https://github.com/intel/confidential-computing-zoo
Confidential Computing Zoo provides confidential computing solutions based on Intel SGX, TDX, HEXL, etc. technologies.
https://github.com/intel/confidential-computing-zoo
attestation cloud confidential-computing containers enclave key-management sgx tdx
Last synced: about 1 month ago
JSON representation
Confidential Computing Zoo provides confidential computing solutions based on Intel SGX, TDX, HEXL, etc. technologies.
- Host: GitHub
- URL: https://github.com/intel/confidential-computing-zoo
- Owner: intel
- License: apache-2.0
- Created: 2021-11-25T05:42:42.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2025-03-12T01:31:06.000Z (about 1 month ago)
- Last Synced: 2025-03-12T02:32:04.888Z (about 1 month ago)
- Topics: attestation, cloud, confidential-computing, containers, enclave, key-management, sgx, tdx
- Language: CMake
- Homepage: https://cczoo.readthedocs.io/en/latest/index.html
- Size: 82.1 MB
- Stars: 322
- Watchers: 13
- Forks: 62
- Open Issues: 9
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
- Security: Security.md
Awesome Lists containing this project
- awesome-confidential-computing - Intel Confidential Computing Zoo
- Awesome-SGX-Open-Source - https://github.com/intel/confidential-computing-zoo
README
Confidential Computing Zoo (CCZoo) is a collection of code-ready reference solutions, which can be used as a copy-paste developer guide, demonstrating how to apply modern security technologies to real-life cloud business scenarios, in order to facilitate the developers to build their own end-to-end Confidential Computing solutions more easily. Some of the solutions are also validated on the public cloud services, such as Alibaba Cloud, Tencent Cloud, AWS, Azure, etc. Please see [Cloud Deployment](https://github.com/intel/confidential-computing-zoo#cloud-deployment).
The concerned modern security technologies are (but not limited to): TEE (Trusted Execution Environment, such as Intel® SGX and TDX), HE (Homomorphic Encryption) and its
hardware accelerations, Remote Attestation, LibOS, cryptographic and its hardware accelerations. The concerned business scenarios are (but not limited to): cloud native AI
inference, vertical and horizontal federated learning, big data analytics, key management, RPC (Remote Process Call, such as gRPC), etc.
CCZoo maintains a live table, as below, to indicate the correlations between business usages (rows) and security technologies (columns). Each hyperlink will direct you to the
document section that explains the corresponding details and then guides you to the source codes. Enjoy!
# Solution List (Solution to Component Correlation)
Solution
Security Components
Validated
in Public Cloud
Status
TEE
LibOS
Remote Attestation
KMS
HE
Crypto
TLS
SGX
TDX
Gramine
Occlum
*RATS-TLS
*RA-TLS gRPC
Vault
eHSM-KMS
Multi-Party Compute / Federated Learning
Horizontal Federated Learning
(TensorFlow)
Yes
Yes
Yes
-
-
Yes
(2-way)
-
-
-
Yes
Yes
(RA-gRPC)
Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud,
Microsoft Azure
Published
Vertical Federated
Learning
(TensorFlow)
Yes
-
Yes
-
-
Yes
(2-way)
-
-
-
Yes
Yes
(RA-gRPC)
Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud,
Microsoft Azure
Published
Private Set
Intersection
Yes
-
Yes
-
-
-
-
-
-
-
Yes
(RA-gRPC)
ByteDance Cloud,
Microsoft Azure
Published
Secure Logistic
Regression Training
Based on TEE & HE
Yes
-
Yes
-
-
-
-
-
Yes
Yes
Yes
Alibaba Cloud,
Tencent Cloud
Published
Secure AI Inference & Training
TensorFlow Serving
Cluster PPML
(TensorFlow, K8S)
Yes
Yes
Yes
Yes
-
-
-
-
-
Yes
Yes
Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud,
Microsoft Azure
Published
Secure Logistic Logical Regression Inference with HE and SGX
Yes
-
-
-
-
-
-
-
Yes
-
-
Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud,
Microsoft Azure
Published
BigDL PPML
Yes
Yes
Yes
Yes
-
-
-
Yes
-
-
-
In Progress
Native Application Hosting
Cross Language
framework Based
on Gramine
Yes
-
Yes
-
-
-
-
-
-
-
-
Tencent Cloud
Published
Attestation Server & Key Management Service
Attestation and Secret Provision Service
Yes
Yes
-
-
Yes
Yes
-
Yes
-
Yes
Yes
-
Published
eHSM-KMS
Yes
-
-
-
-
-
-
Yes
-
Yes
Yes
-
Published
Optimization on Secure Libs
Private Set
intersection
Optimization
on Xeon
-
-
-
-
-
-
-
-
Yes
Yes
-
-
Not Start
Secure Database
Secure Database
Querying Based
on HE
-
-
-
-
-
-
-
-
Yes
Yes
-
-
Not Start
Confidential AIGC
Confidential LLM Inference (RAG)
WIP
(1) TDVM
(2) CoCo
(3) TDVM+GPU
Confidential LLM Rec System
WIP
(1) TDVM
(2) CoCo
(3) TDVM+GPU
---
# Incubating Component Projects
Besides reference solutions, CCZoo is also incubating new projects of key security
components that are commonly used by multiple CCZoo reference solutions. Once any
of them is proven useful enough and stable enough via a thorough validation with
CCZoo reference solutions running on various public cloud services, it will graduate
from CCZoo and evolve to a standalone project.
Incubating Component Project'*'
Description
Status
Validated in Public Cloud
RATS-TLS
This project provides a proof-of-concept implementation on how to integrate Intel SGX and TDX remote attestation into the TLS connection setup. Conceptually, it extends the standard X.509 certificate with SGX and TDX related information. It also provides two non-SGX clients (Wolfssl and OpenSSL) to show how seamless remote attestation works with different TLS libraries.
Published
Alibaba Cloud
RA-TLS Enhanced gRPC
This project provides an enhanced gRPC (Remote Procedure Call) framework to guarantee security during transmission and runtime via two-way RA-TLS (Intel SGX Remote Attestation with Transport Layer Security) based on TEE (Trusted Execution Environment).
Published
Alibaba Cloud,
Tencent Cloud,
ByteDance Cloud
HTTPA
HTTPA aims for two purposes. First, help perform remote attestation on the web application running inside the TEE in which the flow can be unilateral (one-way HTTPA) or bilateral (mutual HTTPA) by verifying attestation evidence with a verifier such as a trusted authority (TA). Second, help build secure communication directly with the web application at L7 running inside the TEE.
Published
/
---
# Cloud Deployment
Solutions and incubating component projects in CCZoo are constantly extended to be validated in public clouds to verify the versatility, stability, robustness. We will provide detialed configurations of each public clouds for reference, and notes of the diversity in each cloud for easy delopyment.
Below table shows solutions and component projects validated in public clouds. And it will be updated continuously.
Public Cloud
Alibaba Cloud
ByteDance Cloud
Azure Cloud
Tencent Cloud
Instance
Type
g7t
ecs.ebmg2t.32xlarge
Standard_DC16s_v3
M6ce.4XLARGE128
Kernel
4.19.91-24
kernel-5.15
5.13.0-1031-azure
5.4.119-19-0009.1
OS
Alibaba Cloud Linux 2.1903
Ubuntu20.04
Ubuntu Server 20.04 LTS - Gen2
TencentOS Server 3.1
Memory
64G(32G EPC memory)
512GB(256GB EPC memory)
128G (64G EPC Memory)
64G(32G EPC memory)
vCPU
16
16
16
16
PCCS Server
sgx-dcap-server-vpc.cn-hangzhou.aliyuncs.com
N/A
sgx-dcap-server-tc.sh.tencent.cn
Validated Solution
-
Secure Logistic Logical Regression Inference with HE and SGX
-
RA-TLS Enhanced gRPC
-
Secure logistic regression training base on TEE & HE
-
Vertical Federated Learning
-
Secure Logistic Logical Regression Inference with HE and SGX
-
Private
Set Intersection (PSI)
-
TensorFlow Serving Cluster PPML
-
Horizontal Federated Learning
-
Vertical Federated Learning
-
Secure Logistic Logical Regression Inference with HE and SGX
-
Private Set Intersection (PSI)
-
Secure logistic regression training base on TEE & HE
-
Private Set Intersection (PSI)
-
Secure Logistic Logical Regression Inference with HE and SGX
---
# Penetration Testing
CCZoo provides a serials of Penetration Testing cases to demonstrate the cases to find/exploit
vulnerabilities of applications/frameworks/services under different scenarios without Intel TEE,
compared with Intel TEE runtime protection capability. Pen-tests cases can be found at https://cczoo.readthedocs.io.
---
# Confidential Computing Zoo Documentation
The official confidential computing zoo documentation can be found at https://cczoo.readthedocs.io.
---
# Community Involvement
- Please submit issues in this project if there is any question or request.
- Welcome PRs for contributions.
Welcome to join the Wechat group or Slack channel for CCZoo tech discussion.
- [Wechat](https://github.com/intel/confidential-computing-zoo/issues/18)
- [Slack Channel](https://join.slack.com/t/cc-zoo/shared_invite/zt-13c1of71t-1U8C61vbLZWxu0JuwbGi5w)
You can check CCZoo previous PDT meeting minutes [here](https://github.com/intel/confidential-computing-zoo/wiki/CCZoo-PDT-Meeting).