同步操作将从 百度开源/incubator-Teaclave 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
The name MesaTEE originates from Memory Safe TEE. Trusted Execution Environments (TEEs) have already provided effective foundation for secure computating. For example, Intel® provides a processor feature called Software Guard Extensions (Intel® SGX) through memory access enforcement and automatic memory encryption. However, TEEs may still have memory unsafe vulnerabilities like use after free, double free, buffer overflow, etc. and could be exploited by attackers. This further indicates privacy leakage or intellectual property compromise. Researchers have proposed several techniques for hardening TEEs, but we still need an ultimate solution to provide verifiable memory safety.
There are multiple paths towards TEE memory safety. The most straightforward one is to use formal verification to prove existing TEE software stack as memory safe; if violations occur, fix them. As mentioned above, this would be too expensive to be practical. A concrete example is the attempt to formally verify seL4, where at least 8 human years were spent. Any tiny modification to the code would consume similar cost again.
The other direction is to rewrite everything using memory safe languages. Thankfully, memory safety languages like Rust are becoming more and more popular and mature. They intrinsically guarantee memory and thread safety during compilation. At the same time, the performance is almost equivalent to C/C++ programs (see here or here). Most importantly, writing programs in memory safe languages is much cheaper comparing to formal verification. Hence we believe that Rust, the most outstanding memory safe system programming language by far, best fits the TEE world.
However, rewriting everything in Rust is not easy. Sometimes we have to rely on existing unsafe components to reduce the development cycle. It is important to reach a good balance between safety, compatibility and functionality. To achieve that, we come up with the idea of Hybrid Memory Safety and the following rule-of-thumbs:
Here the unsafe components include both the modules written in memory-unsafe languages (such as C/C++), and the unsafe code in memory-safe languages. MesaTEE and its sibling projects (Rust SGX SDK, MesaLock Linux, MesaLink, and MesaPy) are all trying to adhere to these rules.
MesaTEE combines the power of the Baidu HMS model and Intel® SGX to provide a breakthrough solution to expand the trust boundary of the Internet," said Tao Wei, Chief Security Scientist of Baidu. " The HMS model has revolutionized memory safety for systems at the software architecture level. Intel® SGX, meanwhile, dramatically shortens the trust chain of computing and makes trusted dependencies more simplified, reliable, and secure. Together, MesaTEE provides the foundation for incubating next-generation blockchains, privacy-enhanced cloud computing, and other new Internet services.
Once with the memory safety promises, control flow and data flow integrities can be easier to enforce. Security audit also becomes very convenient. Based on it, we can further achieve the Non-bypassable Security Paradigm. This ensures that components cannot be hijacked to take wrong paths, and all control/data flows must pass the critical security checkpoints. That is the ultimate goal of our endeavor.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。