Breakthrough in privacy and data integrity by Golem, Intel, ITL, UNC, and Texas A&M University: meet the Graphene Project

Breakthrough in privacy and data integrity by Golem, Intel, ITL, UNC, and Texas A&M University: meet the Graphene Project

Golem is proud to announce a new milestone in collaboration with Intel, ITL and researchers Don Porter and Chia-Che Tsai (now faculty at UNC and Texas A&M University). We are working to deliver a production-grade solution for application portability, security, and data integrity - at this stage directed towards decentralized use-cases.

Trusted Execution Environments (TEEs) are isolated hardware spaces, or environments, in the infrastructure called “enclaves”, where code can run protected from the host, and the data remains confidential and preserves its integrity, even if the enclave is located on a compromised machine.

These are different from regular security containers, which protect the host from the container - but do not protect what’s inside the container from the host.

Intel® Software Guard Extensions (Intel® SGX) is, out of the existing TEEs, the most mature one. This technology was developed by Intel. However, Intel SGX faced various challenges. Graphene is a project that addresses such challenges when adapted to Intel SGX.

Why Graphene?

Intel SGX is not easy to adapt for every application, and as it stands, it’s not exactly simple to integrate. We are developing Graphene as a solution for developers to adopt Intel SGX more broadly, without a need to tweak their applications.
There are three main goals we want to achieve by Graphene’s development:

- Portability: making applications built for Linux work on other OSes.

- Intel SGX support: creating an execution framework for Intel SGX that enables unmodified applications to run in it.

- Usability: to execute applications in SGX with minimal developer overhead, also in decentralized ecosystem for: servers, atomic swaps, distributed exchanges, Minimal Viable Plasma, Hoard and data streaming, to name a few.

Golem + ITL

We started working towards the goal of developing a production-grade solution for Intel SGX in 2017. Invisible Things Labs (ITL), which has been collaborating with us to develop security solutions for our project, recommended Intel SGX. Back then, we started working together towards a production-ready framework for Intel SGX execution. For this purpose, we decided to fork the Graphene project in order to speed up the development. We added features required for the technology to work in decentralized settings, as this was crucial for Golem.
Our goal was (and still is): “to make it (Intel SGX) truly useful, especially for users, not just vendors, we really need to find generic ways of how to run whole, unmodified applications within Intel SGX enclaves. Pretty much like if they were “VMs” of some kind.”

The Graphene Workgroup: unfork & collaborate

Initially, a research project at Stony Brook University, led by Chia-Che Tsai and Don Porter, Graphene scaled thanks to the efforts of many university scientists. In 2015, Intel recognized the project’s potential as an open-source compatibility layer for Intel SGX and has been contributing since then.

Upon seeing the potential of the solution proposed as a result of the combined efforts of Golem and ITL, Intel and the original researchers initiated talks about collaboration and the so-called “unfork”.
This collaboration materialized into the Graphene Workgroup under the combined leadership of Golem, Intel, ITL and the original creators of Graphene.

The core developers teams from these companies are already working to deliver a production-grade solution, that meets the highest quality standards with the ease of integration. A robust and usable Graphene - at first directed towards decentralized use-cases.

“Back in 2017, in cooperation with ITL, we started our research on increasing the computation integrity and confidentiality guarantees in Golem. We decided to focus on the Graphene project which, in principle, should ultimately allow accessing Intel SGX features with almost no development overhead.

Back then we forked from the Graphene project and started the Graphene-ng project. Our primary goal was to focus on the features required in a decentralized setup and to make the platform ready for Golem integrations.
The original creators of Graphene and Intel noticed that these goals were beneficial to all parties. A win-win scenario for everyone: speeding up the development, while bringing more talents to the table and making the platform more accessible to developers in general. Through the Graphene Consortium, this is already happening: faster delivery of essential features, tools for Golem integrations and wider adoption of the tech both in the blockchain space and beyond.” - Piotr Janiuk, Golem’s CTO

About Graphene

Application binaries/executables/libraries designed for an OS cannot easily run in a different one (eg. an application for Windows, will probably not be able to run on Linux). Graphene bridges the gap, porting computational software across different Operating Systems. Additionally, Graphene’s Intel SGX support provides a way to securely run code on remote nodes without the need to trust the host.

Currently, the working group is working on building the contributors’ community for the project. The first stable release (v1.0) is planned for Q2/Q3 2019, featuring Docker integration, a protected network and file system, support of static binaries, and Go and Java runtimes. The working group is planning to support Windows platforms in Q4 2019/Q1 2020.

What's in it for Golem?

Golem enables a generalized p2p computing marketplace, meaning that anyone within the network can use the computation power of another machine for their tasks. However, for some companies, projects, and individuals: data is an extremely valuable asset. These users are not willing to process or persist their data in clouds, external data centers or networks like Golem, because of the threat to their data integrity.

Intel SGX combined with Graphene offers important features as it allows to carry out a verifiable computation on an untrusted machine. If a requestor can choose provider nodes with this kind of TEEs enabled, they effectively gain access to a trusted subnetwork, in which partial results do not have to be verified at all.

This way Golem can provide secure and convenient computational services that satisfy the highest requirements of the users that are operating with sensitive and valuable data.

Golem believes that Graphene can play a key role in the decentralized ecosystem, where data integrity, confidentiality, and security are cornerstones to the robust development of infrastructure and applications. Driving Graphene and ensuring its usability is part of Golem's commitment to the advancement of technology in the decentralized space.

Watch this demo series to see Graphene (formerly, Graphene-ng) being integrated in Golem (PoC):

Please check our guide on Trusted Computations
See our FAQs

Curious for more?

Read the first post of our Essential Guide to Graphene.

Go to Graphene website, that we have created together with the Graphene Workgroup - find out more about Graphene, and how it can shift the ecosystem.

For progress reports on the project, follow our blog. We want our users and the ecosystem to have all the tools needed to adopt Graphene, contribute to the project and use Golem at its full potential once the technology is implemented. As always, thank you for the unwavering support. Onward.