Comments (11)
Were you ever able to run sealing functions in graphene?
Yes, sealing did work with python-sgx (using graphene).
from graphene.
Hi, sorry for the late response.
It depends on the targets of attestation, and the threat model. If you are simply worried about whether the application code loaded inside an enclave is correct, Graphene ensures the integrity of all loaded binaries including executables, libraries, and the library OS itself. The attestation is based on the fact that each application will have a unique measurement, derived from the binary files and the manifest. By comparing the unique measurement, users can tell whether an enclave is running the application they sign off.
If you need to attest the integrity of an enclave running on a remote host, Graphene current does not provide APIs to access the Intel Attestation Service. It will be a feature for near future.
from graphene.
If you need to attest the integrity of an enclave running on a remote host, Graphene current does not provide APIs to access the Intel Attestation Service. It will be a feature for near future.
Interesting! So you are currently working on a remote attestation feature for Graphene? I'm working on a solution for remote attestation too.
from graphene.
Hello,
I am also interested in the remote attestation. Is there any progress on this feature?
Thanks for your help.
from graphene.
I think it is still on the back-burner. Any patches are welcome.
from graphene.
@adombeck I know currently do not maintain your https://github.com/adombeck/python-sgx library (which was really promising btw). I tried compiling your code and making it work (and also tried another variant with SWIG). However, the program returns nothing and exits (maybe I should compile with debugging on). Were you ever able to run sealing functions in graphene?
from graphene.
@adombeck that is really assuring to hear. Could you please send me your email (I could not find one on your profile) to tarik[at]tarikmoon.com. I have a few questions that I would love to discuss over email and also maybe explain why sealing is really important for the project I am working on.
Thanks in advance.
from graphene.
We are also interested in remote attestation, which is absolutely key to our use case (https://github.com/e-mission/e-mission-docs/blob/master/docs/future_work/privacy.md). @njriasan has remote attestation working outside of graphene using the Intel SDK along with the IBM trust management wrapper (https://github.com/IBM/sgx-trust-management) and would be happy to contribute this feature.
There are multiple possible design points and levels of transparency possible.
@chiache, @donporter any thoughts on how to proceed logistically? Should we open a new issue just to track our proposed contribution or should we keep the high level discussions in this issue?
from graphene.
@shankari , did you also evaluate RA-TLS (https://github.com/cloud-security-research/sgx-ra-tls)? It is a project by Intel Labs that has integration with Graphene-SGX, and it provides Remote Attestation verification report in custom X.509 extensions.
from graphene.
@dimakuv no we haven't. @njriasan can take a look...
from graphene.
I'd recommend writing up your thoughts or questions and emailing to [email protected]
for advice before you do much implementation. The maintainer team can give some guidance on possible options, or we can set up an ad hoc chat if you are serious about building this.
from graphene.
Related Issues (20)
- Data transmission error with Python gRPC running in graphene HOT 9
- Huge performance drop when running pytorch training with graphene-sgx HOT 26
- Graphene-SGX: Syscalls wakes up early/prematurely on Server Machines HOT 12
- untrusted PAL sent PAL event HOT 10
- BUG() triggered during vfork and clone HOT 15
- With Go program, inside a docker container, bind fails with permission denied error, invalid handle error. HOT 7
- Workloads (Redis, Curl, R) failing with Out of memory PAL error after new manifest syntax to define lists of SGX trusted files. HOT 7
- Unable to Sign the graphenized Docker image using gsc sign-image: HOT 5
- RFC: Trusted files metadata sideloading
- [Error:38]Function not implemented. multiprocessing in graphene HOT 7
- How to transmit variables between SGX and untrusted environments HOT 4
- Function not implemented (src/ip.cpp:563) in testing GSC container HOT 2
- [Examples] Python Example Stuck Without Any Error Message HOT 1
- ModuleNotFoundError: No module named 'graphenelibos' HOT 5
- web server use golang, QPS(queries per second) is very low HOT 4
- File Listener Based on INOTIFY Throws Error HOT 1
- Issue with libprotobuf version. HOT 1
- Issue in Cloud Deployment to AKS HOT 3
- Decimal type prone to float rounding error. HOT 1
- pytorch sample config for better performance HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graphene.