>>>> >>>> >> https://github.com/mesalock-linux/mesatee/blob/master/CODE_OF_CONDUCT.md> >>>>>>> >>>>>> == Community ==> >>>>>>> >>>>>> The MesaTEE community is fairly young. Since our sub-project (Rust >>>> SGX> >>>>>> SDK) was> >>>>>> open sourced in 2017, we received many contributions from various> >>>>>> companies and> >>>>>> individual researchers (https://github.com/baidu/rust-sgx-sdk/pulls). >>>> Our> >>>>>> primary goal during the incubation would be to grow the community and> >>>>>> groom our> >>>>>> existing active contributors for committers.> >>>>>>> >>>>>> == Core Developers ==> >>>>>>> >>>>>> Current core developers work at Baidu. We are confident that >>>> incubation> >>>>>> will> >>>>>> help us grow a diverse community in an open and collaborative way.> >>>>>>> >>>>>> == Alignment ==> >>>>>>> >>>>>> MesaTEE is designed as a framework for universal secure computing. >>>> This is> >>>>>> complementary to the Apache's projects, providing a trusted and >>>> secure> >>>>>> computing> >>>>>> framework.> >>>>>>> >>>>>> Our sincere hope is that being a part of the Apache foundation would> >>>>>> enable us> >>>>>> to drive the future of the project in alignment with the other Apache> >>>>>> projects> >>>>>> for the benefit of thousands of organizations that already leverage >>>> these> >>>>>> projects.> >>>>>>> >>>>>> = Known Risks => >>>>>>> >>>>>> == Orphaned Products ==> >>>>>>> >>>>>> The risk of abandonment of MesaTEE is low. MesaTEE has been incubated >>>> at> >>>>>> Baidu> >>>>>> for over two years. Baidu is committed to the further development of >>>> the> >>>>>> project> >>>>>> and will keep investing resources towards the Apache processes and> >>>>>> community> >>>>>> building, during the incubation period.> >>>>>>> >>>>>> == Inexperience with Open Source ==> >>>>>>> >>>>>> Even though the initial committers are new to the Apache world, some >>>> have> >>>>>> considerable open source experience - Yu Ding, Yiming Jing, Mingshen >>>> Sun.> >>>>>> We> >>>>>> have been successfully managing the current open source community,> >>>>>> answering> >>>>>> questions, and taking feedback already. Moreover, we hope to obtain> >>>>>> guidance and> >>>>>> mentorship from current ASF members to help us succeed in the >>>> incubation.> >>>>>>> >>>>>> == Length of Incubation ==> >>>>>>> >>>>>> We expect the project to be in incubation for 2 years or less.> >>>>>>> >>>>>> == Homogenous Developers ==> >>>>>>> >>>>>> Currently, the lead developers for MesaTEE are from Baidu. However, >>>> we> >>>>>> have an> >>>>>> active set of early contributors/collaborators from Alibaba and other> >>>>>> companies,> >>>>>> which we hope will increase the diversity going forward. Once again, >>>> a> >>>>>> primary> >>>>>> motivation for the incubation is to facilitate this in the Apache >>>> way.> >>>>>>> >>>>>> == Reliance on Salaried Developers ==> >>>>>>> >>>>>> Both the current committers and early contributors have several years >>>> of> >>>>>> core> >>>>>> expertise around designing trusted computing systems. Current >>>> committers> >>>>>> are> >>>>>> very passionate about the project and have already invested hundreds >>>> of> >>>>>> hours> >>>>>> towards helping and building the community. Thus, even with employer> >>>>>> changes, we> >>>>>> expect they will be able to actively engage in the project either >>>> because> >>>>>> they> >>>>>> will be working in similar areas even with newer employers or out of> >>>>>> belief in> >>>>>> the project.> >>>>>>> >>>>>> == Relationships with Other Apache Products ==> >>>>>>> >>>>>> To the best of our knowledge, there are no directly competing projects >>>> with> >>>>>> MesaTEE that offer all of the feature set - memory safety, secure> >>>>>> computing,> >>>>>> multi-party computation, etc. However, some projects share similar >>>> goals,> >>>>>> e.g.,> >>>>>> OpenWhisk which provides a serverless cloud platform. We are committed >>>> to> >>>>>> open> >>>>>> collaboration with such Apache projects and incorporating changes to> >>>>>> MesaTEE or> >>>>>> contributing patches to other projects, with the goal of making it >>>> easier> >>>>>> for> >>>>>> the community at large, to adopt these open source technologies.> >>>>>>> >>>>>> == Excessive Fascination with the Apache Brand ==> >>>>>>> >>>>>> The Apache Brand is very respected. We are very honored to have the> >>>>>> opportunity> >>>>>> to join ASF, with the understanding that its brand policies shall be> >>>>>> respected.> >>>>>> And we hope Apache can help us build the ecosystem around MesaTEE and> >>>>>> attract> >>>>>> more developers.> >>>>>>> >>>>>> = Documentation => >>>>>>> >>>>>> * Detailed documentation: https://github.com/mesalock-linux/mesatee> >>>> >>>>>> * MesaTEE SDK API documentation: >>>> https://mesatee.org/doc/mesatee_sdk/> >>>>>>> >>>>>> = Initial Source => >>>>>>> >>>>>> The codebase is currently hosted on Github:> >>>>>>> >>>>>> * https://github.com/mesalock-linux/mesatee> >>>>>> * https://github.com/baidu/rust-sgx-sdk> >>>>>>> >>>>>> During incubation, the codebase will be migrated to an Apache> >>>>>> infrastructure.> >>>>>> The source code of MesaTEE is under Apache version 2.0 License, while >>>> Rust> >>>>>> SGX> >>>>>> SDK is under BSD 3-Clauses License.> >>>>>>> >>>>>> = Source and Intellectual Property Submission Plan => >>>>>>> >>>>>> We will work with the committers to get ICLAs signed. We will provide >>>> a> >>>>>> Software> >>>>>> Grant Agreement from an authorized signer per> >>>>>> https://www.apache.org/licenses/software-grant-template.pdf> >>>>>>> >>>>>> = External Dependencies => >>>>>>> >>>>>> MesaTEE directly depends on these third-party Rust crates:> >>>>>>> >>>>>> * adler32, 1.0.3, BSD-3-Clause> >>>>>> * aho-corasick, 0.7.4, Unlicense/MIT> >>>>>> * array_tool, 1.0.3, MIT> >>>>>> * assert_matches, 1.3.0, MIT/Apache-2.0> >>>>>> * autocfg, 0.1.4, Apache-2.0/MIT> >>>>>> * base64, 0.10.1, MIT/Apache-2.0> >>>>>> * bincode, 1.1.4, MIT> >>>>>> * bit-vec, 0.6.1, MIT/Apache-2.0> >>>>>> * bitflags, 1.1.0, MIT/Apache-2.0> >>>>>> * byteorder, 1.3.2, MIT/Unlicense> >>>>>> * bytes, 0.5.0, MIT> >>>>>> * cc, 1.0.37, MIT/Apache-2.0> >>>>>> * cfg-if, 0.1.9, MIT/Apache-2.0> >>>>>> * chrono, 0.4.7, MIT/Apache-2.0> >>>>>> * color_quant, 1.0.1, MIT> >>>>>> * crc32fast, 1.2.0, MIT> >>>>>> * ctor, 0.1.9, Apache-2.0> >>>>>> * deflate, 0.7.20, MIT/Apache-2.0> >>>>>> * either, 1.5.2, MIT/Apache-2.0> >>>>>> * env_logger, 0.6.2, MIT/Apache-2.0> >>>>>> * erased-serde, 0.3.9, MIT> >>>>>> * fnv, 1.0.6, Apache-2.0> >>>>>> * getrandom, 0.1.6, MIT> >>>>>> * ghost, 0.1.0, MIT/Apache-2.0> >>>>>> * gif, 0.10.2, MIT/Apache-2.0> >>>>>> * gzip-header, 0.3.0, MIT/Apache-2.0> >>>>>> * half, 1.3.0, MIT/Apache-2.0> >>>>>> * hashbrown, 0.3.1, Apache-2.0/MIT> >>>>>> * heapsize, 0.4.2, MIT/Apache-2.0> >>>>>> * hex, 0.3.2, MIT> >>>>>> * http, 0.1.17, MIT/Apache-2.0> >>>>>> * httparse, 1.3.4, MIT/Apache-2.0> >>>>>> * humantime, 1.2.0, MIT/Apache-2.0> >>>>>> * image, 0.21.0, MIT> >>>>>> * inflate, 0.4.5, MIT> >>>>>> * inventory, 0.1.3, MIT> >>>>>> * inventory-impl, 0.1.3, MIT> >>>>>> * iovec, 0.2.0, MIT/Apache-2.0> >>>>>> * itertools, 0.8.0, MIT/Apache-2.0> >>>>>> * itoa, 0.4.4, MIT> >>>>>> * jpeg-decoder, 0.1.15, MIT> >>>>>> * lazy_static, 1.3.0, MIT/Apache-2.0> >>>>>> * libc, 0.2.59, MIT> >>>>>> * linked-hash-map, 0.5.2, MIT/Apache-2.0> >>>>>> * log, 0.4.7, MIT> >>>>>> * lzw, 0.10.0, MIT/Apache-2.0> >>>>>> * matrixmultiply, 0.2.2, MIT/Apache-2.0> >>>>>> * md5, 0.6.1, Apache-2.0/MIT> >>>>>> * memchr, 2.2.1, Unlicense/MIT> >>>>>> * memory_units, 0.3.0, MPL-2.0> >>>>>> * net2, 0.2.33, MIT/Apache-2.0> >>>>>> * num, 0.2.0, MIT/Apache-2.0> >>>>>> * num-bigint, 0.2.2, MIT/Apache-2.0> >>>>>> * num-complex, 0.2.3, MIT/Apache-2.0> >>>>>> * num-integer, 0.1.41, MIT/Apache-2.0> >>>>>> * num-iter, 0.1.39, MIT/Apache-2.0> >>>>>> * num-rational, 0.2.2, MIT/Apache-2.0> >>>>>> * num-traits, 0.2.8, MIT/Apache-2.0> >>>>>> * parity-wasm, 0.31.3, MIT/Apache-2.0> >>>>>> * png, 0.14.1, MIT/Apache-2.0> >>>>>> * proc-macro2, 0.4.30, MIT/Apache-2.0> >>>>>> * profiler_builtins, 0.1.0, profiler_builtins> >>>>>> * quick-error, 1.2.2, MIT/Apache-2.0> >>>>>> * quote, 0.3.15, MIT> >>>>>> * quote, 0.6.13, MIT> >>>>>> * rand, 0.6.5, MIT/Apache-2.0> >>>>>> * rand_core, 0.4.0, MIT/Apache-2.0> >>>>>> * rand_hc, 0.1.0, MIT/Apache-2.0> >>>>>> * rand_pcg, 0.1.2, MIT/Apache-2.0> >>>>>> * rawpointer, 0.1.0, MIT/Apache-2.0> >>>>>> * regex, 1.1.9, MIT/Apache-2.0> >>>>>> * regex-syntax, 0.6.8, MIT/Apache-2.0> >>>>>> * ring, 0.14.6, ISC-style> >>>>>> * rulinalg, 0.4.2, MIT> >>>>>> * rustls, 0.15.2, Apache-2.0/ISC/MIT> >>>>>> * rusty-machine, 0.5.4, MIT> >>>>>> * ryu, 1.0.0, Apache-2.0> >>>>>> * sct, 0.5.0, Apache-2.0/ISC/MIT> >>>>>> * serde, 1.0.94, MIT> >>>>>> * serde_cbor, 0.10.0, MIT/Apache-2.0> >>>>>> * serde_derive, 1.0.94, MIT> >>>>>> * serde_json, 1.0.40, MIT> >>>>>> * sha1, 0.6.0, BSD-3-Clause> >>>>>> * sha2, 0.8.0, sha2> >>>>>> * spin, 0.5.0, MIT> >>>>>> * syn, 0.11.11, MIT> >>>>>> * syn, 0.15.39, MIT> >>>>>> * synom, 0.11.3, MIT/Apache-2.0> >>>>>> * termcolor, 1.0.5, Unlicense> >>>>>> * thread_local, 0.3.6, Apache-2.0/MIT> >>>>>> * tiff, 0.3. >>>> [message truncated...] >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>>> For additional commands, e-mail: general-h...@incubator.apache.org >>>> >>>> -- >>> Matt Sicker <boa...@gmail.com> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
