Baidu, Inc. today announced the launch of MesaTEE, a memory safe Function as a Service (FaaS) computing framework – the most recent innovation based on Intel® SGX. This solution enables security sensitive services like banking, autonomous driving and healthcare to more securely process their data on critical platforms, such as public cloud and blockchain.
“MesaTEE combines the power of the Baidu HMS model and Intel® SGX to provide a breakthrough solution to expand the trust boundary of the Internet,” said Tao Wei, chief security scientist at Baidu. “The Baidu HMS model has revolutionized memory safety for systems at the software architecture level. Intel® SGX, meanwhile, dramatically shortens the trust chain of computing and makes trusted dependencies more simplified, reliable, and secure. Together, MesaTEE provides the foundation for incubating next-generation blockchains, privacy-enhanced cloud computing, and other new Internet services.”
As more industries embrace cloud services, there is a growing need for security measurements. However, current FaaS solutions cannot ensure the integrity and confidentiality of code and data in the cloud. MesaTEE is a complete solution that enables this level of security for critical services. MesaTEE leverages the hardware assisted Trusted Execution Environment (TEE) provided by Intel® SGX to reduce privacy risks to users’ operations and data in the cloud. In addition to this, the software allows users to remotely attest and measure the environment, ensuring that the remote execution is exactly what they expect. More importantly, MesaTEE is equipped with HMS and Non-bypassable Security, making it able to withstand most exploits.
MesaTEE provides unique advantages to users including allowing them to establish trusted and encrypted end-to-end channels between clients and cloud, or across cloud instances. Additionally, it supports WASM/Python executions in SGX TEE, significantly increasing the system’s flexibility and compatibility. MesaTEE is fully compatible with existing FaaS models, where users only need to supply Rust/WASM/Python functions that handle events and data they operate on.