Confidential Computing Zoo Versions Save

Confidential Computing Zoo provides confidential computing solutions based on Intel SGX, TDX, HEXL, etc. technologies.

v1.1

11 months ago

What’s New:

1.  2 New Solutions based on TDX Published, Ready for use.​​​​​​

  • Attested boot with encrypted TDVM OS image - Link Introduction: This solution builds an E2E attested boot solution with encrypted Intel TDVM OS image to protect customized guest OS image booting in cloud environment, also it provides the remote attestation capability to guarantee the trust environment and retrieve the secret key with RA-TLS.

  • Horizontal Federated Learning with TDX CoCo - Link Introduction: This solution builds horizontal federated learning framework with TDX confidential container. It demonstrates a full chain data security with encrypted docker image deployment protecting runtime security, data at-rest security and communication with remote attestation.

  1. Updates of Previously Published Solutions
  • Add TF Serving Cluster PPML support for - - Azure AKS and MAA
    • Add document to introduce the deployment in Azure SGX instance
    • Update source code to support the integration with Azure services (MAA & AKS)
    • Deliver docker image for Azure cloud deployment
  • Add TDX-TEE and Bazel support for gRPC RA-TLS
  • Deliver TDX docker image for TDX Encrypted VFS
  1. New published documents 

v1.0

1 year ago

What’s New

3 solutions published in the main branch, ready for use.

  • Horizontal Federated Learning with Intel TDX
  • Encrypted virtual File System with TDX-RA
  • Encrypted VFS and TDX-RA Enhanced TensorFlow Serving

Updates of Previously Published Solutions. o Horizontal Federated Learning

Document updates Add Azure Cloud Deployment Support

v0.7

1 year ago

What’s New

  1. 2 solutions published in the main branch, ready for use. o Machine binding key backup o HTTPA(Hypertext Transfer Protocol Attestable)

  2. Updates of Previously-Published Solutions. o Horizontal Federated Learning

    • Document updates.
    • Upgrade Gramine to v1.3.1 o TensorFlow Serving Cluster PPML
    • Upgrade Gramine to v1.3.1
    • Document updates o Cross languages framework based on Gramine
    • Document updates o PSI
    • Document updates
    • Add Azure Cloud Deployment Support

v0.6

1 year ago

What’s New

  1. 2 solutions published in main branch, ready for use. -> Secure AI Inference & Training o Secure Logistic Logical Regression Inference with HE and SGX- Link ->Incubating Component o Librats - Link

  2. Updates of Previously-Published Solutions. o Horizontal Federated Learning  Document updates.  Upgrade Gramine to v1.2  Add OpenAnolis Support o TensorFlow Serving Cluster PPML  Upgrade Gramine to v1.2  Document updates  Add OpenAnolis Support  Add Tencent CCP Integration Support o Cross languages framework based on Gramine  Document updates  Add Tencent CCP integration Support o PSI  Document updates  Add Tencent CCP integration Support  Upgrade Gramine to v1.2  Add OpenAnolis Support

  3. Integration to 1 new open community - OpenAnolis OpenAnolis CNCC SIG accepts CCZoo as one project member i. Add CCZoo Introduction in the main page ii. Publish 2 Solutions from CCZoo based on Anolis container

  4. New documents added in cczoo.readthedoc.io a. Add documents for i. Secure Logistic Logical Regression Inference with HE and SGX ii. Librats

v0.5

1 year ago

What’s New

  1. 3 solutions published in main branch, ready for use. o Homogenous Logistic Regression Training with Intel Paillier Library and Intel SGX - link o Private Set Intersection (PSI) with Intel SGX - link o BigDL Privacy Preserving Machine Learning (PPML) - link

  2. Add 1 new Public Cloud Deployment Validation Configuration o Add new one Cloud Deployment - Microsoft Azure - DCsv3-series.

  3. New documents added in cczoo.readthedoc.io Add documents for

  4. Updates of Previously-Published Solutions. o RA-TLS enhanced gRPC

    • Rename docker name
    • Upgrade dockerfile 18.04 to 20.04 o Horizontal Federated Learning
    • Document updates.
    • Add 1 new demo - Recommendation system o TensorFlow Serving Cluster PPML
    • Upgrade dockerfile 18.04 to 20.04 o Cross languages framework based on Gramine
    • Document updates
    • Update remote attestation config

v0.4

1 year ago

What’s New:

  1. 3 new reference solution published in main branch, ready for use.

    • Attestation and Secret Provision Service (ASPS) Brief Introduction: This solution provides a secret provision service following RA-TLS based remote attestation through gRPC. Secrets are stored in KMS that is hosted on tenant side beforehand and Secrets distribution is managed by Policy Manager according to predefined policy. Once tenant client verifies quote from CSP SGX Enclave successfully, KMS agent retrieves secrets from KMS and tenant sends them to the remote CSP SGX Enclave through an established secure gRPC channel.
    • Cross Language Framework based on Gramine
      Brief Introduction: This framework aims to ease the non-C language (e.g. Java) to do SGX remote attestation and transfer key/data between untrust node (clf_client / where running SGX enclave) and trust node(clf_server) when using Gramine.
    • Vertical Federated Learning Brief Introduction: This solution based on a ByteDance end-to-end open-source framework, called Fedlearner, based on TensorFlow, integrates SGX for machine learning, providing interfaces that facilitate federated learning tasks.

  2. Add 1 new Public Cloud Deployment Validation Configuration

    • ByteDance Volcengine SGX Instances (Bare metal)

  3. New documents added in cczoo.readthedoc.io

    • Attestation and Secret Provision Service (ASPS)
    • Cross Language Framework based on Gramine
    • Vertical Federated Learning

  4. Updates of Previously-Published Solutions.

    • RA-TLS enhanced gRPC
      • Add Occlum backend support
      • Add customized option for 1-way or 2-way TLS configuration.
      • Provide optional RA-TLS SDK option
    • Horizontal Federated Learning
      • Document updates.

v0.3

2 years ago

What's New

  1. 1 new incubating component project published in main branch, ready for use.

    • RATS-TLS v1.0 - link

      Brief Introduction: This project provides a proof-of-concept implementation on how to integrate Intel SGX remote attestation into the TLS connection setup. Conceptually, it extends the standard X.509 certificate with SGX-related information. It also provides three non-SGX clients (mbedtls, wolfSSL, OpenSSL) to show how seamless remote attestation works with different TLS libraries.

  2. 1 new solution published in main branch, ready for use.

    • eHSM-KMS v0.2.1 - link

      Brief Introduction: This solution, based on Intel SGX, provides a product-quality reference to help the customers setup a customized KMS (Key Management System) with the capabilities to create and manage cryptographic keys in their cloud environments.

  3. 3 published solutions validated in Ali Cloud and Tencent Cloud

    • Horizontal Federated Learning - link
    • RA-TLS Enhanced gRPC - link
    • TensorFlow Serving Cluster PPML - link

  4. New organization of GitHub main page with 3 designed tables

  5. New documents added in cczoo.readthedoc.io

  6. Add CI/CD basic test

    • Add docker image build test for TensorFlow Serving Cluster PPML, Horizontal Federated Learning, RA-TLS Enhanced gRPC.

Bug Fixes

No known issues

Solution Deployment

Please follow the steps in each solution documents to run each solution.

v0.2

2 years ago

Highlights

Publish 2 new solutions:

v0.1

2 years ago

Highlights

Publish The 1st solution - TensorFlow Serving Cluster PPML based on SGX

Details TEE : Intel SGX LibOS : Gramine App : Tensorflow Serving Encryption/Decryption : Yes TLS : gRPC