Feature Highlights

Trusted Execution

Powered by Intel SGX, integrity and confidentiality are guaranteed for data and operations in the cloud

Remote Attestable Security

Users are allowed to remotely attest and measure the environment, ensuring that the remote execution is exactly what they expect

Hybrid Memory Safety

Eliminating memory vulnerabilities like buffer overflows, use-after-free, etc.

Non-bypassable Security

Formal verification upon program control flow, ensuring that critical checkpoints are non-bypassble

Function as a Service (FaaS)

Supporting WASM/Python based FaaS executions in SGX TEE, significantly increasing the system’s flexibility and compatibility

End-to-end Encryption

Mutual authentication allowing users to establish trusted and encrypted end-to-end channels between clients and cloud, or across cloud instances

What Is MesaTEE?

The emerging technologies of big data analytics, machine learning, cloud/edge computing, and blockchain are significantly boosting our productivity, but at the same time they are bringing new confidentiality and integrity concerns. On public cloud and blockchain, sensitive data like health and financial records may be consumed at runtime by untrusted computing processes running on compromised platforms; during inhouse data exchange, confidential information may cross different clearance boundaries and possibly fall into the wrong hands; also not to mention the privacy issue arises in offshore data supply chains.

Although the consequences of data breaching have been extensively elaborated, we should also note that proprietary computing algorithms themselves, such as AI models, also need to be well protected. Once leaked, attackers can steal the intellectual properties, or launch whitebox attacks and easily exploit the weakness of the models.

Facing all these risky scenarios, we are in desperate need of a trusted and secure mechanism, enabling us to protect both private data and proprietary computing models during a migratable execution in potentially unsafe environments, yet preserving functionalities, performance, compatibility, and flexibility. MesaTEE is targeting to be, as we call it, the full “Universal Secure Computing” stack, so it can help users resolve these runtime security risks.

Case Study: Privacy Preserving Computation

Existing solutions cannot ensure the integrity and confidentiality of code and data in the cloud. MesaTEE leverages the hardware assisted Trusted Execution Environment (TEE) provided by Intel® SGX to reduce privacy risks to users’ operations and data in the cloud. It also allows users to remotely attest and measure the environment, ensuring that the remote execution is exactly what they expect. More importantly, MesaTEE is equipped with Hybrid Memory Safety and Non-bypassable Security, making it able to withstand most exploits. MesaTEE enables security sensitive services like banking, autonomous driving and healthcare to securely process their data on public platforms like public cloud and blockchain.