Teaclave 让隐私安全计算更简单

如果无法正常显示,请先停止浏览器的去广告插件。
分享至:
1. Teaclave 让隐私安全计算更简单 https://teaclave.apache.org/ Mingshen Sun Baidu, Apache Teaclave (incubating) PPMC SACC 2021
2. 数据隐私 • 大数据分析、机器学习、云计算、边缘计算、区块链技术 • 公有云基础设施 • 模型/算法保护
3. 安全计算 金融数据 医疗健康数据 AI 模型 可信/安全的运行环境 大数据分析 平台提供商 (非可信环境) 密码数据 端 区块链应用 服务提供商
4. 安全计算 • 多方安全计算 (MPC) • 联邦学习算法 • 差分隐私 (DP) • 可信执行环境 (TEE) • • 硬件隔离、内存加密、远程认证 Intel SGX, ARM TrustZone, AMD SEV • 可信执行环境的云服务提供商: Microsoft Azure, Google Cloud, IBM Cloud 非可信/普通世界 可信/安全世界 App Enclave
5. 隐私安全计算现状与趋势 • 隐私安全计算技术:打破数据壁垒,解决数据孤岛 • 现状:技术栈复杂,各家公司加速布局,抢占技术基础和市场 先机 • 趋势:降低⻔槛,平台化
6. 易用的隐私安全计算平台 Services Services 管理服务 敏感数据 Clients Clients 用户 Execution Execution Service 计算单元 Service Services Services 存储服务 业务逻辑 隐私安全计算平台 • We need a framework or platform that allow the programmer to concentrate on the business logic and automates more protection of their code and data without worrying about technical details of di erent TEE implementations. SysTex 2019, Scaling Towards Con dential Computing, Simon Johnson 6
7. Teaclave • Teaclave 是全球首个通用安全计算平台,为隐私数据计算赋能,让安全计 算更简单。 • Teaclave 基于硬件安全能力(Intel SGX),确保敏感数据在可信域外和离 岸场景下安全可控的流通和处理,无需担心隐私数据泄露和滥用。同时, Teaclave 还支持多方参与的联合计算,打破企业和组织中的数据孤岛。 • 原由百度主导研发,于2019年7月开源并进入 Apache 软件基金会孵化 器。 • • • 开源模式:The Apache Way 主⻚: https://teaclave.apache.org/ 项目代码库 • • • https://github.com/apache/incubator-teaclave https://github.com/apache/incubator-teaclave-sgx-sdk https://github.com/apache/incubator-teaclave-trustzone-sdk 7
8. 四大亮点 • 功能性 • • function-as-a-service interfaces built-in functions and Python executors • 安全性 • • Intel SGX: hardware-based isolation, memory encryption and attestation Rust: fast, memory-safe, system programming language • 易用性 • • deployment on the cloud infrastructure API, SDK, CLI, SGX tool, etc • 灵活性 • attestation, RPC, functions, binder 8
9. 编程语言 • 内存安全 • 执行效率 Strong type system for memory safety Static compiled and small runtime Ready for cloud computing Community
10. 函数及服务接口/工作流 • FaaS 接口 • • • function: 业务逻辑 data: 隐私数据 participants: 安全计算任务的参与方 • 安全计算任务工作流 1. 向平台注册敏感数据 2. 注册函数,参数,输入输出数据格式等 3. 创建、审计任务 4. 执行任务得到结果 Clients Clients 用户客户端 Teaclave 平台 10
11. Teaclave 服务设计 Authentication Service Frontend Service Storage Service Management Service Scheduler Service Execution Execution Execution Service Service Service Access Control Service api endpoint connections internal endpoint connections 11
12. TEE Domain 前端服务 核心服务 Authentication Service Frontend Service Workers Storage Service Management Service Scheduler Service Execution Execution Execution Service Service Service Access Control Service api endpoint connections internal endpoint connections Teaclave 服务设计 12
13. service TeaclaveStorage rpc Ge Clients authenticate their id/ The frontend service will rpc Pu credential to get a session key. authenticate all client requests. rpc Delet This session key will be used later rpc Enqueu rpc Dequeu to service communicate with the frontend TeaclaveAuthenticationApi Persist } functions, data, task rpc UserRegiste service.
14. Clients authenticate their id/ credential to get a session key. This session key will be used later to communicate with the frontend service. The frontend service will authenticate all client requests. Persist functions, data, task into database. Authentication Service Subscribe/Pull tasks, then execute functions. Update status and execution results. Storage Service Frontend Service Management Service Redirect valid requests to the management service. Client then registers data and function if needed, and assign, approve, invoke task. Clients can also get information of functions, task, etc. Fetch task ready for execution from database. Execution Execution Execution Service Service Service Scheduler Service Access Control Service Get Authorization of data/ function usages, task invocation, etc. api endpoint connections internal endpoint connections 服务接口 14
15. RPC service impl /services /rpc service protocol def /services/proto function impl /worker attestation /attestation, /rpc, /dcap Authentication Service Frontend Service • • • • • • • • • • • others /type /test /example /sd /file_agen /commo /util /docke /cl /crypt /tool • • • • build/runtime con guration /config Storage Service Management Service Scheduler Service Execution Execution Execution Service Service Service Access Control Service mics /third_part /license /doc /keys api endpoint connections internal endpoint connections 代码库介绍 15 app/enclave communication /binder
16. 快速入⻔文档 • 尝试使用 • • • My First Function Write Functions in Python How to Add Built-in Functions • 系统设计 • • • • • Threat Model Mutual Attestation: Why and How Access Control Build System Teaclave Service Internals • 贡献项目 • • Rust Development Guideline Development Tips • 代码库介绍 在线文档: https://teaclave.apache.org/docs/ 16
17. Teaclave 社区 平台用户 商业产品 服务模块用户 TEE Library 用户 Teaclave 社区 学术研究 开源项目 SGX/TrustZone SDK 用户 17
18. 由 Teaclave 驱动的项目一览 https://teaclave.apache.org/community/ 18
19. 案例分析 - SafeTrace: COVID-19 Self- reporting with Privacy • Enigma 开发 • a privacy-preserving data sharing and analytics platform 由 Teaclave SGX SDK 驱动
20. 谢谢! • 订阅邮件列表: https://lists.apache.org/list.html? dev@teaclave.apache.org • 访问我们的官网: https://teaclave.apache.org/ • Teaclave Twitter 账号: @ApacheTeaclave • 代码库: https://github.com/apache/incubator-teaclave • 贡献者: https://teaclave.apache.org/contributors/ • 欢迎大家使用,贡献代码! We just announced Teaclave TrustZone SDK. Please check out at https://teaclave.apache.org/download/ 20

Home - Wiki
Copyright © 2011-2024 iteam. Current version is 2.139.0. UTC+08:00, 2024-12-26 13:39
浙ICP备14020137号-1 $Map of visitor$