+1 for putting in `incubator-mesatee` in current stage. Best, Zhaofeng
On Wed, Dec 4, 2019 at 1:51 PM Mingshen Sun <[email protected]> wrote: > Although this tool is not design for MesaTEE specifically, I still > think it's better put in the `incubator-mesatee` main repo initially. > If more people want to use it separately later, we can make it as a > separate tool. This will simplify the maintenance efforts of the > project for now. > > > On Wed, Dec 4, 2019 at 12:08 PM Wang Pei <[email protected]> wrote: > > > > One of the features MesaTEE (now renamed as Teaclave) promised when it > was > > initially open-sourced is the so-called "Non-bypassable gateway." > > Basically, we would like to show that all interactions between the TEE > and > > the untrusted outside world are properly sanitized in our implementation. > > > > As a first step towards this goal, I have implemented a tool that can > > extract the dependency graph of the crates built by Cargo. It's > > instrumentation to rustc that analyzes the Rust IR and stores information > > with an embedded DB such that it can gather information collected by > > multiple rustc invocations. > > > > The tool provides three custom attributes: require_audit, audited, and > > entry_point. These attributes can annotate any item-like entities in Rust > > code, including ADT, functions, traits, and impl blocks. Starting from > each > > entry_point, the tool traverses the dependency graph with DFS and emits a > > warning whenever it encounters an item marked by require_audit unless > > another item marked by audited presents along the traversal path. > > > > The attributes have no effects on code generation and can be safely > ignored > > by anyone that does not care about code auditing. > > > > About how to publish the tool, there are two options. It can be part of > > mesatee-sgx, the fundamental dependency of the mesatee project. Or it can > > be released as a standalone tool. In theory, it can be used to audit > other > > Rust projects, but I wonder how attractive that would be. Either way, we > > have to annotate a lot of code in mesatee-sgx and mesatee to make the > tool > > acutally useful. > > > > Let me know your thoughts. > > > > Pei > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
