Baidu launches MesaTEE, a memory safe function as a Service

Baidu has launched a MesaTEE, a memory safe function as a Service (FaaS) computing framework. MesaTEE is based on Intel's SGX. MesaTEE allows secure processing of sensitive data in the public cloud by combining advanced Hybrid Memory Safety (HMS) model and the power of Intel Software Guard Extensions (Intel SGX).

In brief, Function as a service is serverless computing paradigm based on serverless architectures. Software developers can deploy individual functions on the cloud platform without any need to provisioning any underlying computing instances. Serverless architecture abstracts developers from servers, underlying scalability. It is triggered based on certain events and billed based on execution. In this case, the underlying instance size does not really matter.

There are many providers of function as a service. Among them are AWS Lambda, Google Cloud Functions, IBM OpenWhisk, and Microsoft Azure Functions.

Baidu's MesaTEE solution enables and caters to security sensitive services. Critical use cases include banking, autonomous driving, and healthcare to more securely process their data on critical platforms, such as public cloud and blockchain.

Chief security scientist at Baidu, Tao Wei, said, “MesaTEE combines the power of the Baidu HMS model and Intel® SGX to provide a breakthrough solution to expand the trust boundary of the Internet. The Baidu HMS model has revolutionized memory safety for systems at the software architecture level. Intel® SGX, meanwhile, dramatically shortens the trust chain of computing and makes trusted dependencies more simplified, reliable, and secure. Together, MesaTEE provides the foundation for incubating next-generation blockchains, privacy-enhanced cloud computing, and other new Internet services.”

Security is a critical aspect when comes to cloud services and becomes more critical in the case of public cloud services. The current implementations of function as a service are mostly public and do not ensure the integrity and confidentiality of code and data in the cloud, the announcement says.

MesaTEE is a complete solution that enables a level of security for critical services. MesaTEE uses the hardware-assisted Trusted Execution Environment (TEE) provided by Intel® SGX to reduce privacy risks to users’ operations and data in the cloud. In addition to this, the software allows users to remotely attest and measure the environment, ensuring that the remote execution is exactly what they expect. More importantly, MesaTEE is equipped with HMS and Non-bypassable Security, making it able to withstand most exploits.

MesaTEE is a memory safe Function as a Service (FaaS) computing framework based on Intel® SGX. This solution enables security sensitive services like banking, autonomous driving, and healthcare to more securely process their data on critical platforms, such as public cloud and blockchain.

MesaTEE provides unique advantages to users. It allows users to establish trusted and encrypted end-to-end channels between clients and cloud, or across cloud instances. It also supports WASM/Python (WebAssembly/Python) executions in SGX TEE. It helps significantly increase the system’s flexibility and compatibility. Baidu also claims that MesaTEE has claimed fully compatible with existing FaaS models, where users only need to supply Rust/WASM/Python functions that handle events and data they operate on.