Skip to content
Browse files

Rewrite (#187)

  • Loading branch information
mssun committed Dec 20, 2019
1 parent 708831d commit ea05488c93874ea37544708871fac10006871290
Showing with 70 additions and 89 deletions.
  1. +70 −89
@@ -1,97 +1,78 @@
<p align="center"><img src="docs/images/logo.png" width=500/></p>

# A Framework for Universal Secure Computing

[![Build Status](](
[![Documentation Status](](
[![Codecov Status](](

## Highlights

* MesaTEE is the next-gen solution to enable general computing service for security-critical scenarios. It will allow even the most sensitive data to be securely processed to enable offshore businesses without leakage.

* The solution combines the advanced Hybrid Memory Safety (HMS) model and the power of the Trusted Computing technologies (e.g. TPM) as well as the Confidential Computing technologies (e.g. Intel® SGX).

## What Is MesaTEE?

The emerging technologies of big data analytics, machine learning, cloud/edge
computing, and blockchain are significantly boosting our productivity, but at
the same time they are bringing new confidentiality and integrity concerns. On
**public cloud** and **blockchain**, sensitive data like health and financial
records may be consumed at runtime by untrusted computing processes running on
compromised platforms; during **inhouse data exchange**, confidential
information may cross different clearance boundaries and possibly fall into the
wrong hands; also not to mention the privacy issue arises in **offshore data
supply chains**.

Although the consequences of data breaching have been extensively elaborated,
we should also note that proprietary computing algorithms themselves, such as
AI models, also need to be well protected. Once leaked, attackers can steal the
intellectual properties, or launch whitebox attacks and easily exploit the
weakness of the models.

Facing all these risky scenarios, we are in desperate need of a trusted and
secure mechanism, enabling us to protect both private data and proprietary
computing models during a migratable execution in potentially unsafe
environments, yet preserving functionalities, performance, compatibility, and
flexibility. MesaTEE is targeting to be, as we call it, the full “Universal
Secure Computing” stack, so it can help users resolve these runtime security

<p align="center"><img src="docs/images/overview.png" width="600"/></p>
<p align="center"><i>Figure 1: MesaTEE stack redefines future AI and big data analytics by
providing a trusted and secure offshore computing environment. The
confidentiality and integrity of both data and code can be well protected even
if clients and service/platform providers do not trust each other.</i></p>

As illustrated in the Figure 1, the confidentiality and privacy of data and
models can be well protected with MesaTEE, even if data and model originate
from different parties with no mutual trust. Moreover, the computing platform
itself is not necessarily trusted either. The Trusted Computing Base (TCB) can
thus be largely reduced to MesaTEE framework alone.

More details can be found in the following documents:
* [Threat Model](docs/
* [Design](docs/
* [Hybrid Memory Safety and Non-bypassable Security](docs/
* [Case Studies](docs/

## Getting Started

* [How to Build](docs/
* [How to Run](docs/
* [FAQs in Build and Run](docs/
* [Application Examples](examples/
* [How to Add A Function](docs/
* [How to Test](tests)
* [Repository Structure](docs/
* [Dependencies Vendoring](third_party/
* [Blogs about MesaTEE](
# Teaclave: A Universal Secure Computing Platform

Apache Teaclave (incubating) is an open source ***universal secure computing***

Teaclave adopts multiple security technologies to enable secure computing, in
particular, Teaclave uses Intel SGX to serve the most security-sensitive tasks
with *hardware-based isolation*, *memory encryption* and *attestation*.
Also, Teaclave is built in the Rust programming language to prevent
*memory-safety* issues.

Teaclave is provided as a *function-as-a-service platform* for secure computing.
With many useful built-in functions, it supports tasks such as machine learning,
private set intersection (PSI), crypto computation, etc. Developers can easily
deploy a Python script in the Teaclave's trusted execution environment. More
importantly, unlike traditional FaaS, Teaclave supports both general secure
computing tasks and *flexible multi-party secure computation*.

Teaclave builds its components in containers, therefore, it supports deployment
both locally and within cloud infrastructures. Teaclave also provides client
SDKs and a command line tool.

Teaclave is originated from Baidu X-Lab (formerly named MesaTEE).

## Quick Start

## Contributing

The open-source version of MesaTEE is a prototype. The code is constantly
evolving and designed to demonstrate types of functionality.
Download and build Teaclave services, examples, SDK, and command line tool.

We still have lots of working-in-progress tasks. We are very happy if you are
interested to submit pull requests. Please refer to
[Issues]( to help out
or report new bugs/suggestions.
git clone
docker run --rm -v$(pwd)/incubator-teaclave:/teaclave -w /teaclave -it teaclave/teaclave-build-ubuntu-1804:latest
mkdir -p build && cd build
cmake -DTEST_MODE=ON .. && make

Please adhere to the [Rust Development Guideline](docs/ and remember to ``make format`` before submitting PRs.
Start all Teaclave services with
[Docker Compose]( and detach into background.
sure [SGX driver and PSW package](
are properly installed and you have got the
[SPID and key](
to connect Intel Attestation Service.

export IAS_SPID=xxx
export IAS_KEY=xxx
(cd docker && docker-compose -f docker-compose-ubuntu-1804.yml up --build --detach)

Try the "quickstart" example.

./release/examples/quickstart echo -e release/examples/enclave_info.toml -m "Hello, World!"

Shutdown all Teaclave services.

(cd docker && docker-compose -f docker-compose-ubuntu-1804.yml down)

## Contributing

## Sibling Projects
Teaclave is open source in [The Apache Way](,
we aim to create a project that is maintained and owned by the community. All
kinds of contributions are welcome.

* Rust SGX SDK:
* MesaLock Linux:
* MesaLink:
* MesaPy:

## Contact
## Community

We encourage you to discuss open source related matters in [Issues]( For other questions, you may reach out to MesaTEE mailing list: []( or each [maintainer]( individually.
Please subscribe our mailing list
for development related activities. To subscribe, send an email to

0 comments on commit ea05488

Please sign in to comment.
You can’t perform that action at this time.