We are getting closer and closer to Graphene’s v1 release - and our community is very eager to discover what this fantastic team has been up to in the months after we decided to “unfork” and start collaborating, Golem, Intel, ITL, and the original researchers, Chia-Che and Don.
We have already introduced Chia-Che Tsai, who told us how vital was Mona’s role in kickstarting a more formalized workflow that paved the way for the growth of Graphene. From Chia-Che’s thesis to a full-blown project, Graphene has undoubtedly defied expectations.
I got in touch with Mona, and asked her a few questions to understand her background, her interests and where Intel Labs stands in the working group -
(This interview has been edited and condensed)
MP: Can you tell me a little bit about your background?
Mona: I graduated with a Masters in Computer Science from the University of Delhi and then I moved to Portland, Oregon. In 95’ I joined a company called Sequent Computer Systems. I joined Intel back in '97 as a security and privacy researcher, and I've just remained in the same team through all these years. A lot of the work I've done is in systems and security and virtualization space. I've worked on several virtual machine monitors like KVM, Xen in the early days and worked on secure microkernels like L4.
I've pretty much been a researcher through my career, and now I lead a small team of seven researchers that focus on cloud security solutions.
The story starts somewhat around 2013. I was doing more of operating systems type research work when I moved back to the Intel® Software Guard Extensions (Intel® SGX) team and started looking at how to extend Intel SGX for servers. During the time, Intel SGX was just released, in 2014. Around that time, Microsoft had published this paper called ‘Haven which is a library OS based on Drawbridge’ for running unmodified windows applications on SGX, and I thought "Oh, we should do this for Linux as well." Mainly to have an open-source research vehicle for our experiments. Then I came across Graphene, and the timing was perfect. I met Don Porter and his then-student Chia-Che at OSDI back in 2014 who were working on Graphene, and said: "Oh, why don't we do a port for Intel SGX."
We were able to convince Chia-Che to come for an internship in my team in 2015. Chia-Che was the right person for the job because I'm pretty sure if we had someone else, building this Library OS would have taken much longer. He had the first minimal version running in like two weeks. That was an exciting start. At that point, I was also working with a lot of academics to get them Intel SGX SDK access because it wasn't open-source back then. Stony Brook was one of the universities. Chia-Che had a version running, but we didn't have anyone at Intel working on it. I worked on getting the source code released back to the university, and from there, actually, Chia-Che picked it up and open-sourced a year later.
MP: The audience in the decentralized ecosystem does not necessarily know how active Intel is in the open-source field. It was interesting to find out about this once we (Golem) started working with you (Intel). Can you tell me more about the Open Source and Research part of Intel?
Mona: Intel has a pretty big open-source community. We call it the Open Source Technology Center and they have over 14000 software developers, working on some open-source projects like OpenStack, Kata Containers etc. Moreover, we also have some of the key Linux contributors working as Intel employees. In our case, as researchers, the goal as an open-source project was to have a broad community interaction. In 2015, SGX technology was so new that there was not much interest from business groups, so the options were either to let the project die sitting on a shelf or give it back to the School (Stony Brook).
Nowadays, the Open-Source team is contributing to the Graphene project as well. It’s nice to have them be part of it because long-term as a research group, we can’t work on long-term project maintenance. And hopefully, the Open Source Technology Center will continue to work on it.
Intel Labs is a research organization with a mission to deliver innovations to fuel Intel’s technology leadership. We have research in several diverse areas like microprocessors, circuits, systems, wireless and security.
There are several different labs, and the lab I work in is specifically for security and privacy. Because security is so important, it has its lab, while in the past, security was typically buried under systems research. On this side, we are interested in really building this end-to-end secure system from small-form-factor IoT devices to the cloud and everything in between.
MP: In the decentralized community, we also have the problem of lack of maintainers. So I'm happy that you guys have it much better assembled than us.
Mona: Yes. But we have to work towards it. That's why I want a broader community built around Graphene. It's fascinating to have Golem join because otherwise, it was a few researchers, mainly Don and Chia-Che and my team. So getting both ITL, the Intel Open Source Technology Center, and Golem behind it has been instrumental in getting where we are today. In the last six months, the amount of work that has gone into Graphene is fantastic. And it's mainly because of the set of the people working on it.
MP: Where do you think that Graphene can be instrumental, for both blockchain and other industries?
Mona: Graphene enables large classes of workloads to run on SGX. And the reason I started looking at it very early on was also this, as we began to port workloads to Intel SGX. People wanted to run complex applications, and to port some of these applications is a non-trivial task.
For instance, we have an example of Snort intrusion detection, running inside Graphene. It's millions of lines of code. You really cannot partition millions of lines of code, and actually, it runs nicely on something like Graphene. Then there are machine learning usages that can benefit from SGX and Graphene
I think Graphene is going to be instrumental not just for decentralized computing but a large class of usages.
Also, Graphene development is going well. We are tracking too many tasks to the release, and I think we're following well. But it was a very aggressive schedule, so people are working long hours.
MP: Any hopes for Graphene’s future seen contributors are growing?
Mona: We already know a lot of people are using Graphene right now mainly as an exploration vehicle. The number of people asking questions about Graphene is increasing by the day. Some were able to run some unmodified Docker images, running some sample image recognition models on Graphene, in two and a half weeks (we had to help, but still!)
That's what we want to get Graphene to. Where people who are not familiar with either operating systems and virtual machines, or people who are new to this space can take their workload and run them and secure them. That's the ultimate goal I want to get to with. Graphene Docker integration is also significant. There's a lot of people who are very familiar with Docker images.
So we get asked the question "Oh, can I automatically run my Docker image in Intel SGX?", and we have a tool called GSC that lets you do that. In the long run, I see Graphene as a two-way sandbox. Graphene, when you wrap it with Intel SGX, it gives you these Intel SGX properties for Integrity and confidentiality. But if you also see on the other side, we have a smaller interface at the bottom with the host kernel. So, you also get a secure container effect where you are crossing the boundary between the container and the kernel at a minimal set of interfaces. I see the future for Graphene as may be complementary to something like Google is building with g-visor. But we are not only looking at a secure container, but we are also wrapping it with Intel SGX resulting in a nice two-way sandbox.
As mentioned, the Graphene v1 release is imminent - we are working hard in the final touches and the Graphene Working Group will be ready soon to show us the results. Stay tuned and watch this space- the wait is almost over!