Secure Services
TEEX is a secure distributed computing platform which provides a Layer-2 solution to eliminate two fundamental limitations of traditional blockchains: privacy and scalability. TEEX Network enables the deployment and invocation of secure services.
What can Secure Service Do?
The secure service is similar to existing Serverless or FaaS (Function as a Service) provided cloud vendors. A service can get the service input, execute a main logic and finally return the result to the user. TEEX secure service has following functionalities:
- Data Security: The privacy and integrity of the input data can be enforced. Except for the data owner, nobody can steal the data or tamper with it.
- Code Security: The privacy and integrity of the service code can be enforced. Except for the service provider, nobody (either the user or the worker) can get the service code or tamper with it.
- Full Feature: The secure service should provide full functionality as application executed in the native environment.
Warning
Currently, TEEX TestNet aims to allow the service provider to try developing secure service and the user to invoke them. Although we have already enforced the security properties of our secure service, the TestNet is a beta version. We recommend the user not to send any sensitive data to the TestNet and also recommend the service provider not to upload the sensitive service on the TestNet.
Why We Need Secure Service?
The secure service can protect the security of both user and the service code, and providing full feature same as native execution environment. The secure service can be used in :
-
Secure Machine Learning: ML always needs lots of data to train the model and parts of ML needs the sensitive data, which needs to be protected. Meanwhile, the code of ML application often has high economic value, whose privacy needs to be protected.
-
Financial Field: The risk assessment often requires a lot of sensitive data, which needs to be protected.
-
Medical Field: The medical data (e.g., gene data) is always sensitive.
-
More
All above functionalities can be written as a secure service, and both the security and integrity of them can be enforced.
How TEEX Secure Service Work?
There exist limited mechanisms to enforce the privacy and integrity of a service on a remote and untrusted machine. They are Trusted Execution Environments (TEEs), homomorphic encryption, secure multi-party computation and zero-knowledge. Currently, TEEX TestNet combines SGX enclave and systematic method to implement a TEE and leverage the TEE to protect the secure services. Different with other methods which only use SGX, our TEE method can not only forbid malicious OS from directly accessing service data/controlling service execution and defend against physical attacks, but also prevent side-channel attacks, which cannot be solved by SGX. More details about TEEX secure service can be found in out teex.io.
Developing TEEX Secure Service
Currently, TEEX secure service can be written in native python. We support supports all Python grammar (e.g., while, for, List, Tuples) and all standard libraries of Python (e.g., string, re, mutex, math, random, hmac and so on). For the security reason, we forbid or limit some functionalities of standard python libraries, for example, the disk write operation is forbidden. More details about developing TEEX secure service can be found in the Tutorial.