Incubator Teaclave Versions Save

In this release, we introduced Tonic and hence asynchronized all the services. Now the frontend service can talk with any gPRC-compatible clients. The platform audit is also enabled in this release. It is necessary for a platform processing security-sentive workloads. There are also some bug fixes and code polishment.

What's Changed

• Replace current rpc with grpc by @GeminiCarrie in https://github.com/apache/incubator-teaclave/pull/691
• Bump h2 from 0.3.16 to 0.3.19 by @GeminiCarrie in https://github.com/apache/incubator-teaclave/pull/696
• Send audit information from frontend to management service by @henrysun007 in https://github.com/apache/incubator-teaclave/pull/697
• Polish the code base by @henrysun007 in https://github.com/apache/incubator-teaclave/pull/699

Full Changelog: https://github.com/apache/incubator-teaclave/compare/v0.5.1...v0.6.0-rc.1

In this release, we mainly focus on LibOS-based execution service and license compliance. An execution service that can be run in LibOS is added. Besides, we adjusted the code based according to the advice from Apache IPMC.

What's Changed

• Commits after release by @henrysun007 in https://github.com/apache/incubator-teaclave/pull/684
• Integration with Occlum by @GeminiCarrie in https://github.com/apache/incubator-teaclave/pull/685
• Fix docker build issue caused by missing dependency of tomli by @sarutak in https://github.com/apache/incubator-teaclave/pull/686
• Fix deploy instruction for Azure to comply with SGX 2.17. by @sarutak in https://github.com/apache/incubator-teaclave/pull/687
• Apache compliance by @henrysun007 in https://github.com/apache/incubator-teaclave/pull/689

New Contributors

• @sarutak made their first contribution in https://github.com/apache/incubator-teaclave/pull/686

Full Changelog: https://github.com/apache/incubator-teaclave/compare/v0.5.0...v0.5.1

Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.

This is the fifth official Apache incubator release. In this release, we mainly focus on toolchain update, better development friendliness, function enhancement, task logging and CI improvement.

In this release, the underlying Rust SGX SDK is upgraded to 2.0.0. The number of Rust crates modified to run inside SGX reduces from hundreds to ten in our project. The Rust code backtrace is more complete than the old CPP version, which is good for debugging. Besides, a new structure FunctionArgument is introduced. Thus the function arguments are more typed and support both default value and overwriting. Usage count and limit to the function are also added. The function usage statistics is essential for a FaaS platform. Additionally, task log persistence is supported. Users can choose to save the logs as needed. Lastly, the CI is improved: tests are running parallelly and the running environment is upgraded.

To learn more, here is a list of notable changes in Teaclave version 0.5.0.

Features

• Rust SGX SDK upgrade (#666)
• Add FunctionArgument to Function (#677)
• Add usage statistics to Function (#678)
• Support task log persistence (#676)

Enhancements

• Improve CI (#658)
• Update rusty-leveldb version to v1.0.4 (#661)
• Replace protected_fs_rs with sgx_protected_fs of Rust SGX SDK

Bug Fixes

• Fix python SDK attestation bypaas (#679)
• Fix calling a wrong function

Docs

• Improve function comment layout for pdoc (#670)
• Fix typos (#671 #672 #675)

Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.

This is the fourth official Apache incubator release. In this release, we mainly focus on better user management, task management, performance improvement and stability.

In this release, we introduce a role-based access control for user management. Specifically, we define roles like admin, function owner, data owner, data owner manager, etc. Additionally, we also add APIs to support user management functionalities. In addition, we also implement a feature to cancel a running task to kill a long-run function which is no longer needed. Besides these two new features, we also made a lot of underlying changes to improve the performance of RPC and stability of the secure database.

To learn more, here is a list of notable changes in Teaclave version 0.4.0.

Features

• Add the DisableFunction interface (#620)
• Better user management interfaces: add the UserUpdate, UserChangePassword, ResetUserPassword, DeleteUser, and ListUsers interfaces
• Support optional input/output files (#603)
• Start Teaclave docker services with auto-detection mechanism (#559)
• Add watchdog functionality to monitor service status (#600)
• Support cancel a task
• Support intermediate cert in DCAP attestation cert

Enhancements

• Better error handling in Python client SDK (#632)
• Refactor services error types and messages, make them readable to end users
• Optimize RPC memory footprint of serde (#577)
• Support selectively including executors (#574)
• Support AES-GCM output files (#629)
• Add port probe for service launching
• Update WAMR version to WAMR-01-18-2022 (#616)
• Move execution context into a separate crate (#598)
• Support Ubuntu 20.04 docker image and add corresponding CI pipelines
• Persistent MockDB in test mode (#580)

Bug Fixes

• Better task state error and fix cancel error issue in the example (#637)
• Fix privilege issues in the GetFunction and ListFunctions interfaces (#636)
• Better building system: fix packages rebuild every time, avoid issues in parallel make (#589, #596)
• Fix the issue of generating code coverage of tests (#627)
• Fix LevelDB assertion issue: leveldb lru bug, using disk db for unit test (#583)

Docs

• Add release guide for releasing Teaclave in the community: https://teaclave.apache.org/docs/release-guide/
• Remove CONTRIBUTORS.md and point to the homepage (#552)

Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.

This is the fourth official Apache incubator release. In this release, we mainly focus on better user management, task management, performance improvement and stability.

In this release, we introduce a role-based access control for user management. Specifically, we define roles like admin, function owner, data owner, data owner manager, etc. Additionally, we also add APIs to support user management functionalities. In addition, we also implement a feature to cancel a running task to kill a long-run function which is no longer needed. Besides these two new features, we also made a lot of underlying changes to improve the performance of RPC and stability of the secure database.

To learn more, here is a list of notable changes in Teaclave version 0.4.0.

Features

• Add the DisableFunction interface (#620)
• Better user management interfaces: add the UserUpdate, UserChangePassword, ResetUserPassword, DeleteUser, and ListUsers interfaces
• Support optional input/output files (#603)
• Start Teaclave docker services with auto-detection mechanism (#559)
• Add watchdog functionality to monitor service status (#600)
• Support cancel a task
• Support intermediate cert in DCAP attestation cert

Enhancements

• Better error handling in Python client SDK (#632)
• Refactor services error types and messages, make them readable to end users
• Optimize RPC memory footprint of serde (#577)
• Support selectively including executors (#574)
• Support AES-GCM output files (#629)
• Add port probe for service launching
• Update WAMR version to WAMR-01-18-2022 (#616)
• Move execution context into a separate crate (#598)
• Support Ubuntu 20.04 docker image and add corresponding CI pipelines
• Persistent MockDB in test mode (#580)

Bug Fixes

• Better task state error and fix cancel error issue in the example (#637)
• Fix privilege issues in the GetFunction and ListFunctions interfaces (#636)
• Better building system: fix packages rebuild every time, avoid issues in parallel make (#589, #596)
• Fix the issue of generating code coverage of tests (#627)
• Fix LevelDB assertion issue: leveldb lru bug, using disk db for unit test (#583)

Docs

• Add release guide for releasing Teaclave in the community: https://teaclave.apache.org/docs/release-guide/
• Remove CONTRIBUTORS.md and point to the homepage (#552)

Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.

This is the third official Apache Incubator release. In this release, we focus more on bringing WebAssembly into Teaclave. Now, you can run functions written in different languages in Teaclave with the WebAssembly executor. Specifically, we modify WebAssembly Micro Runtime and add it as a new executor in Teaclave.

To illustrate the capability of the executor, we also support WebAssembly machine learning models compiled by Apache TVM. Apache TVM is an open source machine learning compiler framework for CPUs, GPUs, and machine learning accelerators. TVM also supports WebAssembly runtime backend. We also introduce a new MNIST inference example to show the usage of the new executor with TVM.

Here is a list of notable changes in Teaclave version 0.3.0.

Features

• Add the WebAssembly executor to support functions written in other languages.
• Examples of running C and Rust with the WebAssembly executor.
• Support inference tasks with models compiled by TVM.
• Add the MNIST inference example to demonstrate the ability of using TVM in Teaclave.

Enhancements

• Add the script to simplify developing with editors with Rust's Language Server Protocol support.
• Upgrade SGX SDK dependencies, i.e., Intel SGX SDK to version 2.14.100.2, DCAP to version 1.11.100.2.

Bug Fixes

• Update the SGX SDK used in the runtime dockerfile.
• Fix Python.h not found when compiling acs_py_enclave.c.
• Fix building system messed up by untracked Cargo.lock files.
• Fix dcap building issue.

Docs

• Add instructions to configure URLs of input/output files in examples.
• Executing WebAssembly in Teaclave: https://teaclave.apache.org/docs/executing-wasm/.
• Inferencing with TVM in Teaclave: https://teaclave.apache.org/docs/inference-with-tvm/.

Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.

This is the third official Apache Incubator release. In this release, we focus more on bringing WebAssembly into Teaclave. Now, you can run functions written in different languages in Teaclave with the WebAssembly executor. Specifically, we modify WebAssembly Micro Runtime and add it as a new executor in Teaclave.

To illustrate the capability of the executor, we also support WebAssembly machine learning models compiled by Apache TVM. Apache TVM is an open source machine learning compiler framework for CPUs, GPUs, and machine learning accelerators. TVM also supports WebAssembly runtime backend. We also introduce a new MNIST inference example to show the usage of the new executor with TVM.

Here is a list of notable chanages in Teaclave version 0.3.0.

Features

• Add the WebAssemly executor to support functions written in other languages.
• Exmples of runing C and Rust with the WebAssembly executor.
• Support inference tasks with models compiled by TVM.
• Add the MNIST inference example to demonstrate the ability of using TVM in Teaclave.

Enhancements

• Add the script to simplify developing with editors with Rust's Language Server Protocol support.
• Upgrade SGX SDK dependencies, i.e., Intel SGX SDK to version 2.14.100.2, DCAP to version 1.11.100.2.

Bug Fixes

• Update the SGX SDK used in the runtime dockerfile.
• Fix Python.h not found when compiling acs_py_enclave.c.
• Fix building system messed up by untracked Cargo.lock files.
• Fix dcap building issue.

Docs

• Add instruction to config URLs of input/output files in examples.
• Executing WebAssembly in Teaclave: https://teaclave.apache.org/docs/executing-wasm/.
• Inferencing with TVM in Teaclave: https://teaclave.apache.org/docs/inference-with-tvm/.

In 0.2.0, we focus on various components including built-in functions, SDKs in different languages, docker, command line interface, documents, etc. Specifically, we have following updates:

Functions

• Add the builtin PCA (Principal Component Analysis) function
• Add the exposed password checking built-in function (#447)

SDK

• Add Rust client SDK (#455)
• Add C client SDK and examples (#470)
• Add Swift SDK (iOS framework)
• Change CMAC format from string to bytes array

Docker

• Add a teaclave-file-service container to the docker compose file to help run the examples (#446)
• Fix sim mode docker compose file (#462)

CLI

• [cli] Add the attest subcommand to display attestation report from the remote Teaclave service

Documents

• [docs] Add permalink for codebase's README (#428)
• [docs] Add document of Deploying Teaclave on Azure Confidential Computing Virtual Machines

Bug Fixes

• [binder] Add checks and test case for input/output buffer. (#423)

Misc

• Start to use GitHub Action (#473)
• Add GitHub issue templates (#476)
• Document polishing

This is the first Apache Incubator release of Teaclave. Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.

Apache Teaclave (incubating) has following highlights:

• Security: Teaclave adopts multiple security technologies to enable secure computing, in particular, Teaclave uses Intel SGX to serve the most security-sensitive tasks with hardware-based isolation, memory encryption and attestation. Also, Teaclave is written in Rust to prevent memory-safety issues.
• Functionality: Teaclave is provided as a function-as-a-service platform. With many built-in functions, it supports tasks like machine learning, private set intersection, crypto computation, etc. In addition, developers can also deploy and execute Python scripts in Teaclave. More importantly, unlike traditional FaaS, Teaclave supports both general secure computing tasks and flexible single- and multi-party secure computation.
• Usability: Teaclave builds its components in containers, therefore, it supports deployment both locally and within cloud infrastructures. Teaclave also provides convenient endpoint APIs, client SDKs and command line tools.
• Modularity: Components in Teaclave are designed in modular, and some like remote attestation can be easily embedded in other projects. In addition, Teaclave SGX SDK can also be used separately to write standalone SGX enclaves for other purposes.

Compared to the pre- Apache incubator version, we made the following changes to improve overall functionality, usability, and documentation of Teaclave.

• support function and data registration
  • input data of a function can be fetched from external storage
  • reuse registered function in new tasks
• redesign function development workflow
  • developers only need to write python script with native libraries written in Rust
• provide persistent database implementation
  • port rusty-leveldb
  • add dedicated database service for data persistency
• support protobuf compatible RPC protocol
  • refactor existing service protocol with .proto files
• support distributed workers
  • support docker deployment
• support customized workers
  • service provider can deploy with other kinds of customized workers besides builtin worker
• better documentation
• better error handling
  • errors can be propagated through RPC
  • better error triage
• testsuite cleanup/refactoring
• implement more built-in functions
• support more flexible attestation mechanisms (DCAP)
• RPC enhancement
  • multi-language client