Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/project-oak/oak
Meaningful control of data in distributed systems.
https://github.com/project-oak/oak
distributed-systems enclave policy
Last synced: 2 months ago
JSON representation
Meaningful control of data in distributed systems.
- Host: GitHub
- URL: https://github.com/project-oak/oak
- Owner: project-oak
- License: apache-2.0
- Created: 2019-03-04T18:08:59.000Z (over 5 years ago)
- Default Branch: main
- Last Pushed: 2023-12-15T21:11:27.000Z (6 months ago)
- Last Synced: 2023-12-15T23:13:49.025Z (6 months ago)
- Topics: distributed-systems, enclave, policy
- Language: Rust
- Homepage:
- Size: 184 MB
- Stars: 943
- Watchers: 34
- Forks: 101
- Open Issues: 175
-
Metadata Files:
- Readme: README.md
- Contributing: docs/CONTRIBUTING.md
- License: LICENSE
- Authors: AUTHORS
Lists
- awesome-iam - Project Oak - A specification and a reference implementation for the secure transfer, storage and processing of data. (Secret Management / Hardware Security Module (HSM))
- Awesome-SGX-Open-Source - https://github.com/project-oak/oak
- awesome-stars - oak - oak | 982 | (Rust)
- awesome-stars - oak - oak | 529 | (Rust)
README
[![Build Status](https://img.shields.io/github/actions/workflow/status/project-oak/oak/ci.yaml?branch=main&style=for-the-badge)](https://github.com/project-oak/oak/actions/workflows/ci.yaml?query=branch%3Amain)
[![Docs](https://img.shields.io/badge/docs-rust-brightgreen?style=for-the-badge)](https://project-oak.github.io/oak)The goal of Project Oak is to provide infrastructure to transfer, store and
process sensitive user data in a secure and transparent way.To do so, Oak relies on running a _Trusted Application_ in a
[Trusted Execution Environment (TEE)](https://en.wikipedia.org/wiki/Trusted_execution_environment).
An example of a Trusted Application is
[Oak Functions](/oak_functions/README.md). The Trusted Application can provide
the client cryptographically attested evidence of the executable state of the
TEE through [Remote Attestation](./docs/remote-attestation.md). Together with
[Transparent Release](https://github.com/project-oak/transparent-release) this
binds the open-source source code to the remotely attested binary running inside
the TEE. In order to feasibly review all the source code running inside the TEE,
and minimize our trusted computing base, Oak provides the following
infrastructure: [stage 0](/stage0_bin/),
[Oak Restricted Kernel](/oak_restricted_kernel/) and controlled communications
interfaces, i.e., the [Oak Comms Channel](/oak_channel/) and
[microRPC](/micro_rpc/).## Parties involved
- **Trusted Application Authors**: The authors writing the Trusted Application
running on Oak Infrastructure.
- **Oak Infrastructure Authors**: The authors of the code in this repository;
mostly this corresponds to the Project Oak team, but also any contributors,
and, by extension, the authors of third party dependencies used in Oak.
- **Platform Provider**: The entity in charge of maintaining and running the
combined hardware and software stack surrounding the TEE, for instance a cloud
provider; this includes their software, hardware, and employees.
- **TEE Manufacturer**: The entity in charge of manufacturing the TEE, including
hardware, software, and cryptographic keys.## Threat Model
- **untrusted**:
- most hardware (memory, disk, motherboard, network card, external devices)
- Platform Provider
- Host Operating System (kernel, drivers, libraries, applications)
- Hypervisor / VMM
- **trusted-but-[transparent](https://github.com/project-oak/transparent-release)**
- Oak Infrastructure Authors
- Trusted Application Authors
- **trusted**:
- TEE ManufacturerSide channels are out of scope for Project Oak at present. While we acknowledge
that TEEs cannot defend against all possible attacks (and therefore we do need
resistance to side channels) we leave their resolution to the respective TEE
Manufacturers and other researchers.## Getting involved
We welcome [contributors](docs/CONTRIBUTING.md)! To join our community, we
recommend joining the
[mailing list](https://groups.google.com/g/project-oak-discuss) and the
[slack](https://join.slack.com/t/project-oak/shared_invite/zt-5hiliinq-f0fYZGwlzfH3kMrJuu3qlw).[Oak development](docs/development.md) covers practical steps for getting a
development Oak system up and running.