intel/confidential-computing-zoo intel/confidential-computing-zoo

  • Stars
    star
    229
  • Rank 168,367 (Top 4 %)
  • Language CMake
  • License
    Apache License 2.0
  • Created over 2 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
intel/confidential-computing-zoo
github

intel

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Confidential Computing Zoo provides confidential computing solutions based on Intel SGX, TDX, HEXL, etc. technologies.


Confidential Computing Zoo (CCZoo) is a collection of code-ready reference solutions, which can be used as a copy-paste developer guide, demonstrating how to apply modern security technologies to real-life cloud business scenarios, in order to facilitate the developers to build their own end-to-end Confidential Computing solutions more easily. Some of the solutions are also validated on the public cloud services, such as Alibaba Cloud, Tencent Cloud, AWS, Azure, etc. Please see Cloud Deployment.

The concerned modern security technologies are (but not limited to): TEE (Trusted Execution Environment, such as Intel® SGX and TDX), HE (Homomorphic Encryption) and its hardware accelerations, Remote Attestation, LibOS, cryptographic and its hardware accelerations. The concerned business scenarios are (but not limited to): cloud native AI inference, vertical and horizontal federated learning, big data analytics, key management, RPC (Remote Process Call, such as gRPC), etc.

CCZoo maintains a live table, as below, to indicate the correlations between business usages (rows) and security technologies (columns). Each hyperlink will direct you to the document section that explains the corresponding details and then guides you to the source codes. Enjoy!

Solution List (Solution to Component Correlation)

  Solution                                                     Security Components

Validated
in Public Cloud

Status

  TEE

           LibOS

Remote Attestation

    KMS

HE

Crypto

TLS

SGX TDX Gramine Occlum *RATS-TLS *RA-TLS gRPC Vault eHSM-KMS
Multi-Party Compute / Federated Learning
Horizontal Federated Learning
(TensorFlow) 		Yes
 Yes Yes - - Yes
(2-way) 		- - - Yes Yes
(RA-gRPC)

Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud,
Microsoft Azure

Published
Vertical Federated
Learning 
(TensorFlow) 		Yes - Yes - - Yes
(2-way) 		- - - Yes Yes
(RA-gRPC)

Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud,
Microsoft Azure

Published
Private Set
Intersection  		Yes - Yes - - - - - - - Yes
(RA-gRPC) 		ByteDance Cloud,
Microsoft Azure 		Published
Secure Logistic
Regression Training
Based on TEE & HE  		Yes - Yes - - - - - Yes Yes Yes Alibaba Cloud,
Tencent Cloud 		Published
Secure AI Inference & Training
TensorFlow Serving
Cluster PPML
(TensorFlow, K8S) 		Yes Yes Yes Yes - - - - - Yes Yes

Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud,
Microsoft Azure

Published
Secure Logistic Logical Regression Inference with HE and SGX Yes - - - - - - - Yes - -

Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud,
Microsoft Azure

Published
BigDL PPML Yes Yes Yes Yes - - - Yes - - -

Ant Group,
SKT

In Progress
Native Application Hosting
Cross Language
framework Based
on Gramine 		Yes - Yes - - - - - - - - Tencent Cloud Published
Attestation Server & Key Management Service
Attestation and Secret Provision Service Yes Yes - - Yes Yes - Yes - Yes Yes - Published
eHSM-KMS Yes - - - - - - Yes - Yes Yes - Published
Optimization on Secure Libs
Private Set
intersection
Optimization
on Xeon 		- - - - - - - - Yes Yes - - Not Start
Secure Database
Secure Database
Querying Based
on HE 		- - - - - - - - Yes Yes - - Not Start
---

Incubating Component Projects

Besides reference solutions, CCZoo is also incubating new projects of key security components that are commonly used by multiple CCZoo reference solutions. Once any of them is proven useful enough and stable enough via a thorough validation with CCZoo reference solutions running on various public cloud services, it will graduate from CCZoo and evolve to a standalone project.

Incubating Component Project'*'                                                                         Description Status Validated in Public Cloud
RATS-TLS This project provides a proof-of-concept implementation on how to integrate Intel SGX and TDX remote attestation into the TLS connection setup. Conceptually, it extends the standard X.509 certificate with SGX and TDX related information. It also provides two non-SGX clients (Wolfssl and OpenSSL) to show how seamless remote attestation works with different TLS libraries.  Published Alibaba Cloud
RA-TLS Enhanced gRPC This project provides an enhanced gRPC (Remote Procedure Call) framework to guarantee security during transmission and runtime via two-way RA-TLS (Intel SGX Remote Attestation with Transport Layer Security) based on TEE (Trusted Execution Environment). Published Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud
HTTPA  HTTPA aims for two purposes. First, help perform remote attestation on the web application running inside the TEE in which the flow can be unilateral (one-way HTTPA) or bilateral (mutual HTTPA) by verifying attestation evidence with a verifier such as a trusted authority (TA). Second, help build secure communication directly with the web application at L7 running inside the TEE. 
 Published /

Cloud Deployment

Solutions and incubating component projects in CCZoo are constantly extended to be validated in public clouds to verify the versatility, stability, robustness. We will provide detialed configurations of each public clouds for reference, and notes of the diversity in each cloud for easy delopyment.

Below table shows solutions and component projects validated in public clouds. And it will be updated continuously.

     Public Cloud Alibaba Cloud ByteDance Cloud Azure Cloud Tencent Cloud
Instance  Type g7t
ecs.ebmg2t.32xlarge
Standard_DC16s_v3 M6ce.4XLARGE128 
Kernel 4.19.91-24
kernel-5.15
5.13.0-1031-azure 5.4.119-19-0009.1
OS Alibaba Cloud Linux 2.1903 Ubuntu20.04 Ubuntu Server 20.04 LTS - Gen2 TencentOS Server 3.1
Memory 64G(32G EPC memory)
512GB(256GB EPC memory)
128G (64G EPC Memory) 64G(32G EPC memory)
vCPU 16 16 16 16
PCCS Server sgx-dcap-server-vpc.cn-hangzhou.aliyuncs.com N/A sgx-dcap-server-tc.sh.tencent.cn 
Validated Solution 




Penetration Testing

CCZoo provides a serials of Penetration Testing cases to demonstrate the cases to find/exploit vulnerabilities of applications/frameworks/services under different scenarios without Intel TEE, compared with Intel TEE runtime protection capability. Pen-tests cases can be found at https://cczoo.readthedocs.io.

Confidential Computing Zoo Documentation

The official confidential computing zoo documentation can be found at https://cczoo.readthedocs.io.

Community Involvement

  • Please submit issues in this project if there is any question or request.
  • Welcome PRs for contributions.

Welcome to join the Wechat group or Slack channel for CCZoo tech discussion.

You can check CCZoo previous PDT meeting minutes here.

More Repositories

1

hyperscan

High-performance regular expression matching library
C++
4,478
star
2

acat

Assistive Context-Aware Toolkit (ACAT)
C#
3,191
star
3

haxm

Intel® Hardware Accelerated Execution Manager (Intel® HAXM)
C
3,029
star
4

appframework

The definitive HTML5 mobile javascript framework
CSS
2,435
star
5

pcm

Intel® Performance Counter Monitor (Intel® PCM)
C++
2,083
star
6

neural-compressor

SOTA low-bit LLM quantization (INT8/FP8/INT4/FP4/NF4) & sparsity; leading model compression techniques on TensorFlow, PyTorch, and ONNX Runtime
Python
1,939
star
7

intel-extension-for-transformers

⚡ Build your chatbot within minutes on your favorite device; offer SOTA compression techniques for LLMs; run LLMs efficiently on Intel Platforms⚡
Python
1,910
star
8

intel-extension-for-pytorch

A Python package for extending the official PyTorch that can easily obtain performance on Intel platform
Python
1,203
star
9

linux-sgx

Intel SGX for Linux*
C++
1,180
star
10

scikit-learn-intelex

Intel(R) Extension for Scikit-learn is a seamless way to speed up your Scikit-learn application
Python
954
star
11

llvm

Intel staging area for llvm.org contribution. Home for Intel LLVM-based projects.
918
star
12

nemu

ARCHIVED: Modern Hypervisor for the Cloud. See https://github.com/cloud-hypervisor/cloud-hypervisor instead
C
915
star
13

compute-runtime

Intel® Graphics Compute Runtime for oneAPI Level Zero and OpenCL™ Driver
C++
912
star
14

caffe

This fork of BVLC/Caffe is dedicated to improving performance of this deep learning framework when running on CPU, in particular Intel® Xeon processors.
C++
845
star
15

isa-l

Intelligent Storage Acceleration Library
C
816
star
16

media-driver

C
783
star
17

cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
Python
721
star
18

intel-cmt-cat

User space software for Intel(R) Resource Director Technology
C
630
star
19

fastuidraw

C++
603
star
20

optimization-manual

Contains the source code examples described in the "Intel® 64 and IA-32 Architectures Optimization Reference Manual"
Assembly
602
star
21

libipt

libipt - an Intel(R) Processor Trace decoder library
C
594
star
22

libxcam

libXCam is a project for extended camera(not limited in camera) features and focus on image quality improvement and video analysis. There are lots features supported in image pre-processing, image post-processing and smart analysis. This library makes GPU/CPU/ISP working together to improve image quality. OpenCL is used to improve performance in different platforms.
C++
577
star
23

clDNN

Compute Library for Deep Neural Networks (clDNN)
C++
573
star
24

libva

Libva is an implementation for VA-API (Video Acceleration API)
C
558
star
25

intel-graphics-compiler

C++
503
star
26

wds

Wireless Display Software For Linux OS (WDS)
C++
496
star
27

thermal_daemon

Thermal daemon for IA
C++
485
star
28

x86-simd-sort

C++ header file library for high performance SIMD based sorting algorithms for primitive datatypes
C++
485
star
29

Intel-Linux-Processor-Microcode-Data-Files

466
star
30

gvt-linux

C
463
star
31

kernel-fuzzer-for-xen-project

Kernel Fuzzer for Xen Project (KF/x) - Hypervisor-based fuzzing using Xen VM forking, VMI & AFL
C
441
star
32

tinycbor

Concise Binary Object Representation (CBOR) Library
C
432
star
33

openfl

An open framework for Federated Learning.
Python
427
star
34

cc-oci-runtime

OCI (Open Containers Initiative) compatible runtime for Intel® Architecture
C
415
star
35

tinycrypt

tinycrypt is a library of cryptographic algorithms with a focus on small, simple implementation.
C
373
star
36

compile-time-init-build

C++ library for composing modular firmware at compile-time.
C++
372
star
37

ARM_NEON_2_x86_SSE

The platform independent header allowing to compile any C/C++ code containing ARM NEON intrinsic functions for x86 target systems using SIMD up to SSE4 intrinsic functions
C
369
star
38

yarpgen

Yet Another Random Program Generator
C++
357
star
39

intel-device-plugins-for-kubernetes

Collection of Intel device plugins for Kubernetes
Go
356
star
40

QAT_Engine

Intel QuickAssist Technology( QAT) OpenSSL Engine (an OpenSSL Plug-In Engine) which provides cryptographic acceleration for both hardware and optimized software using Intel QuickAssist Technology enabled Intel platforms. https://developer.intel.com/quickassist
C
356
star
41

linux-sgx-driver

Intel SGX Linux* Driver
C
334
star
42

safestringlib

C
328
star
43

xess

C
313
star
44

idlf

Intel® Deep Learning Framework
C++
311
star
45

ad-rss-lib

Library implementing the Responsibility Sensitive Safety model (RSS) for Autonomous Vehicles
C++
298
star
46

intel-vaapi-driver

VA-API user mode driver for Intel GEN Graphics family
C
289
star
47

ipp-crypto

C
269
star
48

rohd

The Rapid Open Hardware Development (ROHD) framework is a framework for describing and verifying hardware in the Dart programming language. ROHD enables you to build and traverse a graph of connectivity between module objects using unrestricted software.
Dart
256
star
49

opencl-intercept-layer

Intercept Layer for Debugging and Analyzing OpenCL Applications
C++
255
star
50

FSP

Intel(R) Firmware Support Package (FSP)
C
244
star
51

dffml

The easiest way to use Machine Learning. Mix and match underlying ML libraries and data set sources. Generate new datasets or modify existing ones with ease.
Python
241
star
52

intel-ipsec-mb

Intel(R) Multi-Buffer Crypto for IPSec
C
238
star
53

userspace-cni-network-plugin

Go
232
star
54

isa-l_crypto

Assembly
232
star
55

intel-extension-for-tensorflow

Intel® Extension for TensorFlow*
C++
226
star
56

bmap-tools

BMAP Tools
Python
220
star
57

ozone-wayland

Wayland implementation for Chromium Ozone classes
C++
214
star
58

intel-qs

High-performance simulator of quantum circuits
C++
202
star
59

SGXDataCenterAttestationPrimitives

C++
202
star
60

intel-sgx-ssl

Intel® Software Guard Extensions SSL
C
197
star
61

msr-tools

C
195
star
62

depth-camera-web-demo

JavaScript
194
star
63

CPU-Manager-for-Kubernetes

Kubernetes Core Manager for NFV workloads
Python
190
star
64

rmd

Go
189
star
65

asynch_mode_nginx

C
186
star
66

hexl

Intel®️ Homomorphic Encryption Acceleration Library accelerates modular arithmetic operations used in homomorphic encryption
C++
181
star
67

ros_object_analytics

C++
177
star
68

zephyr.js

JavaScript* Runtime for Zephyr* OS
C
176
star
69

generic-sensor-demos

HTML
175
star
70

ipmctl

C
172
star
71

sgx-ra-sample

C++
171
star
72

lmbench

C
171
star
73

cri-resource-manager

Kubernetes Container Runtime Interface proxy service with hardware resource aware workload placement policies
Go
166
star
74

virtual-storage-manager

Python
164
star
75

PerfSpect

System performance characterization tool based on linux perf
Python
164
star
76

systemc-compiler

This tool translates synthesizable SystemC code to synthesizable SystemVerilog.
C++
155
star
77

webml-polyfill

Deprecated, the Web Neural Network Polyfill project has been moved to https://github.com/webmachinelearning/webnn-polyfill
Python
153
star
78

pmem-csi

Persistent Memory Container Storage Interface Driver
Go
151
star
79

libyami

Yet Another Media Infrastructure. it is core part of media codec with hardware acceleration, it is yummy to your video experience on Linux like platform.
C++
148
star
80

ros_openvino_toolkit

C++
147
star
81

rib

Rapid Interface Builder (RIB) is a browser-based design tool for quickly prototyping and creating the user interface for web applications. Layout your UI by dropping widgets onto a canvas. Run the UI in an interactive "Preview mode". Export the generated HTML and Javascript. It's that simple!
JavaScript
147
star
82

ideep

Intel® Optimization for Chainer*, a Chainer module providing numpy like API and DNN acceleration using MKL-DNN.
C++
145
star
83

libva-utils

Libva-utils is a collection of tests for VA-API (VIdeo Acceleration API)
C
144
star
84

gmmlib

C++
141
star
85

platform-aware-scheduling

Enabling Kubernetes to make pod placement decisions with platform intelligence.
Go
140
star
86

numatop

NumaTOP is an observation tool for runtime memory locality characterization and analysis of processes and threads running on a NUMA system.
C
139
star
87

ros2_grasp_library

C++
138
star
88

XBB

C++
133
star
89

tdx-tools

Cloud Stack and Tools for Intel TDX (Trust Domain Extension)
C
131
star
90

ros2_intel_realsense

This project is deprecated and no more maintained. Please visit https://github.com/IntelRealSense/realsense-ros for ROS2 wrapper.
C++
131
star
91

linux-intel-lts

C
131
star
92

CeTune

Python
130
star
93

cm-compiler

C++
130
star
94

pti-gpu

Profiling Tools Interfaces for GPU (PTI for GPU) is a set of Getting Started Documentation and Tools Library to start performance analysis on Intel(R) Processor Graphics easily
C++
129
star
95

fMBT

Free Model Based tool
Python
129
star
96

zlib

C
128
star
97

ros_intel_movidius_ncs

C++
126
star
98

mpi-benchmarks

C
125
star
99

mOS

C
124
star
100

sgx-software-enable

C
122
star