Collaborative Research: SaTC: TTP: Medium: Toward Complete, User-Friendly, and Trustworthy Confidential Computing with Gramine

协作研究：SaTC：TTP：中：使用 Gramine 实现完整、用户友好且值得信赖的机密计算

• 批准号: 2244937
• 负责人: Donald Porter
• 金额: $ 59.84万
• 依托单位: University of North Carolina at Chapel Hill
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-07-01 至 2027-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2244937&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; TTP; Medium

This project aims to mature Gramine, previously known as Graphene or Graphene-SGX, from a successful, open-source (LGPL v3.0) research prototype into a robust, easy-to-use, and trustworthy building block for confidential computing applications. Confidential computing protects code and data in use, building upon recent hardware trusted execution environments (TEEs), such as Intel's SGX enclaves. Confidential computing is essential for cloud computing applications that use sensitive data, such as health applications, where one must balance the economic benefits of cloud computing with regulatory compliance or other security concerns. Gramine is a "lift-and-shift" framework for running unmodified applications in Intel SGX. The project addresses various barriers to adopting Gramine in production settings, including challenges in compatibility, usability, and security of Gramine. The project's novelties are creating a robust, general-purpose, open-source, Linux-compatibility layer that can easily migrate legacy application code from one platform to another---here, emerging confidential computing hardware. The project's broader significance and importance is to accelerate the study of confidential computing and other emerging computational platforms. Gramine is already a building block for over 100 academic papers and several commercial product prototypes. Gramine is publicly available at https://github.com/gramineproject/gramine.The project focuses on three aspects of Gramine development. First, the project expands the set of system interfaces and applications that work on Gramine, with the goal of supporting 90% of the applications installed on a representative Debian/Ubuntu system. Second, the project improves the Gramine user experience, by addressing deployment issues, simplifying configuration and policy decisions, better integrating with other software frameworks, and expanding the set of supported TEEs. Third, the project improves the trustworthiness of Gramine's code base with advanced testing and analysis, as well as rewriting critical code in Rust programming language.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目旨在从成功的开源（LGPL V3.0）研究原型中成熟的Gramine，以前称为石墨烯或石墨烯SGX，以作为机密计算应用程序的强大，易于使用且值得信赖的构建块。 机密计算保护使用中的代码和数据，建立在最新的硬件可信执行环境（TEE）的基础上，例如Intel的SGX Enclaves。机密计算对于使用敏感数据（例如健康应用程序）的云计算应用程序至关重要，在这种应用程序中，必须平衡云计算的经济利益与监管合规性或其他安全问题。 Gramine是用于在Intel SGX中运行未修改应用程序的“提升和转移”框架。 该项目涉及在生产环境中采用Gramine的各种障碍，包括兼容性，可用性和Gramine安全性的挑战。 该项目的新颖性正在创建一个强大的，通用的，开源的，开源的，Linux兼容的层，可以轻松地将旧版应用程序代码从一个平台迁移到另一个平台到另一个平台 - 在这里，新兴的机密计算硬件。 该项目更广泛的意义和重要性是加快机密计算和其他新兴计算平台的研究。 Gramine已经是100多个学术论文和几个商业产品原型的基础。 Gramine可在https://github.com/gramineproject/gramine..tramin...。该项目关注Gramine开发的三个方面。首先，该项目扩展了在Gramine上使用的系统界面和应用程序集，其目的是支持代表性Debian/Ubuntu系统上安装的90％的应用程序。其次，该项目通过解决部署问题，简化配置和策略决策，更好地与其他软件框架集成并扩展支持TEES的集合来改善Gramine用户体验。第三，通过高级测试和分析，该项目改善了Gramine代码基础的可信赖性，以及在Rust编程语言中重写关键代码。该奖项反映了NSF的法定任务，并且认为值得通过基金会的知识分子优点和更广泛的影响评估标准通过评估来获得支持。