GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → intel → confidential-computing-zoo

intel / confidential-computing-zoo

Licence: Apache-2.0 license
Confidential Computing Zoo provides confidential computing solutions based on Intel SGX, TDX, HEXL, etc. technologies.

Programming Languages

CMake
9771 projects
C++
36643 projects - #6 most used programming language
python
139335 projects - #7 most used programming language
c
50402 projects - #5 most used programming language
shell
77523 projects
Dockerfile
14818 projects

Labels

cloudcontainerssgxenclaveattestationkey-managementtdxconfidential-computing

Projects that are alternatives of or similar to confidential-computing-zoo

inclavare-containers
A novel container runtime, aka confidential container, for cloud-native confidential computing and enclave runtime ecosystem.
Stars: ✭ 510 (+188.14%)
Mutual labels:  sgx, enclave, confidential-computing
sgx-tutorial-space18
Tutorial: Uncovering and mitigating side-channel leakage in Intel SGX enclaves
Stars: ✭ 44 (-75.14%)
Mutual labels:  sgx, enclave
sgxwallet
sgxwallet is the first-ever opensource high-performance hardware secure crypto wallet that is based on Intel SGX technology. First opensource product on Intel SGX whitelist. Scales to 100,000+ transactions per second. Currently supports ETH and SKALE, and will support BTC in the future. Sgxwallet is under heavy development and use by SKALE network.
Stars: ✭ 50 (-71.75%)
Mutual labels:  sgx
SecretNetwork
𝕊 The Secret Network
Stars: ✭ 466 (+163.28%)
Mutual labels:  sgx
cosmix
A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves
Stars: ✭ 22 (-87.57%)
Mutual labels:  sgx
docker-sgx
Base container for applications using the official Intel SGX SDK
Stars: ✭ 34 (-80.79%)
Mutual labels:  sgx
sgx-orchestrator
SGX-aware container orchestrator
Stars: ✭ 35 (-80.23%)
Mutual labels:  sgx
secure-xgboost
Secure collaborative training and inference for XGBoost.
Stars: ✭ 80 (-54.8%)
Mutual labels:  enclave
AttestationSamples
A small subset of the submitted sample data from https://github.com/GrapheneOS/Auditor. It has a sample attestation certificate chain per device model (ro.product.model) along with a subset of the system properties from the sample as supplementary information.
Stars: ✭ 25 (-85.88%)
Mutual labels:  attestation
hardware-attacks-state-of-the-art
Microarchitectural exploitation and other hardware attacks.
Stars: ✭ 29 (-83.62%)
Mutual labels:  sgx
meta-secure-core
OpenEmbedded layer for the use cases on secure boot, integrity and encryption
Stars: ✭ 80 (-54.8%)
Mutual labels:  sgx
graphene
Graphene / Graphene-SGX - a library OS for Linux multi-process applications, with Intel SGX support
Stars: ✭ 741 (+318.64%)
Mutual labels:  sgx
Wasm Micro Runtime
WebAssembly Micro Runtime (WAMR)
Stars: ✭ 2,440 (+1278.53%)
Mutual labels:  sgx
devicecheck-appattest
Server-side library to validate the authenticity of Apple App Attest artifacts, written in Kotlin.
Stars: ✭ 45 (-74.58%)
Mutual labels:  attestation
docker-sgx
A Docker image with Intel SGX support.
Stars: ✭ 66 (-62.71%)
Mutual labels:  sgx
aws-nitro-enclaves-cli
Tooling for Nitro Enclave Management
Stars: ✭ 64 (-63.84%)
Mutual labels:  enclave
chain
Ternoa's Blockchain to support the secure creation and transfer of Capsules
Stars: ✭ 39 (-77.97%)
Mutual labels:  sgx
crust-sworker
sWorker(storage worker) is an offchain storage work inspector of Crust MPoW protocol running inside TEE enclave
Stars: ✭ 30 (-83.05%)
Mutual labels:  sgx
python-sgx
Python interface to the SGX SDK
Stars: ✭ 29 (-83.62%)
Mutual labels:  sgx
aws-nitro-enclaves-sdk-c
This repo provides a C API for AWS Nitro Enclaves, including a KMS SDK that integrates it with attestation.
Stars: ✭ 73 (-58.76%)
Mutual labels:  enclave
View All Similar Projects ➔


Confidential Computing Zoo (CCZoo) is a collection of code-ready reference solutions, which can be used as a copy-paste developer guide, demonstrating how to apply modern security technologies to real-life cloud business scenarios, in order to facilitate the developers to build their own end-to-end Confidential Computing solutions more easily. Some of the solutions are also validated on the public cloud services, such as Alibaba Cloud, Tencent Cloud, AWS, Azure, etc. Please see Cloud Deployment.

The concerned modern security technologies are (but not limited to): TEE (Trusted Execution Environment, such as Intel® SGX and TDX), HE (Homomorphic Encryption) and its hardware accelerations, Remote Attestation, LibOS, cryptographic and its hardware accelerations. The concerned business scenarios are (but not limited to): cloud native AI inference, vertical and horizontal federated learning, big data analytics, key management, RPC (Remote Process Call, such as gRPC), etc.

CCZoo maintains a live table, as below, to indicate the correlations between business usages (rows) and security technologies (columns). Each hyperlink will direct you to the document section that explains the corresponding details and then guides you to the source codes. Enjoy!

Solution List (Solution to Component Correlation)

  Solution                                                     Security Components

Validated
in Public Cloud

Status

  TEE

           LibOS

Remote Attestation

    KMS

HE

Crypto

TLS

SGX TDX Gramine Occlum *RATS-TLS *RA-TLS gRPC Vault eHSM-KMS
Multi-Party Compute / Federated Learning
Horizontal Federated Learning
(TensorFlow) 		Yes - Yes - - Yes
(2-way) 		- - - Yes Yes
(RA-gRPC)

Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud,
Microsoft Azure

Published
Vertical Federated
Learning 
(TensorFlow) 		Yes - Yes - - Yes
(2-way) 		- - - Yes Yes
(RA-gRPC)

Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud,
Microsoft Azure

Published
Private Set
Intersection  		Yes - Yes - - - - - - - Yes
(RA-gRPC) 		ByteDance Cloud Published
Secure Logistic
Regression Training
Based on TEE & HE  		Yes - Yes - - - - - Yes Yes Yes Alibaba Cloud,
Tencent Cloud 		Published
Secure AI Inference & Training
TensorFlow Serving
Cluster PPML
(TensorFlow, K8S) 		Yes - Yes Yes - - - - - Yes Yes

Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud,
Microsoft Azure

Published
Secure Logistic Logical Regression Inference with HE and SGX Yes - - - - - - - Yes - -

Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud,
Microsoft Azure

Published
BigDL PPML Yes Yes Yes Yes - - - Yes - - -

Ant Group,
SKT

In Progress
Native Application Hosting
Cross Language
framework Based
on Gramine 		Yes - Yes - - - - - - - - Tencent Cloud Published
Attestation Server & Key Management Service
Attestation and Secret Provision Service Yes Yes - - Yes Yes - Yes - Yes Yes - Published
eHSM-KMS Yes - - - - - - Yes - Yes Yes - Published
Optimization on Secure Libs
Private Set
intersection
Optimization
on Xeon 		- - - - - - - - Yes Yes - - Not Start
Secure Database
Secure Database
Querying Based
on HE 		- - - - - - - - Yes Yes - - Not Start

Incubating Component Projects

Besides reference solutions, CCZoo is also incubating new projects of key security components that are commonly used by multiple CCZoo reference solutions. Once any of them is proven useful enough and stable enough via a thorough validation with CCZoo reference solutions running on various public cloud services, it will graduate from CCZoo and evolve to a standalone project.

Incubating Component Project '*'                                                                         Description Status Validated in Public Cloud
RATS-TLS This project provides a proof-of-concept implementation on how to integrate Intel SGX and TDX remote attestation into the TLS connection setup. Conceptually, it extends the standard X.509 certificate with SGX and TDX related information. It also provides two non-SGX clients (Wolfssl and OpenSSL) to show how seamless remote attestation works with different TLS libraries.  Published Alibaba Cloud
RA-TLS Enhanced gRPC This project provides an enhanced gRPC (Remote Procedure Call) framework to guarantee security during transmission and runtime via two-way RA-TLS (Intel SGX Remote Attestation with Transport Layer Security) based on TEE (Trusted Execution Environment). Published Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud

Cloud Deployment

Solutions and incubating component projects in CCZoo are constantly extended to be validated in public clouds to verify the versatility, stability, robustness. We will provide detialed configurations of each public clouds for reference, and notes of the diversity in each cloud for easy delopyment.

Below table shows solutions and component projects validated in public clouds. And it will be updated continuously.

     Public Cloud Alibaba Cloud ByteDance Cloud Azure Cloud Tencent Cloud
Instance  Type g7t
ecs.ebmg2t.32xlarge
Standard_DC16s_v3 M6ce.4XLARGE128 
Kernel 4.19.91-24
kernel-5.15
5.13.0-1031-azure 5.4.119-19-0009.1
OS Alibaba Cloud Linux 2.1903 Ubuntu20.04 Ubuntu Server 20.04 LTS - Gen2 TencentOS Server 3.1
Memory 64G(32G EPC memory)
512GB(256GB EPC memory)
128G (64G EPC Memory) 64G(32G EPC memory)
vCPU 16 16 16 16
PCCS Server sgx-dcap-server.cn-hangzhou.aliyuncs.com / sgx-dcap-server-tc.sh.tencent.cn 
Validated Solution 




Penetration Testing

CCZoo provides a serials of Penetration Testing cases to demonstrate the cases to find/exploit vulnerabilities of applications/frameworks/services under different scenarios without Intel TEE, compared with Intel TEE runtime protection capability. Pen-tests cases can be found at https://cczoo.readthedocs.io.

Confidential Computing Zoo Documentation

The official confidential computing zoo documentation can be found at https://cczoo.readthedocs.io.

Community Involvement

  • Please submit issues in this project if there is any question or request.
  • Welcome PRs for contributions.

Welcome to join the Wechat group or Slack channel for CCZoo tech discussion.

You can check CCZoo previous PDT meeting minutes here.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].