Graphene is an open-source project, providing a general-purpose implementation of POSIX and the Linux APIs for use in a lightweight, virtualized environment.
We have been working hard to launch the Graphene Workgroup and we are looking forward to building this great technology. It has incredible potential, but enough with the platitudes. Our commitment is both with technology and users of all platforms. We would like to explain what we do in a way that everyone interested in the subjects of security, confidentiality and data integrity for applications will be able to understand how Graphene works and how it can benefit our technological landscape.
First of all: what are TEEs and SGX?
If you have read our Graphene announcement post, you can skip this paragraph.
Trusted Execution Environments are isolated hardware spaces, or environments, in the SGX infrastructure called “enclaves”, where code can run protected from the host. The data remains confidential and preserves its integrity, even if the enclave is located in a compromised machine.
Regular security containers protect the host from the application inside a container, but don’t protect what’s inside the container from the host.
Out of the existing TEEs, SGX (Software Guard Extensions) is the most mature. The technology was developed by Intel. Recently Golem, ITL and the researchers Chia-Che Tsai and Don Porter have joined forces with Intel to allow a wide usage of SGX. This is also useful to the decentralized ecosystem, check this previous post to find out why.
Where do Graphene and SGX meet?
Graphene’s core feature is the ability to run applications in SGX enclaves in an almost seamless manner, so:
- Remote users benefit from SGX’s ability to provide integrity and confidentiality.
- High-level solution providers and users can benefit from improved security, data integrity, and confidentiality when SGX is employed.
Why is Graphene needed?
Application binaries/executables/libraries designed for a particular OS cannot easily run in a different one (eg. applications for Windows, generally, don’t natively run on Linux). Graphene bridges the gap, porting computational software across different Operating Systems. Graphene, combined with SGX, provides a way to securely run code on remote nodes without the need to trust the host.
How is this achieved? Nowadays, to run arbitrary application binaries/executables/libraries in an SGX enclave, they have to be both redesigned and recompiled. With Graphene this is not necessary, as the technology enables running an unmodified application binary inside an enclave. This significantly improves the application’s security, data integrity and confidentiality.
Graphene performs cryptographic and semantic checks in the untrusted host interface, essential for security. Developers configure the application environment and isolation policies, and Graphene does the rest, as we have proven in Golem’s Docker-Graphene demo (see below) - most arbitrary binaries can be run this way, without application-specific tweaks. Running an application is as simple as deriving a Docker image from the provided Graphene base image and running it
How does Graphene benefit the Golem software?
The way Golem allows for performing computations with external hardware fits many user profiles and use cases. However, for some companies, projects, and individuals data is an extremely valuable asset. These users are not willing to process or persist their data in clouds, external data centers or networks like Golem, because of the threat to their data integrity.
Graphene and SGX address these security requirements and bring Golem up to the standards these users require.
We have been developing the integration of Golem and Graphene for over a year now. Through this integration, a task created by a requestor is computed by an application, run in Graphene, directly on provider’s SGX enclave.
As SGX enclaves protect computations, providers cannot read them or modify them. Graphene ensures confidentiality and integrity of the input and output data that is sent between a requestor and a target SGX enclave. Thus the provider, or anyone on the way between the requestor and SGX enclave, cannot read it or modify it without being detected. Moreover, thanks to the Graphene and enclave quotes, a requestor can get proof that their tasks are computed with real SGX hardware.
Summing it up: Golem combined with Graphene can provide secure and convenient computational services that satisfy the highest requirements of the users that are operating with sensitive and valuable data.
Watch our demo for more comprehensive details.
How can Graphene benefit other applications?
Graphene can be adopted by a broad variety of use cases in a diverse technological landscape.
Golem believes that Graphene can play a key role in the decentralized ecosystem, where data integrity, confidentiality, and security are cornerstones to the robust development of infrastructure and applications. Driving Graphene and ensuring its usability is part of Golem's commitment to the ecosystem.
The primary goal of the project is compatibility with a wide range of applications on a wide range of platforms. Graphene has been used for research and is being implemented for commercial purposes.
Graphene supports a variety of Linux and POSIX APIs, including fork, exec, inter-process communication and language runtimes, including Python and Java. Graphene runs dynamically loaded executables and libraries without any need for modification or recompilation. Graphene is lightweight: all its binaries are only 1 MB, or ~50 KLOC.
Despite the richness of the Graphene-supported APIs, the host-level requirements are simple to implement on new systems and easy to reason about the security isolation.
We hope you enjoyed our high-level guide to Graphene. We would be delighted to hear your feedback, questions or advice on how we can build a good knowledge base for Graphene.
Stay tuned, in the next few days we will publish the first part of the new Graphene blogpost series: more deep-dives, progress reports, and information await our readers!