Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hello31337/BI-SGX
Bioinformatic Interpreter with Intel SGX
https://github.com/hello31337/BI-SGX
Last synced: about 1 month ago
JSON representation
Bioinformatic Interpreter with Intel SGX
- Host: GitHub
- URL: https://github.com/hello31337/BI-SGX
- Owner: hello31337
- License: other
- Created: 2018-12-04T08:03:04.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2020-06-03T06:29:39.000Z (over 4 years ago)
- Last Synced: 2024-08-03T01:23:35.148Z (4 months ago)
- Language: C++
- Size: 1.07 MB
- Stars: 22
- Watchers: 1
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- Awesome-SGX-Open-Source - https://github.com/hello31337/BI-SGX
README
# BI-SGX : Bioinformatic Interpreter on SGX-based Secure Computing Cloud
![release](https://img.shields.io/github/v/release/hello31337/BI-SGX)
![SGXSDK-version](https://img.shields.io/badge/SGXSDK-v2.9.1-informational.svg)
![issues](https://img.shields.io/github/issues/hello31337/BI-SGX)
![commits](https://img.shields.io/github/commits-since/hello31337/BI-SGX/latest)
![last-commit](https://img.shields.io/github/last-commit/hello31337/BI-SGX)## Introduction
These codes are interpreter which uses Intel(R) SGX's protection features and specializes for bioinformatical computations. The basical framework of these codes are heavily based on [Intel(R) Software Guard Extensions (SGX) Remote Attestation End-to-End Sample](https://github.com/intel/sgx-ra-sample).Contrary to Intel's original RA sample, this model uses inverted client-server model. In other words:
* ISV (SGX side) runs as server, which waits for SP's request after RA
* SP (non-SGX side) runs as client, which send request to ISV after RAThe reason why implemented as this inverted model is, in bioinformatical computation (or secret computation), usually user would like to use SGX features as cloud server with sending or storing their data in protected way.
The main contributions of this code are:
* This interpreter provides much friendly coding rule than using SGXSDK itself.
* Provides code protect feature without any annoying build/installation.
* Provides various bioinfomatically-utilized methods as default in interpreter.
* Provides integrated cloud platform which can be used as secure cloud storage and secure cloud computation base, and can make two features corporate.## Installation
### Prerequisites
Contrary to Intel's original RA sample, these codes are developed for Linux platform, so Windows OS is unexpected. Perhaps these can be run on Windows, but no performance guarantee.* Ensure your platform's OS is
* CentOS 7.4 (64-bit)
* Ubuntu 16.04 LTS (64-bit)
* Ubuntu 18.04 LTS (64-bit)* Ensure that you have built and installed the Intel SGX packages (Both of these must be SGX 2.x version):
* [Intel SGX Software Development Kit and Platform Software package for Linux](https://github.com/intel/linux-sgx). **You must install SGXSDK since version is 2.8**
* [Intel SGX Driver for Linux](https://github.com/intel/linux-sgx-driver)* Ensure that you have installed MySQL and MySQL Connector/C++.
```
$ sudo apt install mysql-server
$ sudo apt install libmysqlcppconn-dev
```* Run the following commands to install the required packages to build the RA code sample (this assumes you have installed the dependencies for the Intel SGX SDK and PSW package)
* On CentOS 7.4
```bash
$ yum install libcurl-devel
```* On Ubuntu 16.04
```bash
$ apt-get install libcurl4-openssl-dev
```* Run the following command to get your system's OpenSSL version. It must be
at least 1.1.0:
```bash
$ openssl version
```* If necessary, download the source for the latest release of OpenSSL 1.1.0, then build and install it into a _non-system directory_ such as /opt (note that both `--prefix` and `--openssldir` should be set when building OpenSSL 1.1.0). For example:
```bash
$ wget https://www.openssl.org/source/openssl-1.1.0i.tar.gz
$ tar xf openssl-1.1.0i.tar.gz
$ cd openssl-1.1.0i
$ ./config --prefix=/opt/openssl/1.1.0i --openssldir=/opt/openssl/1.1.0i
$ make
$ sudo make install
```### Configure and compile
First, prepare the build system (GNU* automake and autoconf) by running `bootstrap`, and then configure the software package using the `configure` command. You'll need to specify the location of OpenSSL 1.1.0. See the build notes section for additional options to `configure`.```
$ ./bootstrap
$ ./configure --with-openssldir=/opt/openssl/1.1.0i
$ make
```Or you can also execute these 3 commands at once by executing following command:
```
$ source make.sh
```Both `make clean` and `make distclean` are supported.
### User agent
In this project, libcurl is supported for SP as user agent on Linux to communicate with IAS. Using wget is not recommended, but if you want, you can change setting following Intel`s original RA sample's README.## Usage
### Set up DB for secret data storing
There must be two tables within one database.One is table named `userinfo`, which is for management of login info. The format of `userinfo` is following:
```
+-----------+------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+------+------+-----+---------+-------+
| username | text | YES | | NULL | |
| pass_hash | text | YES | | NULL | |
| privilege | text | YES | | NULL | |
+-----------+------+------+-----+---------+-------+
```And another is named `stored_data`, which is for storing secret data. The format of `stored_data` is following:
```
+-----------+----------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+----------+------+-----+---------+-------+
| dataname | text | YES | | NULL | |
| owner | text | YES | | NULL | |
| data | longblob | YES | | NULL | |
| datatype | text | YES | | NULL | |
| cipherlen | int(11) | YES | | NULL | |
+-----------+----------+------+-----+---------+-------+
```So ISV have to create above tables as aforementioned formats before start BI-SGX.
After started program, ISV must initialize DB login info. As default, this initialization will be done by following context:
``` C++
host = "localhost";
user = "BI-SGX";
password = "bisgx_sample";
database = "`BI-SGX`";
```
But hardcoded login context is extremely insecure, so you should edit `void BISGX_Database::initDB()` in `isv.cpp` to manually enter login context using like `cout`. More secure login method will be impremented in the future.### Start programs
You can run ISV (SGX server) code by entering command:
```bash
$ ./run-isv
```
To run SP (non-SGX client) code, enter command:
```bash
$ ./run-sp
```Default IP address is `localhost` and default port is `7777`.
You can also use `./run-client` to start ISV and `./run-server` to start SP, but their names are inconsistent with their actual roles.### Send data from SP to ISV
After complete RA, you can send your file to ISV from SP.#### If you are data owner (use data storage feature)
Firstly, you have to prepare login context as `login.ini`. Username, password, and authority-type should be described like following:``` bash
testuser # username
testpass12345 # password
O # authority type. "O" for data owner and "R" for researcher.
FASTA # option. designate data type of data to upload or designate other processes to require.
```Secondly, you have to prepare data to store to cloud server.
Currently 2 data types are acceptable; One is to be set of `int` or `double`, and another is to be set of `char`. The separator must be newline (`\n`).After completing remote attestation, you will be required to input filename of dataset. Then cloud DB storing will be executed and the result status will be returned from cloud server.
For more detailed usage, please see at [BI-SGX's wiki](https://github.com/hello31337/BI-SGX/wiki).
#### If you are researcher (use interpreter feature)
Firstly, you have to prepare `login.ini` as with the case of data owner.
Note that authority type is `R` for researcher.After completing remote attestation, you will be required to input filename of interpreter code. Then interpreter code will be executed at cloud's enclave and the result will be returned from cloud server.
## Specification/grammer of BI-SGX
See at [BI-SGX's wiki](https://github.com/hello31337/BI-SGX/wiki) for interpreter's specifications and grammers.## Implemented features
* Inverted client-server communication model
* Remote Attestation between SP and ISV
* Cryptographic features to send secret in secure
* Load secret into enclave
* DB storing feature for data owner
* Interpreter which runs inside enclave## TODO
* Adopt more effective algorithms for processing internal tables and internal codes in interpreter.## Website
[bi-sgx.net](https://bi-sgx.net)## LICENSE
All of these codes are developed and distributed under Intel Sample Source Code license. See the LICENSE file for detail.And many of BI-SGX's interpreter implementation owe to following book:
ISBN978-4-7973-6881-9「明快入門 インタプリタ開発」