Baidu, the “Chinese Google” has launched MesaTEE, a ‘memory safe’ Function as a Service (FaaS) computing framework – an innovation based on Intel SGX. This cloud security solution would enable security sensitive services like banking, autonomous driving and healthcare to more securely process their data on critical platforms, such as public cloud and blockchain.
MesaTEE is a complete solution that would enable the highest level of security for critical services while ensuring the integrity and confidentiality of code and data in the cloud. Baidu’s MesaTEE cloud security solution leverages the hardware assisted Trusted Execution Environment (TEE) provided by Intel SGX to reduce privacy risks to users’ operations and data in the cloud. In addition to this, the software would allow users to remotely attest and measure the environment, ensuring that the remote execution is exactly what they expect. MesaTEE is equipped with HMS and Non-bypassable Security, making it able to withstand most exploits, according to Baidu.
Baidu’s MesaTEE cloud security solution would allow users to establish trusted and encrypted end-to-end channels between clients and cloud, or across cloud instances. Additionally, it supports WASM/Python executions in SGX TEE, “significantly increasing the system’s flexibility and compatibility.”
MesaTEE would be fully compatible with existing FaaS models, where users only need to supply Rust/WASM/Python functions that handle events and data they operate on.
“MesaTEE combines the power of the Baidu HMS model and Intel SGX to provide a breakthrough solution to expand the trust boundary of the Internet,” said Tao Wei, chief security scientist at Baidu. “The Baidu HMS model has revolutionized memory safety for systems at the software architecture level. Intel SGX, meanwhile, dramatically shortens the trust chain of computing and makes trusted dependencies more simplified, reliable, and secure. Together, MesaTEE provides the foundation for incubating next-generation blockchains, privacy-enhanced cloud computing, and other new Internet services.”