What is TEE?
The ambitious goal of creating a planetary-scale supercomputer necessitates the extensive involvement of numerous infrastructure providers. To support the implementation of such scalability and openness, a fresh approach to security, data privacy, and execution models is essential. Isolation can be achieved using virtual machines or containers.
Virtual machines offer a higher degree of isolation and security by emulating the entire hardware, albeit with greater execution overhead. Containers, on the other hand, reduce this overhead by utilizing the host operating system's kernel, sacrificing some isolation in the process. Traditional isolation approaches rely on the assumption that the host environment is trusted.
However, given the decentralized nature and openness towards infrastructure providers, some actors may behave maliciously. Conventional isolation mechanisms must be supplemented with new security policies and mechanisms.
The designed system must ensure protection at multiple levels:
- For service consumers, it must ensure data privacy and deliver accurate results within an acceptable time frame.
- For infrastructure providers, it must safeguard the execution environment against malicious code.
- For AI innovators and data providers, it must secure intellectual property and defend against unauthorized access.