Chia-Che Tsai is unequivocally, one of the founders of Project Graphene, which now has grown into a bigger endeavor which Golem is part of, together with Intel, ITL and Chia-Che’s partner Don Porter, who has been involved with the project since day 1.
Nowadays, the project has 26 contributors (and counting!) and is getting ready for the first stable release in July.
We interviewed Chia-Che as a part of our new series “Graphene Contributor Spotlight” featuring the people behind Graphene.
MP: First of all, what's your background and how did you get into the project? Also, how did you meet Don and how everything evolved?
CCT: Security has always been kind of the main topic for my practice, although I have been jumping between different security topics, I always stayed in the matter. I did my undergrad in Taiwan where I got my computer science Bachelor's degree and in the meantime, started doing some security research. Later, I came to the U.S. to get my Master's degree at Columbia University, where I started doing operating systems research.
I started modifying Linux kernels, and doing some security, but also operating system-related topics research. I was doing research on where to do my Ph.D. and one of the places I was really interested in was Stony Brook University. Don (Porter) at the time was a professor and noticed my interest in doing system research, so he picked me.
At the time he had just finished working at Microsoft Research doing a project called Drawbridge, a library operating system designed for running Windows applications on anything. We thought it was a really good idea, but we needed to have a broader application. We wanted people to use it and also open-source it so they could start doing research on top of it. We decided to build the Linux version of that, so that is where Graphene started.
Later on, Mona (Vij) from the Cloud and Datacenter security team in Intel Labs, learned about Graphene and saw the potential of this OS to work with Intel Software Guard Extensions (Intel SGX). She contacted Don to find students for an internship. I was the first author on the Graphene paper, I took on the internship to build the Intel SGX backend on Graphene, which has been growing almost continuously, and gained visibility thanks to Intel Labs.
MP: Why the preference for Intel SGX?
CCT: I think Intel SGX is right now the most promising technology for security design. There are others being developed, for example, ARM is designing their own. AMD has a slightly weaker security guarantee, but it is also pretty good and has good efficiency. However, Intel SGX is the best designed. Intel SGX has its problems, like everything, but I think it's the first step, and Intel has made a lot of good decisions, that have become standards for security hardware nowadays.
MP: What are your feelings in regards to the blockchain technologies, coming from a different background?
CCT: They are very different paradigms. So what's really interesting from blockchains are the features that ensure that one does not have to worry too much about people making bad choices or making even malicious choices. One can set that problem aside and focus on other aspects of the system you are building. There are good blockchain technologies and protocols that we can try to cherrypick and integrate with the systems we have. On the other hand, it is also very complicated, because it's very easy to mess up some of these components and actually create a system that's insecure. So I would say, there are pros and cons. I think blockchain technology is a very promising sort of building block to what we already have nowadays.
Graphene, essentially, brings the possibility of having a unified layer that can run the same application with the same interface on different platforms. You will still have security problems, decentralization problems, however, Graphene can be the glue to tie systems and applications together, facilitating user experience.
MP: So what were your initial expectations for the project? And what about now? How do you feel about the progress?
CCT: Our initial intention was basically for Graphene to be integrated with Intel SGX and become an open-source research engine for people in academia who are interested in using this technology so that they don't have to worry and spend a lot of time building systems that barely work. Builders can just use this software and everything would just work out of the box. That's what we wanted.
Graphene has grown much bigger than our initial expectations. We didn't expect that at all, but we're happy about this big change because that means more and more people are going to use it. Graphene is now not only restricted to academics but also open to the tech industry. I've heard a lot of people telling me, like “ We really want to do something but we don't know how to do it on Intel SGX”. Suddenly, they found out there's something called Graphene - it could help them do that and actually make their life easier. Nothing makes me happier than hearing people say that.
MP: What about the workflow with Intel, Golem, and ITL? I got into the Slack channel and I was surprised there are so many contributors.
CCT: The best thing about the workgroup is there are people from different backgrounds and different perspectives. And by putting all these perspectives together, we were able to see things that we couldn't see before. When ITL and Golem started conversations with us, Michał (Kowalczyk) gave us a lot of insight about how you actually push a system, get it to production quality, and improve the user experience. The Cloud and Datacenter security team in Intel Labs headed by Mona (Vij), joined powers with the Intel's Open Source Technology Center. These two have obviously very good connections with all the people that are doing different Intel SGX research, they know who is doing what and what is the most important workflow. Intel Open Source Technology Center knows everything about open sourcing, so they are very good at building and writing a really good quality code that could be merged and well integrated. I really appreciate such a diverse working group. And I think we still can expect more teams to join us in the future.