同步操作将从 百度开源/incubator-Teaclave 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
Figure 1: Universal secure computing over cloud, blockchain, and edge computing
The applications of MesaTEE stack can range from single-instance trusted computing to large scale distributed networks. In this sense, MesaTEE stack is the best fit for the computing backends of privacy-preserving blockchains -- as shown in Figure 1, wherever the data/code flow to, whenever the data/code get processed, and regardless of the underlying platform, the data/code owner can always be assured about the confidentiality and integrity protection.
Figure 2: MesaTEE for blockchain services
Figure 2 demonstrates an example blockchain consensus system based on MesaTEE SGX (Level 5). Not only blockchain, other distributed computing scenarios requiring consensus or fault-tolerance can also leverage MesaTEE. Specifically, we utilize Raft over the mutually trusted TLS channels to establish consensus, and committed logs are written to each local database as the transactions are appended to the “chain”. In this case, the confidentiality and integrity of the records on chain are well protected from the platforms, and the remote attestation during the TLS communications guarantees that the consensus logic is as honest as expected. The overall blockchain can survive from data lost or unavailability as long as the majority of the participating nodes are still healthy (in Figure 2, the blockchain can tolerate one node’s failure). This is way more efficient and faster than other Proof-of-Work (PoW) based consensus solutions.
Figure 3: MesaTEE for public cloud services
Losing data confidentiality and integrity has been a major concern for public cloud users. MesaTEE can effectively solve this problem by establishing remotely-attestable trusted secure computing environments.
Figure 3 depicts MesaTEE’s deployment for public cloud services. Multiple TEE server nodes are grouped together to serve as a cloud cluster, which can be scheduled by orchestration framework like Kubernetes.
Figure 4: Traditional SMC compared to MesaTEE based SMC
When cross-department or cross-company data collaboration happens, privacy concerns arise. Thus secure multi-party computation (SMC) has become more and more important nowadays to enable joint big data analyses. However, traditional crypto-based SMC has quite a few limitations, and MesaTEE can solve them effectively, as shown in Figure 4:
Figure 5: MesaTEE’s superior performance on PSI, compared to traditional crypto-based approaches
Figure 5 uses Private Set Intersection (PSI) as the example to demonstrate MesaTEE’s great advantages over traditional SMC solutions. As a matter of fact, the more the participants, the larger the dataset to be analyzed, the better performance MesaTEE will obtain compared to traditional approaches.
Figure 6: MesaTEE’s integration as the Spark backend
As shown in Figure 6, we have also used Rust to re-write Spark backend executor in MesaTEE SGX (Level 5). Distributed big data analyses can thus enjoy strong confidentiality and integrity guarantees. This is extremely helpful when analyzing critical privacy dataset. We have also added oblivious protection to the framework, so that even if the platform owner observes the traffic flowing between the executors, he/she cannot learn any information from the pattern.
In order to achieve the same security promise, traditional crypto-based solutions usually cost days or even months to finish the workload that can be done in one second by the legacy Spark; but MesaTEE can finish execution in 4-20 seconds.
Applications and services use cryptographic keys and secrets to help keep information secure. MesaTEE Key Vault can safeguard these keys and secrets, similar to hardware security modules (HSMs).
MesaTEE Key Vault can be conveniently built on all security levels 2-5, providing secret management (securely store and control accesses to tokens, passwords, certificates, API keys, and other secrets), key management (create and control encryption keys), and certificate management (provision and manage certificates).
Figure 7: MesaTEE’s application in secure AI computing and the performance overhead is acceptable
We have already supported GBDT, Linear Regression, as well as neural networks in MesaTEE SGX (Level 5). Because we have ported TVM and Anakin in SGX, CNN/RNN models generated by popular AI frameworks (e.g. Tensorflow, Caffe, etc.) can be conveniently converted and loaded into SGX. As a result, both the model and the data can be well protected against the hostile environment. Although our major focus is on inference, we do support model training within SGX as well.
Performance is critical for AI applications, so we have also done a lot of optimizations to boost the efficiency, including model compression, model pipelining, etc. Figure 7 shows the time consumption of running ResNet 50 in MesaTEE SGX compared to running in the normal world (outside SGX) -- only 20% overhead is added. With this little addition, no other security solution ever can provide the same confidentiality and integrity promises.
For more details about MesaTEE trusted secure AI computation, one can take a look at our demo video:
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。