The goal of Project Oak is to provide infrastructure to transfer, store and process sensitive user data in a secure and transparent way.

To do so, Oak relies on running a Trusted Application in a Trusted Execution Environment (TEE). An example of a Trusted Application is Oak Functions. The Trusted Application can provide the client cryptographically attested evidence of the executable state of the TEE through Remote Attestation. Together with Transparent Release this binds the open-source source code to the remotely attested binary running inside the TEE. In order to feasibly review all the source code running inside the TEE, and minimize our trusted computing base, Oak provides the following infrastructure: stage 0, Oak Restricted Kernel and controlled communications interfaces, i.e., the Oak Comms Channel and microRPC.

• Trusted Application Authors: The authors writing the Trusted Application running on Oak Infrastructure.
• Oak Infrastructure Authors: The authors of the code in this repository; mostly this corresponds to the Project Oak team, but also any contributors, and, by extension, the authors of third party dependencies used in Oak.
• Platform Provider: The entity in charge of maintaining and running the combined hardware and software stack surrounding the TEE, for instance a cloud provider; this includes their software, hardware, and employees.
• TEE Manufacturer: The entity in charge of manufacturing the TEE, including hardware, software, and cryptographic keys.

• untrusted:
  • most hardware (memory, disk, motherboard, network card, external devices)
  • Platform Provider
  • Host Operating System (kernel, drivers, libraries, applications)
  • Hypervisor / VMM
• trusted-but-transparent
  • Oak Infrastructure Authors
  • Trusted Application Authors
• trusted:
  • TEE Manufacturer

Side channels are out of scope for Project Oak at present. While we acknowledge that TEEs cannot defend against all possible attacks (and therefore we do need resistance to side channels) we leave their resolution to the respective TEE Manufacturers and other researchers.

We welcome contributors! To join our community, we recommend joining the mailing list and the slack.

Oak development covers practical steps for getting a development Oak system up and running.