MesaTEE Open-Source Released: A Framework for Universal Secure Computing

After Rust SGX SDK, MesaLock Linux, MesaLink, MesaPy and other sub-projects have been open sourced, the highly anticipated secure computing platform MesaTEE is released at https://github.com/mesalock-linux/mesatee, and the open source license is Apache 2.0.

MesaTEE is the first universal secure computing (USC) platform. It provides the next generation USC capabilities for scenarios with high demand for security and privacy, enabling sensitive data to be circulated and processed under security control, even in off-site and offshore environments, without being compromised or misused. This is especially critical today with so much attention on privacy concerns, and it makes many big data business usages possible. At the same time, due to the weakly-centralized architecture of USC/MesaTEE, it complements the blockchain perfectly, offering the high-performance in privacy data processing capability the blockchain urgently needs.

MesaTEE adopts three core technologies, including Hybrid Memory Safety and Non-bypassable Security Paradigm, Confidential Computing Technology(e.g. Intel SGX), and Trusted Computing Technology(e.g. TPM). It builds a complete FaaS general-purpose computing framework that provides rigorous and practical protection for privacy and security. Compared with traditional cryptography-based multi-party secure computing or fully homomorphic encryption technology, USC/MesaTEE is showing the performance at 100+ times faster, and its programming style is consistent with traditional programming, which is suitable for ordinary programmers to quickly get started. Subsequent versions will also support security languages ​​such as MesaPy (Memory Safe Python) to further reduce development barriers.

Background

The emerging technologies of big data analytics, machine learning, cloud/edge computing, and blockchain are leading significant progress in our society, but they are also bringing new confidentiality and security issues. On public cloud and blockchain, sensitive data like health and financial records may be exploited at runtime by untrusted computing processes running on compromised platforms; during inhouse data exchange, confidential information may cross different clearance boundaries and possibly fall into the wrong hands; also not to mention the privacy issue arises in offshore data supply chains.

Other than data privacy, the proprietary models/algorithms themselves also need to be well protected. Once leaked, attackers can steal the intellectual properties, or launch whitebox attacks and easily exploit the weakness of the models.

Facing all these risky scenarios, we are in desperate need of a trusted and secure mechanism, enabling us to protect both private data and proprietary computing models during a migratable execution in potentially unsafe environments, yet preserving functionalities, performance, compatibility, and flexibility. MesaTEE is targeting to be, as we call it, the full “Universal Secure Computing” stack, so it can help big data and AI industry resolve the runtime risks with data privacy and security.

As illustrated in the figure above, MesaTEE provides a solution for the trusted and secure execution environment that redefines the big data business model. Even if data and model originate from different parties with no mutual trust, confidentiality and integrity can still be effectively protected. Moreover, it significantly reduces the Trusted Computing Base (TCB) and makes the whole stack easily auditable and verifiable.

Technical Features

Memory Safe

The name “MesaTEE” originates from Memory Safe Trusted Execution Environment. Although hardware Trusted Execution Environments (TEEs) have already provided solid foundation for secure computing (e.g. Intel SGX), they do not guarantee the memory safety. TEEs are still vulnerable to issues such as use after free, double free, and buffer overflow etc. Using formal verification to prove memory safety turns out to be very costly in time and effort. A good example is the seL4 verification, which takes at least 8 person years. And any minor modification resets the verification work back to zero. Obviously it is not acceptable for any practical software development requiring changes back-and-forth.

Therefore, rewriting everything using memory safe languange such as Rust is the optimal choice. It intrinsically guarantees memory and thread safety during compilation, and saves the huge amount of efforts with formal verification. At the same time, the performance is not sacrificed (Rust program is almost equivalent to C/C++ program in performance).

However, rewriting everything in Rust is not an easy task. Sometimes the memory safe components written in Rust have to coexist with unsafe components in C/C++. For that we created Hybrid Memory Safety and the following rule-of-thumbs:

1. Unsafe components should be appropriately isolated and modularized, and the size should be small (or minimized)

2. Unsafe components should not weaken the safe ones, especially public APIs and data structures

3. Unsafe components should be clearly identified and easily upgraded

Non-bypassable Security

Once the memory safety guaranteed, control flow and data flow integrities can be protected. On top of it, MesaTEE further adopts the Non-bypassable Security Paradigm. This ensures that all control/data flows must pass the critical security checkpoints. It significantly reduces the difficulty of audit and access control, minimizes the exposure to attacks, and regulates the deployment of access control policy. It also makes security formal verification more feasible.

Encryption Isolation and Remote Attestation

Traditional cloud computing and blockchain cannot guarantee the integrity and confidentiality of data and codes, which has become the obstacle for users to adopt them. MesaTEE offers a superb solution to this. Using TEE with Intel SGX, it securely isolates and encrypts cloud users’ data and code execution. Even when the operating system, virtual machine manager (VMM/hypervisor), or other adjacent virtual machines are compromised, the integrity and confidentiality of these data/codes can still be protected. Users can also remotely verify the execution environment to ensure the codes executed is as expected. It is worth noting that MesaTEE directly integrates remote attestation into end-to-end encrypted communication, ensuring that the transmission destination is the desired environment while establishing the encrypted channel. Combined with the memory safe and non-bypassable security, MesaTEE minimizes the possibility of attacker penetration to the limit from both outside and inside, from hardware to software, and ensures that once the data is released, regardless of transmission, remote computing, remote storage, it always gets verifiable isolation and encryption protection.

Flexible and Configurable Security Levels

MesaTEE is compatible with a wide range of TEE platforms, including TPM, Intel SGX/MKTME, AMD SEV/SME, ARM TrustZone, Risc-V Key-stone and FPGA etc. It provides different levels of security based on different hardware environments and different needs. Specifically MesaTEE supports 5 security levels:

1. Unprotected — the legacy mode without trust and security
2. SoftTEE — trust is established purely based on software (SoftTrust), the environment is measured by collecting system metrics, keys are protected via whitebox encryption, anti-debugging methods are deployed, and critical components are obfuscated to defend against reverse engineering. Optionally, security can be further enhanced by incorporating MesaLock Linux (Linux distribution with user space core utils written in memory safe languages) and Non-bypassable Gateway (NBGW).
3. MesaTEE TPM — the Trusted Platform Module (TPM) chip is added to enforce secure boot and measure the system boot chain all the way up to the application logic. However TPM measurement can assure only static trustworthy; users can add MesaLock Linux and NBGW to enhance dynamic security. Meanwhile, for multi-tenants situation, payloads can be further isolated with the help of a light-weighted secure hypervisor (e.g. Kata Containers).
4. MesaTEE SEV/MKTME — the upper layers are the same with the TPM mode except that the physical memory is encrypted automatically by CPU features like AMD SEV or Intel MKTME. This withstands cold boot attack and most software-based attacks.
5. MesaTEE SGX — the ultimate protection, utilizing Remote Attestation and Secure Enclave to isolate and encrypt secrets automatically. MesaTEE SGX adds TPM and MesaLock Linux to ensure that the exterior operating system is also trusted and secure, defends against side channel attack on enclave technology.

Versatile Features and Excellent Performance

MesaTEE does not drop functionality or performance while providing ultimate security. It provides a unified “Function as a Service” (FaaS) abstract API for various TEE platforms. Developers can easily develop a portable TEE program. On top of this, MesaTEE also encapsulates a WebAssembly/Python abstraction layer, to further reduce development requisites and costs, while increasing coding flexibility. Not only that, MesaTEE also presets most common computing modules for encryption and decryption, certificate management, privacy protection set operations, linear regression, GBDT, deep learning and other big data/machine learning applications. User only needs to call the direct interfaces.

The performance of MesaTEE is also superb. For example (the following performance data is collected from Intel NUC8I7HVK Mini PC, the test takes place in MesaTEE’s highest security level Intel SGX mode, data and computing are always isolated and encrypted):

• The extra turn-around overhead over TCP is reduced to the extreme, only 3ms. This includes operations such as key exchange, data encryption and decryption, remote attestation, and load balancing allocation for encrypted channels.
• Can perform 10,000 RSA signatures per second, or 5 million AES encryption and decryption. In comparison, certain traditional HSM can only achieve 1200 RSA signatures per second, or 2000 AES encryption and decryption.
• Test GBDT predictions on 100,000 pieces of data. MesaTEE SGX is up to 4 times faster than single-threaded XGBoost.
• Running the ResNet 50 neural network model adds only 20% of the time overhead compared to the one without MesaTEE SGX protection.

Use Cases

Blockchain and Cloud Service

In addition to providing solo secure computing services, MesaTEE is also well suited for providing general purpose secure computing applications in blockchain and cloud computing scenarios. As shown in the figure, under MesaTEE protection, we can build blockchains across different network environments to securely utilize various computing resources. Regardless of when data/code flows in, whenever data/code is processed, data/code owners can always ensure confidentiality and integrity protection regardless of the underlying platform. As a result, the pain points of blockchain and cloud users concerning data privacy and integrity are all properly addressed.

Secure Multi-party Computation

In cross-department or cross-company data collaboration scenarios, mutual data privacy is a key prerequisite for collaboration, and secure multiparty computing (SMC) is becoming increasingly important. Traditional cryptography-based SMCs have many limitations, and secure multiparty computing using MesaTEE provides the best solution:

1. Once the cryptography-based SMC starts running, the computational members and algorithms have been determined, it is difficult to dynamically change and modify, and there is no flexibility; MesaTEE performs trusted and secure computation on plaintext directly in a protected environment, so this restriction does not apply.
2. The cryptography-based SMC scenario requires each participant to have mutual trust and data interaction, resulting in large delay and throughput overhead. MesaTEE replaces multi-party mutual trust with trusted nodes, and computing participants only need to exchange data with the central trusted node. It eliminates unnecessary communication and greatly improves efficiency and performance.

How efficient is MesaTEE in multi-party computing? The above figure takes the private set intersection (PSI) as an example. The horizontal axis is the size of the intersection set, and the vertical axis is the time required for the computation. Some cutting-edge cryptography schemes have quickly timed out. Even for those do not time out, their performance is only half or one third of MesaTEE. In fact, the more participants, the larger the data set to be analyzed, MesaTEE will show a greater advantage than the traditional methods, and can solve the complex computation that cryptography SMC is not capable of.

Secure Key Vault and HSM

MesaTEE natively provides high security level key protection and encryption/decryption operations, similar to traditional Key Vault and HSM functions, to securely store and control access to keys/certificates. As mentioned earlier, MesaTEE can achieve 10,000 RSA signatures per second or 5 million AES encryption and decryption even in SGX, far better than some traditional HSM (1200 RSA signatures per second, or 2000 AES encryption and decryption).

Secure AI Computing

MesaTEE supports GBDT, linear regression, and neural networks in all security levels, including Level 5 Intel SGX. In particular, CNN/RNN models generated by mainstream AI frameworks (such as Tensorflow, Caffe, etc.) can be easily converted and loaded into MesaTEE to protect models and data from malicious attacks, and MesaTEE supports both model interfence and training.

Performance is critical for AI applications, so MesaTEE have gone through a number of optimizations to improve the efficiency. The above graph on the right shows the time consumption of running ResNet 50 in MesaTEE’s highest security level (Intel SGX) compared to normal environment— only a 20% increase in overhead. With this limited overhead, no other security solution can provide the same level of confidentiality and integrity protection as MesaTEE.

Build A Powerful and Open Ecosystem

Baidu’s chief security scientist Dr. Tao Wei, when jointly announced MesaTEE with Intel vice president Lorie Wigle in 2018, has said: “Intel SGX is one of the most important hardware technology architecture changes in the field of system security since the advent of general-purpose computers. It dramatically shortens the trust chain of computing and makes trusted dependencies more simplified, reliable, and secure. The Hybrid Memory Safety model has revolutionized memory safety for systems at the software architecture level. MesaTEE combines the power of the HMS model and Intel SGX to provide a breakthrough solution to expand the trust boundary of the Internet. Together, MesaTEE provides the foundation for incubating next-generation blockchains, privacy-enhanced cloud computing, and other new Internet services.”

MesaTEE aims to promote the development of universal secure computing ecosystem through open source and openness, provide basic support for trust protection for the productivity revolution brought by big data and AI, completely solve the data exchange or multi-party computing between departments/companies, enable privacy-crucial services such as financial and medical care using blockchain/cloud services, and convoy businesses that are closely related to life and safety such as autonomous driving. MesaTEE has been working closely with mainstream cloud computing/blockchain/chip vendors and universities/research institutions to promote hardware TEE, software memory safety, and versatile computing services to create an internationally protected and flexible secure computing framework. MesaTEE’s open-source release will greatly accelerate the development of the next generation of big data business applications, and it is also of great importance to promote AI ​​in all business areas.