This is an automated email from the ASF dual-hosted git repository. mssun pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
commit e1ad6b65cb27110774b572cda537fa503f7eb655 Author: Mingshen Sun <[email protected]> AuthorDate: Wed Apr 22 17:12:53 2020 -0700 [docs] Add threat model --- README.md | 5 +++++ docs/threat_model.md | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/README.md b/README.md index 8536cee..bf168d0 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,11 @@ platform, making computation on privacy-sensitive data safe and simple. - [My First Function](docs/my-first-function.md) +### Design + +- [Threat Model](docs/threat_model.md) +- [Mutual Attestation: Why and How](docs/mutual-attestation.md) + ## Contributing Teaclave is open source in [The Apache Way](https://www.apache.org/theapacheway/), diff --git a/docs/threat_model.md b/docs/threat_model.md new file mode 100644 index 0000000..2d0e170 --- /dev/null +++ b/docs/threat_model.md @@ -0,0 +1,41 @@ +# Threat Model + +With its strongest security setting applied, Teaclave guarantees data +confidentiality even if all parties along the computation path, privileged or +not, are untrusted. This includes: + +- Internet service provider +- Cloud provider +- Function provider +- Other data providers + +Consider the following scenario. A small business needs to employ image +classification techniques in its daily production. However, the business does +not have the capabilities to train a high-quality machine learning model, nor +does it have the hardware resources to host the machine learning +infrastructures. Under such circumstances, the only solution is to subscribe to +some cloud computing service and run the needed image classification tasks +remotely. However, this solution requires the small business to upload its +private data to the cloud, which may deeply concerns the business owner and +hinders the deployment of such techniques. + +With Teaclave, privacy concerns above are no more. The small business can +subscribe to the cloud service from company A, rent the machine learning model +from company B, and use the deep learning inference engine provided by company +C. None of these parties need to trust another, yet the computation can commence +with everyone's privacy respected. + +In the settings above, the root of trust converges to Intel and its SGX-enabled +CPU chips. Before the computation starts, Teaclave is booted as a secure SGX +enclave on one of these CPUs owned by the cloud service provider. After that, +each party can **remotely** attest the authenticity of the hardware and the +integrity of Teaclave platform. Private data are securely provisioned to the +Teaclave enclave only if the attestation passes. After the provision, no +privileged software is able to access the memory content owned by the enclave +from outside. + +The remote attestation functionality implemented by Teaclave is augmented from +the method described by an Intel [white paper](https://arxiv.org/abs/1801.05863). +The complicated structure of Teaclave requires additional work for remote +attestation, which is explained in details via a separate +[documentation](mutual_attestation.md). --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
