Awesome SGX Open Source Projects

Hope that you'd be glad to add a star if you think this list is helpful!

For researchers, a curated list of academic work from computer conferences is here: link

• Runtime Framework
  • Industrial Leading Projects
  • Library OSes and SDKs
• Remote Attestation (RA) and Secure Channels
• Crypto
• Language Frameworks
• Blockchains
• Machine Learning
• Common Libraries
• Applications
• Network
• Data Analytics
• Private Search
• Key and Password Management
• Encrypted Databases and Key-value Stores
• Distributed Systems
• Profiling
• Performance
• Compatibility
• Defenses
  • Memory Protection
  • I/O Protection
• Attacks
• Beyond SGX Enclave Projects
• Other TEEs

Runtime Framework

Industrial Leading Projects

• Microsoft Confidential Consortium Framework https://github.com/microsoft/CCF
• Ant Financial Occlum https://github.com/occlum/occlum
• Next-Generation Occlum, optimized for Intel SGX 2.0 https://github.com/occlum/ngo
• Inclavare: a confidential container for cloud-native confidential computing and enclave runtime ecosystem https://github.com/inclavare-containers/inclavare-containers
• Enarx: Confidential Computing with WebAssembly https://github.com/enarx/enarx
• enclaive.io: Building confidential containers for the cloud https://github.com/enclaive
• Conclave SDK is an open source platform that makes working with SGX enclaves easy https://github.com/R3Conclave/conclave-core-sdk
• Confidential Containers: Process-based Confidential Container Runtime https://github.com/confidential-containers/enclave-cc
• KubeTEE TFF https://github.com/SOFAEnclave/trusted-function-framework
• Fortanix Enclave Development Platform https://github.com/fortanix/rust-sgx
• Scontain: Confidential Computing Playground Virtual Machine https://github.com/scontain
• Veracruz: privacy-preserving collaborative compute, now an adopted project of the Confidential Compute Consortium (CCC) https://github.com/veracruz-project/veracruz
• MarbleRun: a framework for creating distributed confidential-computing apps https://github.com/edgelesssys/marblerun
• Apache Teaclave https://github.com/apache/incubator-teaclave
• Google Asylo https://github.com/google/asylo

Library OSes and SDKs

• Gramine Library OS with Intel SGX Support (formerly Graphene) https://github.com/gramineproject/gramine
• Edgeless RT: SDK for TEEs/SGX based on Open Enclave with Go support https://github.com/edgelesssys/edgelessrt
• Porpoise: A tool to port commodity application to Intel SGX https://github.com/iisc-cssl/porpoise
• Mystikos: Tools and runtime for launching unmodified container images in Trusted Execution Environments https://github.com/deislabs/mystikos
• SGX-LKL: Library OS for running Linux applications inside SGX enclaves https://github.com/lsds/sgx-lkl
• Ratel: Dynamic Binary Translation with SGX Enclaves https://github.com/ratel-enclave/ratel
• Panoply: Low-TCB Linux Applications with SGX Enclaves https://github.com/shwetasshinde24/Panoply

Remote Attestation (RA) and Secure Channels

• Formal specification of attestation mechanisms in Confidential Computing https://github.com/CCC-Attestation/formal-spec-TEE
• Certifier Framework for Confidential Computing https://github.com/vmware-research/certifier-framework-for-confidential-computing
• Confidential VM Platform Guest attestation https://github.com/Azure/confidential-computing-cvm-guest-attestation
• Calculate AMD SEV/SEV-ES/SEV-SNP measurement for confidential computing https://github.com/virtee/sev-snp-measure
• A library for Confidential Computing Architecture (CCA) Attestation Token https://github.com/veraison/ccatoken
• Veraison: Project Veraison creates software components that can be used to build an Attestation Verification Service https://github.com/veraison
• OpenEmbedded layer for the use cases on secure boot, integrity and encryption https://github.com/jiazhang0/meta-secure-core
• MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties (USENIX Security 2022) https://github.com/donnod/linux-sgx-mage
• Microsoft Azure Attestation service (MAA) for Attesting Trusted Execution Environments (TEEs) https://github.com/Azure-Samples/microsoft-azure-attestation
• Linux SGX remote attestation example including the communication with IAS https://github.com/svartkanin/linux-sgx-remoteattestation
• OpenID Connect Via Enclave https://github.com/DanielShteinbok/spring-oidc-conclave-authentication
• Intel Security Libraries for Data Center (Intel SecL-DC) https://github.com/intel-secl/intel-secl
  • SGX Caching Service
  • SGX Quote Verification Service
  • SGX Host Verification Service
  • SGX Hub
  • SGX Agent
• SGX Quote Verification Service, cloud-nativized https://github.com/pw4ever/isecl-sqvs
• OPERA: Open Remote Attestation for Intel's Secure Enclaves https://github.com/Calctopia-OpenSource/opera
• Intel end-to-end RA https://github.com/intel/sgx-ra-sample
• Data Center Attestation Primitives (DCAP) https://github.com/intel/SGXDataCenterAttestationPrimitives
• RA-based TLS https://github.com/cloud-security-research/sgx-ra-tls
• IBM simplified RA without accessing IAS too frequently https://github.com/IBM/sgx-trust-management
• Azure Attestation SGX Certification Cache https://github.com/Microsoft/Azure-DCAP-Client
• Enclave Mutual Attestation Library https://github.com/AntonioDan/SGX_Enclave_Mutual_Attestation_Library

Crypto

• SGX-supported version of safeheron-crypto-suites-cpp library https://github.com/Safeheron/safeheron-crypto-suites-cpp-sgx
• Enclavised OpenSSL (Intel Official) https://github.com/intel/intel-sgx-ssl
• Enclavised LibreSSL https://github.com/lsds/TaLoS
• Enclavised mbedTLS https://github.com/bl4ck5un/mbedtls-SGX
• Enclavised WolfSSL https://github.com/wolfSSL/wolfssl-examples
• SGX-OpenSSL (SGX-Tor Project) https://github.com/sparkly9399/SGX-OpenSSL

Language Frameworks

• Java https://github.com/apache/incubator-teaclave-java-tee-sdk
• Rust
  • RusTEE: Developing Memory-Safe ARM TrustZone Applications (ACSAC 2020) https://github.com/apache/incubator-teaclave-trustzone-sdk
  • EigenCC: Confidential Computation https://github.com/0xEigenLabs/eigencc
  • https://github.com/baidu/rust-sgx-sdk
  • https://github.com/fortanix/rust-sgx
• WebAssembly
  • Wasm interpreter in Rust https://github.com/mesalock-linux/wasmi-sgx
  • Twine: An Embedded Trusted Runtime for WebAssembly https://github.com/jamesmenetrey/unine-twine
  • WebAssembly Micro Runtime (WAMR) https://github.com/bytecodealliance/wasm-micro-runtime
• Python
  • MesaPy: A Memory-Safe Python Implementation based on PyPy https://github.com/mesalock-linux/mesapy
  • Python binder for SGX SDK https://github.com/adombeck/python-sgx
• Golang
  • TamaGo - ARM/RISC-V bare metal Go https://github.com/usbarmory/tamago
  • Go Trusted Execution Environment (TEE) https://github.com/usbarmory/GoTEE
  • EGo: a framework for building confidential apps in Go https://github.com/edgelesssys/ego
  • Golang https://github.com/intel/GrapheneSGX-Golang-Support-and-Enhancement
  • Golang binder https://github.com/rupc/go-with-intel-sgx
  • GOTEE: Secured Routines using SGX https://github.com/epfl-dcsl/gotee
• JavaScript https://github.com/evervault/node-secureworker
• C# https://github.com/Liaojinghui/A_C-Sharp_Project_With_SGX
• Lua https://github.com/vschiavoni/SecureStreams-DEBS17
• Erlang https://github.com/Erlang-Enclave-Thesis/sgx-erlang-extension
• C/C++ (Intel Official) https://github.com/intel/linux-sgx
• PSec: Programming Language for Creating Secure Distributed Systems leveraging Intel SGX https://github.com/ShivKushwah/PSec

Blockchains

• Fidelius: YeeZ Privacy Protection for Data Collaboration https://github.com/YeeZTech/YeeZ-Privacy-Computing
• SDK for Switchboard's secure enclave computing https://github.com/switchboard-xyz/sgx-sdk
• Secret.NET is a .NET Client to interact with the Secret Network blockchain https://github.com/0xxCodemonkey/SecretNET
• A Ledger-backed Secure Key-Value store (LSKV), built on the Confidential Consortium Framework (CCF) https://github.com/microsoft/LSKV
• Twilight: A Differentially Private Payment Channel Network (USENIX Security 2022) https://github.com/saart/Twilight
• Ethernity Cloud Node https://github.com/ethernity-cloud/mvp-pox-node
• Oasis Network: Performant and Confidentiality-Preserving Smart Contracts + Blockchains https://github.com/oasisprotocol/oasis-core
• MobileCoin: Private payments for mobile devices https://github.com/mobilecoinfoundation/mobilecoin
• Integritee off-chain worker and sidechain validateer https://github.com/integritee-network/worker
• Ternoa's Blockchain to support the secure creation and transfer of Capsules https://github.com/capsule-corp-ternoa/chain
• Automata Network: Web 3.0 Realized with Tracless Privacy and Seamless Compatibility https://github.com/automata-network/automata
• Phala Blockchain: a blockchain-based confidential computing cloud https://github.com/Phala-Network/phala-blockchain
• sWorker: Crust MPoW-based Offchain Storage inside TEE Enclaves https://github.com/crustio/crust-sworker
• Teechain: A Secure Payment Network with Asynchronous Blockchain Access (SOSP 2019) https://github.com/lsds/Teechain
• Ekiden: Confidentiality-Preserving Smart Contract Platform (EuroS&P 2019) https://github.com/ekiden/ekiden
• Hardware Secure Crypto Wallet for Ethereum and SKALE https://github.com/skalenetwork/sgxwallet
• Database intended for Blockchain https://github.com/kaimast/credb
• Anonify: A blockchain-Agnostic Execution Environment with Privacy and Auditability https://github.com/LayerXcom/anonify
• Hyperledger: Confidentiality-Preserving, Off-Chain Smart Contracts
  • https://github.com/hyperledger-labs/private-data-objects
  • https://github.com/hyperledger/fabric-private-chaincode
• substraTEE: Trusted Off-Chain Compute Framework for Substrate Blockchains https://github.com/scs/substraTEE
• eEVM: Enclave EVM as Ethereum Virtual Machine https://github.com/Microsoft/eEVM
• BitCoin Mixer https://github.com/BitObscuro/Obscuro
• Proof of Luck for IPFS https://github.com/luckychain/lucky
• Town Crier: An Authenticated Data Feed For Smart Contracts https://github.com/bl4ck5un/Town-Crier
• Ledger BOLOS Enclave https://github.com/LedgerHQ/bolos-enclave

Machine Learning

• CAGE: Complementing Arm CCA with GPU Extensions https://github.com/Compass-All/NDSS24-CAGE
• No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition for On-Device ML (IEEE S&P 2024) https://github.com/ziqi-zhang/TEESlice-artifact
• Secure MLaaS with Temper: Trusted and Efficient Model Partitioning and Enclave Reuse (ACSAC 2023) https://github.com/tsinghua-ideal/TEMPER-Secure-MLaaS
• Machine learning inference in trusted execution environment build from SGX https://github.com/Luke20000429/Trusted-ML-SGX
• Azure Bicep/ARM template to quickly deploy standalone secure research environments https://github.com/microsoft/Azure-Secure-Enclave-for-Research
• SOTER: Guarding Black-box Inference for General Neural Networks at the Edge (ATC 2022) https://github.com/hku-systems/SOTER
• FedServing: A Federated Prediction Serving Framework Based on Incentive Mechanism (INFOCOM 2021) https://github.com/H-W-Huang/FedServing
• Privacy-preserving Federated Learning with Trusted Execution Environments (MobiSys 2021) https://github.com/mofanv/PPFL
• TF-Encrypted: A Framework for Encrypted Machine Learning in TensorFlow https://github.com/tf-encrypted/tf-encrypted
• BigDL Privacy Preserving Machine Learning https://github.com/intel-analytics/BigDL
• BlindAI: Fast, accessible and privacy friendly AI deployment https://github.com/mithril-security/blindai
• Confidential Computing Zoo provides confidential computing solutions based on Intel SGX, TDX, HEXL, etc. technologies https://github.com/intel/confidential-computing-zoo
• MNIST hand-written text recognition task using FEDn with the PyTorch C++ https://github.com/scaleoutsystems/tee-mnist
• Pytorch with SGX solution https://github.com/intel/sgx-pytorch
• Enclave Hardening for Private ML (GBDT Learning + Differential Privacy) https://github.com/loretanr/dp-gbdt
• Tensorflow Lite For Intel SGX https://github.com/Jumpst3r/tensorflow-lite-sgx
• An trusted and lite version of OpenCV based on Intel SGX https://github.com/xymeng16/opencv_lite_sgx
• Open Enclave port of the ONNX runtime for confidential inferencing on Azure Confidential Computing https://github.com/microsoft/onnxruntime-openenclave
• Secure Aggregation for Federated Learning https://github.com/mc2-project/secure-aggregation
• Secure Collaborative Training and Inference for XGBoost https://github.com/mc2-project/secure-xgboost
• Confidential Computing of Machine Learning using Intel SGX https://github.com/prasadkjose/confidential-ml-sgx
• MesaTEE GBDT-RS: A Fast and Secure GBDT library https://github.com/mesalock-linux/gbdt-rs
• TF-Trusted: Run TensorFlow Models in Secure Enclaves https://github.com/capeprivacy/tf-trusted
• Accountable Deep Learning https://github.com/arefasvadi/SGX-ADL
• Open Deep Learning Compiler Stack TVM in Intel SGX Example
• Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware (ICLR 2019) https://github.com/ftramer/slalom
• EnclaveML: a framework for tokenized federated learning https://github.com/jamslevy/enclaveML
• Plinius: Secure ML model training with Intel SGX and PM for fault tolerance https://github.com/anonymous-xh/plinius
• SGX-Darknet: SGX compatible ML library https://github.com/anonymous-xh/sgx-dnet

Common Libraries

• A framework to run Fully Homomorphic Encryption computations (especially using the SEAL library) on Trusted Execution Environments https://github.com/zkFHE/FHE-in-TEE
• A library to orchestrate interoperable Data Cleaning Services using Intel SGX based Containers https://github.com/qascade/dcr
• DarkProto Threshold Cryptosystem https://github.com/andrcmdr/darkproto-proposal
• Enclave Memory Manager https://github.com/intel/sgx-emm
• VRF-enhanced random number source running inside enclaves https://github.com/smartbch/enclave-vrf
• A trusted libjpeg on Intel SGX https://github.com/xymeng16/libtjpeg
• Zlib Data Compression Library inside SGX Enclaves https://github.com/ffosilva/zlib-sgx
• SEAL library in SGX https://github.com/shenqtao/seal_SGX
• Enclaved-FE: enable applications using Fentec Functional Encryption libraries (CiFEr, GoFE) in Intel SGX https://github.com/cryptohackathon/enclaved-FE
• Libsodium AES-NI based AES-256-GCM https://github.com/Maxul/SGX-AES-256
• GNU Multiple Precision Arithmetic Trusted Library for Intel SGX https://github.com/intel/sgx-gmp

Applications

• Secure Silo Database System with Intel SGX https://github.com/Noxy3301/CASSA
• Data Clean Room (GSSoC 2023) https://github.com/qascade/dcr
• CACIC: Providing Secure and Customizable IoT Data Access Policies with SGX https://github.com/GTA-UFRJ/CACIC-Use-Case
• BastionLab: a simple framework for privacy-friendly data science collaboration https://github.com/mithril-security/bastionlab
• 180Protocol: Confidential compute for sensitive data sharing and commercial collaboration https://github.com/180Protocol/180protocol
• Secure and Lightweight Deduplicated Storage via Shielded Deduplication-Before-Encryption (ATC 2022) https://github.com/yzr95924/DEBE
• TEEKAP: Self-Expiring Data Capsule using Trusted Execution Environment (ACSAC 2021) https://github.com/MingyuanGao/TEEKAP
• Intel SGX Module for the passpharse key derivation module of GenesisDrive https://github.com/VRTeamgenesis/GenesisDrive-SGX
• Verifiable Election https://github.com/davidgmorais/verifiable-election
• Rex: SGX decentralized recommender (IEEE IPDPS 2022) https://github.com/rafaelppires/rex
• Loading SGX enclave from DLL on Windows 10 64-bit https://github.com/nadiaivc/Load-SGX-enclave-from-DLL
• SRX – SGX Recovery Extension https://github.com/andrade/srx
• Black-Scholes-Merton computation in Intel SGX https://github.com/sbellem/sgx-bsm
• Accelerating Encrypted Deduplication via SGX (ATC 2021) https://github.com/jingwei87/sgxdedup
• SGX-based Genome Variants Search https://github.com/ndokmai/sgx-genome-variants-search
• SMac: Secure Genotype Imputation in Intel SGX https://github.com/ndokmai/sgx-genotype-imputation
• SGXKaller: Private Contact Discovery Service https://github.com/Arslan8/SGXKaller
• Achieving Reconciliation between Privacy Preservation and Auditability For File Hosting (Intel SGX + IPFS + Hyperledger Fabric) https://github.com/wuliangshun/SGX-base-File-Hosting
• bwa-sgx-scone: a parallel privacy preserved BWA(DNA sequence alignment) solution using Intel SGX and SCONE https://github.com/dsc-sgx/bwa-sgx-scone
• Bioinformatic Interpreter with Intel SGX https://github.com/hello31337/BI-SGX
• C3PO: providing security functions for Open Mobile Evolved Core (OMEC) https://github.com/omec-project/c3po
• SafeTrace: Privacy Preserving Voluntary COVID-19 Self-Reporting Platform for Contact Tracing https://github.com/enigmampc/SafeTrace
• Private Contact Discovery Service for Signal https://github.com/signalapp/ContactDiscoveryService
• Trustworthy and Accountable Function-as-a-Service https://github.com/SSGAalto/sfaas
• Securing Storage Encryption https://github.com/ayeks/TresorSGX

Network

• Priority load balancer with retries, and SGX RA-TLS support https://github.com/flashbots/prio-load-balancer
• Setheum - Powering Scalable Web3 Solutions https://github.com/Setheum-Labs/Setheum
• Towards A TEE-based V2V Protocol For Connected And Autonomous Vehicles https://github.com/OSUSecLab/v2v-sgx-prelim
• TrustedGateway: TEE-Assisted Routing and Firewall Enforcement Using ARM TrustZone (RAID 2022) https://github.com/trugw
• OpenRelay: Community-built, Privacy-first VPN (WIP) https://github.com/triumphantomato/openrelay
• Bento: Safely Bringing Network Function Virtualization to Tor (SIGCOMM 2021) https://github.com/breakerspace/bento
• Nginx-SGX: SGX-ready Nginx open source server https://github.com/enclaive/enclaive-docker-nginx-sgx
• Hidden anonymization with SGX-based mix-networks https://github.com/oEscal/sgx-based-mix-networks
• ZeroCache: a Cloud-Oriented Middlebox for Network Confidential Computing https://github.com/Maxul/zerocache
• Hidden anonymization with SGX-based mixes https://github.com/oEscal/sgx-based-mix-networks
• SnowHaze VPN Zero-Knowledge Verification https://github.com/snowhaze/zka-sgx
• MACSec: Secure Network Interface with SGX https://github.com/fkirc/secure-network-interface-with-sgx
• SENG: SGX-Enforced Network Gateway (USENIX Security 2020) https://github.com/sengsgx/sengsgx
• SGX + CDN (USENIX Security 2020) https://github.com/smherwig/phoenix
• ConsenSGX: Scaling Anonymous Communications Networks with Trusted Execution Environments (PETS 2019) https://github.com/sshsshy/ConsenSGX
• SGX + Snort Intrusion Detection System https://github.com/cloud-security-research/sgx-ids
• SafeBricks: Shielding Network Functions in the Cloud (NSDI 2018) https://github.com/YangZhou1997/SafeBricks
• SGX + Tor (NSDI 2017) https://github.com/kaist-ina/SGX-Tor
• SGX + Web Crawler https://github.com/ShengHow95/simple-selenium-sgx-crawler

Data Analytics

• Constructing Trusted Execution Environment (TEE) with GCP Confidential Space https://github.com/salrashid123/confidential_space
• SecretFlow: A unified framework for privacy-preserving data analysis and machine learning https://github.com/secretflow/secretflow
• MC2: A Platform for Secure Analytics and Machine Learning https://github.com/mc2-project/mc2
• Opaque: An encrypted data analytics platform (NSDI 2017) https://github.com/mc2-project/opaque-sql
• Ryoan: A distributed sandbox for untrusted computation on secret data (OSDI 2016) https://github.com/ut-osa/ryoan
• Confidential Analytics on Azure SGX VM's with Apache Spark and SCONE https://github.com/mdrakiburrahman/sgx-pyspark-sql-demo
• BiORAM-SGX: A Practical Privacy-Preserving Data Analysis for Personal Genome by Intel SGX https://github.com/cBioLab/BiORAM-SGX

Private Search

• Snoopy: Surpassing the Scalability Bottleneck of Oblivious Storage (SOSP 2021) https://github.com/ucbrise/snoopy
• DeSearch: a decentralized search engine with verifiable dataflow (OSDI 2021) https://github.com/SJTU-IPADS/DeSearch
• mc-oblivious: Oblivious RAM inside of Intel SGX enclaves https://github.com/mobilecoinofficial/mc-oblivious
• ZeroTrace: Oblivious Memory Primitives from Intel SGX (NDSS 2018) https://github.com/sshsshy/ZeroTrace
• X-Search: Revisiting Private Web Search using Intel SGX (Middleware 2017) https://github.com/Sand-jrd/SGX-Search
• Private Information Retrieval https://github.com/patrickwang96/BO-PIR-SGX
• Private SSE Schemes https://github.com/MonashCybersecurityLab/SGXSSE
• POSUP: Oblivious Search and Update Platform with SGX https://github.com/thanghoang/POSUP
• A Secure, Efficient and Scalable Query Framework for Outsourcing Data https://github.com/fishermano/QShield
• BISEN: Boolean Isolated Searchable Encryption https://github.com/bernymac/BISEN

Key and Password Management

• Safeheron’s TEE Based RSA Key Sharding Service https://github.com/Safeheron/sgx-arweave-cpp
• FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs (CCS 2022) https://github.com/feido-token
• Let's eSign Enclave https://github.com/letsesign/letsesign-enclave
• Conclave Pass: Password Manager implemented using Conclave Cloud https://github.com/R3Conclave/ccl-sample-conclavepass
• eHSM (SGX Enclave Based Hardware Security Module) https://github.com/intel/ehsm
• Trusted Certificate Service for Kubernetes Platform https://github.com/intel/trusted-certificate-issuer
• lockbox: Key Share Management in SGX Secure Enclaves https://github.com/commerceblock/lockbox
• Password manager supporting the login where the credentials are stored securely in an enclave https://github.com/enclaive/sgx-login
• Key-Manager for Faasm (a high-performance stateful serverless runtime) https://github.com/faasm/keymanager
• SGX Enabled OpenStack Barbican Key Management System https://github.com/cloud-security-research/sgx-kms
• A server with SGX enclave that stores private keys and performs crypto operations upon requests https://github.com/cloud-key-store/keystore
• Protecting Web Passwords using Trusted Execution Environments https://github.com/SafeKeeper
• Channel ID Private Key Protection https://github.com/google/channel-id-enclave

Encrypted Databases and Key-value Stores

• HEDB: Towards A Secure Yet Maintainable Encrypted Database (OSDI 2023) https://github.com/SJTU-IPADS/HEDB
• memcached-sgx https://github.com/Yuhala/memcached-sgx
• EdgelessDB: a MySQL-compatible database running entirely inside SGX enclaves https://github.com/edgelesssys/edgelessdb
• Avocado: a secure distributed in-memory key-value store (USENIX ATC 2021) https://github.com/mbailleu/avocado
• SPEICHER: Securing LSM-based Key-Value Stores using Shielded Execution (FAST 2019)https://github.com/mbailleu/SpeicherDPDK
• StealthDB: an encrypted database from intel sgx with small trusted computing base (PETS 2019) https://github.com/cryptograph/stealthdb
• SQLite database inside a secure Intel SGX enclave (Linux) https://github.com/yerzhan7/SGX_SQLite
• STANlite: an in-memory database engine for SGX-enabled secure data processing https://github.com/ibr-ds/STANlite
• Trusted in-memory key-value stores (EuroSys 2019) https://github.com/cocoppang/ShieldStore
• Protect Audit-Log via Sqlite (EuroSys 2018) https://github.com/lsds/LibSEAL

Distributed Systems

• Reusable Enclaves for Confidential Serverless Computing (USENIX Security 2023) https://github.com/OSUSecLab/Reusable-Enclaves
• Intel Technology Enabling for OpenShift https://github.com/intel/intel-technology-enabling-for-openshift
• Dissecting BFT Consensus: In Trusted Components we Trust (EuroSys 2023) https://github.com/msadoghi/resdb-sgx-eurosys
• uBFT: Microsecond-scale BFT using Disaggregated Memory (ASPLOS 2023) https://github.com/LPD-EPFL/ubft
• Byzantine-fault tolerant pessimistic lock manager with Intel SGX https://github.com/shangsuru/verifiable-lockmanager
• Confidential Containers Operator: deploying and managing Confidential Containers Runtime on Kubernetes clusters https://github.com/confidential-containers/operator
• Oak: Meaningful Control of Data in Distributed Systems https://github.com/project-oak/oak
• Kubernetes Device Plugin for Intel SGX https://github.com/AliyunContainerService/sgx-device-plugin
• Intel Software Guard Extensions (SGX) device plugin for Kubernetes https://github.com/intel/intel-device-plugins-for-kubernetes/tree/main/cmd/sgx_plugin
• Robust P2P Primitives Using SGX Enclaves (RAID 2020) https://bitbucket.org/P2PUsingSGX/p2pusingsgx
• SecDATAVIEW: A Secure Big Data Workflow Management System for Heterogeneous Computing Environments (ACSAC 2019) https://github.com/shiyonglu/SecDATAVIEW
• SGX-Migration: A library and an application to provide migratable primitives for SGX enclaves (DSN 2018) https://github.com/SSGAalto/sgx-migration
• Memory Sharing Library for Intel SGX Card https://github.com/cloud-security-research/memsharing-sgxcard
• SGX-Aware Container Orchestrator https://github.com/sebva/sgx-orchestrator
• ZooKeeper https://github.com/sereca/SecureKeeper
• Raft https://github.com/LuminousXLB/EnclaveRaft

Profiling

• TEEMon: A continuous performance monitoring framework for TEEs (Middleware 2020) https://github.com/rcrane/TEEMon
• sgxtop and sgxstat utilities for monitoring SGX driver statistics https://github.com/fortanix/sgxtop
• Report statistics of E/Ocalls, EPC Paging https://github.com/ibr-ds/sgx-perf
• Stress benchmark https://github.com/sebva/stress-sgx
• nbench benchmark https://github.com/utds3lab/sgx-nbench
• LMbench benchmark https://github.com/vsecurity-research/sgx-bench
• Linux SGX benchmarks (on encrypted buffer transfer) https://github.com/eliadt/sgx_benchmarks
• Simple memory benchmarking of Intel SGX https://github.com/lsds/sgx-membench

Performance

• SGX Switchless Calls Made Configless (DSN 2023)https://gitlab.com/Yuhala/zc-switchless
• rkt-io: Library OS for running Linux applications inside of Intel SGX enclaves (EuroSys 2021) https://github.com/Mic92/rkt-io
• Flume: a blazingly fast multi-producer, multi-consumer channel https://github.com/occlum/flume
• Actor model for better Enclave IPC (Middleware 2018) https://github.com/ibr-ds/EActors
• User-level paging (EuroSys 2017) https://github.com/acsl-technion/eleos
• Switch-less (ISCA 2017) https://github.com/oweisse/hot-calls
• SGXTuner: a distributed tuning system for enclaves https://github.com/dzobbe/sgxtuner

Compatibility

• Remote SGX enclave for embedded devices (SysTex 2022) https://github.com/Zildj1an/PopSGX
• HyperEnclave: An Open and Cross-platform Trusted Execution Environment (ATC 2022) https://github.com/HyperEnclave
• vSGX: Virtualizing SGX Enclaves on AMD SEV (Oakland 2022) https://github.com/OSUSecLab/vSGX

Defenses

• EnclaveFuzz: Finding Vulnerabilities in SGX Applications (NDSS 2024) https://github.com/LeoneChen/EnclaveFuzz
• SENSE: Enhancing Microarchitectural Awareness for TEEs via Subscription-Based Notification (NDSS 2024) https://github.com/sslab-gatech/Sense
• Fuzzing SGX Enclaves via Host Program Mutations (EuroS&P 2023) https://github.com/purseclab/FuzzSGX
• SGXRacer: Controlled Data Races in Enclaves: Attacks and Detection (USENIX Security 2023) https://github.com/OSUSecLab/SGXRacer
• PoCF: A Verified Confidential Computing as a Service Framework for Privacy Preservation (USENIX Security 2023) https://github.com/ya0guang/PoBF
• SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic Execution (CCS 2023) https://github.com/PKU-ASAL/WASEM
• No Forking Way: Detecting Cloning Attacks on Intel SGX Applications (ACSAC 2023) https://github.com/nec-research/CloneBuster
• Oblivious sorting in SGX https://github.com/oblsort/oblsort
• TEESec: Pre-Silicon Vulnerability Discovery for Trusted Execution Environments (ISCA 2023) https://github.com/MoeinGhaniyoun/TEESec
• Linux Security Hardening for Confidential Compute https://github.com/intel/ccc-linux-guest-hardening#requirements
• Hacking Valgrind to use it on Rust SGX enclave https://github.com/mithril-security/valgrind
• Enclyzer: Automated Analysis of Transient Data Leaks for Intel SGX https://github.com/bloaryth/enclyzer
• SgxMonitor (ACSAC 2022) https://github.com/tregua87/sgxmonitor-artifact
• PRIDWEN: Universally Hardening SGX Programs via Load-Time Synthesis (ATC 2022) https://github.com/sslab-gatech/Pridwen
• Minefield: A Software-only Protection for SGX Enclaves against DVFS Attacks (USENIX Security 2022) https://github.com/iaik/minefield
• SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing (USENIX Security 2022) https://github.com/uni-due-syssec/sgxfuzz
• Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGX (USENIX Security 2022) https://github.com/IAIK/LVI-NULLify
• SGXRay: Automated Vulnerability Finding in SGX Enclave Applications https://github.com/baidu/sgxray
• Collection of tools to perform memory analysis of machine SGX-enabled https://github.com/tregua87/sgx-forensic
• Open Enclave specific security automation projects (CodeQL static analysis, Fuzzing and binary analysis) https://github.com/openenclave/openenclave-security
• Auditee: a Tool to verify the reproducibility of SGX enclave builds https://github.com/sbellem/auditee
• Tamarin Models (Formal Verification) for State Continuity of Enclave Programs https://github.com/OSUSecLab/SGX-Enclave-Formal-Verification
• A Java flow analysis tool for SGX data sensitivity https://github.com/SOF3/enclavlow
• SGXL: Using 2MB large pages to mitigate page-based side-channels https://github.com/csl-iisc/SGXL
• Obfuscuro: A Commodity Obfuscation Engine for Intel SGX (NDSS 2019) https://github.com/adilahmad17/Obfuscuro
• CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves (ATC 2019) https://github.com/acsl-technion/cosmix
• Citadel: Trusted Reference Monitors for Linux using Intel SGX Enclaves https://github.com/HarriBellThomas/citadel
• SGX Branch Shadowing Mitigation https://github.com/SSGAalto/sgx-branch-shadowing-mitigation
• Enclave Protected Code Loader https://github.com/intel/linux-sgx-pcl
• A code confidentiality framework for Intel SGX https://github.com/utds3lab/sgxelide
• Deflection (CAT-SGX): Practical and Efficient in-Enclave Verification of Privacy Compliance https://github.com/StanPlatinum/cat-sgx
• Behavior-based Program Partitioning for Security Enclaves https://github.com/anahitH/program-partitioning-for-security-enclaves

Memory Protection

• EnigMap: External-Memory Oblivious Map for Secure Enclaves (USENIX Security 2023) https://github.com/odslib/odsl
• Address space layout randomization (NDSS 2017) https://github.com/jaebaek/SGX-Shield
• Hardware transactional memory (NDSS 2017) https://github.com/sslab-gatech/t-sgx
• Compiler-based boundscheck (EuroSys 2017) https://github.com/tudinfse/sgxbounds
• Linear/SQRT/Path ORAM https://github.com/maanrachid/SGXORAM
• SO2 ORAM https://github.com/hiroki-chen/SGXOram

I/O Protection

• Fidelius: Protecting User Secrets from Compromised Browsers (Oakland 2019) https://github.com/SabaEskandarian/Fidelius
• Building Distributed Enclave Applications with Sancus and SGX https://github.com/sancus-pma/tutorial-dsn18

Attacks

• PMFault: Faulting and Bricking Server CPUs through Management Interfaces (CHES 2023), CVE-2022-43309 https://github.com/zt-chen/PMFault
• Rapid Prototyping for Microarchitectural Attacks (USENIX Security 2022) https://github.com/libtea/frameworks
• SmashEx: Smashing SGX Enclaves Using Exceptions (CCS 2021) https://github.com/cimcs/poc-exploits-of-smashex
• Interface-Based Side Channel Attack Against Intel SGX (INFOCOM 2022) https://github.com/sgx-interface-side-channel/sgx-interface-side-channel
• Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend (USENIX Security 2021) https://github.com/dn0sar/frontal_poc
• VoltPillager: Hardware-based fault injection attacks against IntelSGX Enclaves using the SVID voltage scaling interface (USENIX Security 2021) https://github.com/zt-chen/voltpillager
• TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves (USENIX Security 2020) https://github.com/uni-due-syssec/teerex-exploits
• Faulty Point Unit: ABI Poisoning Attacks on Intel SGX (ACSAC 2020) https://github.com/fritzalder/faulty-point-unit
• COIN Attacks: on Insecurity of Enclave Untrusted Interfaces in SGX (ASPLOS 2020) https://github.com/mustakcsecuet/COIN-Attacks
• Plundervolt: Software-based Fault Injection Attacks against Intel SGX (Oakland 2020) https://github.com/KitMurdock/plundervolt
• SgxPectre Attacks: Stealing Intel Secrets from SGX Enclaves via Speculative Execution (EuroS&P 2019) https://github.com/OSUSecLab/SgxPectre
• Spectre Attacks: Exploiting Speculative Execution (Oakland 2019) https://github.com/lsds/spectre-attack-sgx
• RIDL: Rogue In-Flight Data Load (Oakland 2019) https://github.com/vusec/ridl
• ZombieLoad: Cross-Privilege-Boundary Data Sampling (CCS 2019) https://github.com/IAIK/ZombieLoad
• SGX-ROP: Practical Enclave Malware with Intel SGX (DIMVA 2019) https://github.com/sgxrop/sgxrop
• MicroScope: enabling microarchitectural replay attacks (ISCA 2019) https://github.com/dskarlatos/MicroScope
• Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic (CCS 2018) https://github.com/jovanbulck/nemesis
• Tutorial: Uncovering and mitigating side-channel leakage in Intel SGX enclaves (SPACE 2018) https://github.com/jovanbulck/sgx-tutorial-space18
• SGX-Step: A practical attack framework for precise enclave execution control (SysTEX 2017) https://github.com/jovanbulck/sgx-step
• Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution (USENIX Security 2017) https://github.com/jovanbulck/sgx-pte
• SGX-Bomb: Locking Down the Processor via Rowhammer Attack (SysTEX 2017) https://github.com/sslab-gatech/sgx-bomb
• SGX-Timing: Cache Attacks on Intel SGX (EuroSec 2017) https://github.com/m1ghtym0/sgx-timing

Beyond SGX Enclave Projects

• Confidential Computing Consortium Governance https://github.com/confidential-computing/governance
• Confidential Cloud Native Primitives (CCNP) https://github.com/intel/confidential-cloud-native-primitives
• MIG Partition Editor for NVIDIA GPUs https://github.com/NVIDIA/mig-parted
• Linux SVSM (Secure VM Service Module) for AMD SEV-SNP in Rust https://github.com/AMDESE/linux-svsm
• Blindbox: SaaS solutions that preserve your users' data privacy. https://github.com/mithril-security/blindbox
• salus: RISC-V micro-hypervisor for TEE development https://github.com/rivosinc/salus/
• Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing (CCS 2022) https://github.com/cerberus-ccs22/TAPC
• Elasticlave: An Efficient Memory Model for Enclaves (USENIX Security 2022) https://github.com/jasonyu1996/elasticlave
• TwinVisor: Hardware-isolated Confidential Virtual Machines for ARM (SOSP 2021) https://github.com/TwinVisor
• Kata Containers https://github.com/kata-containers/kata-containers
• AWS Nitro Enclaves: CPU and memory isolation for Amazon EC2 instances using Nitro Hypervisor https://github.com/aws/aws-nitro-enclaves-cli
• Evervault Cages https://github.com/evervault/cages
• TD-shim: Confidential Containers Shim Firmware https://github.com/confidential-containers/td-shim
• Key Broker Server for SEV(-ES) https://github.com/confidential-containers/simple-kbs
• A dynamic library providing Virtualization-based process isolation capabilities, also capable of creating TEEs using AMD SEV(-ES) https://github.com/containers/libkrun
• Smart Object Oriented: Mobile Entities Migration Between Smart Objects For Fully Decentralized and Autonomous Embedded Systems https://github.com/smartobjectoriented/soo
• mTower: designed for MicroController Units (MCUs) that support ARM TrustZone https://github.com/Samsung/mTower

Other TEEs

• ACAI: Protecting Accelerator Execution with Arm Confidential Computing Architecture (USENIX Security 2024) https://sectrs-acai.github.io/acai/
• LDR: Secure and Efficient Linux Driver Runtime for Embedded TEE Systems (NDSS 2024) https://github.com/SparkYHY/Linux-Driver-Runtime
• MyTEE: Owning the Trusted Execution Environment (NDSS 2023) https://github.com/sssecret2019/mytee
• PenglaiZone https://github.com/Penglai-Enclave/PenglaiZone
• nvTrust: NVIDIA Confidential Computing Ancillary Software https://github.com/NVIDIA/nvtrust
• Reference implementation of Arm-CCA RMM specification https://github.com/TF-RMM/tf-rmm
• ARM CCA feature emulation on QEMU https://github.com/Huawei/Huawei_CCA_QEMU
• ARMv9 CCA + Samsung ISLET: enable on-device confidential computing for end users on ARM devices https://github.com/Samsung/islet
• AMD SEV-SNP https://github.com/AMDESE/sev-guest
• Intel TDX https://github.com/intel/tdx-tools
• Secure Processing Unit (SPU), a provable, measurable secure computation device https://github.com/secretflow/spu
• Penglai-Enclave: Open-sourced secure and scalable TEE system for RISC-V (OSDI 2021) https://github.com/Penglai-Enclave/Penglai-Enclave
• IBM OpenPOWER Protected Execution Facility (EuroSys 2021) https://github.com/open-power/ultravisor
• A Lightweight Trusted Execution Environment for Secure IoT Devices (CCS 2021) https://github.com/sancus-tee
• Keystone: An Open-Source Secure Enclave Framework for RISC-V Processors (EuroSys 2020) https://github.com/keystone-enclave/keystone
• MultiZone Security TEE for RISC-V processors https://github.com/hex-five/multizone-sdk
• MultiZone Trusted Firmware https://github.com/hex-five/multizone-iot-sdk