Apache Teaclave (incubating) 0.1.0
This is the first Apache Incubator release of Teaclave. Apache Teaclave (incubating) is an open source universal secure computing
platform, making computation on privacy-sensitive data safe and simple.
Apache Teaclave (incubating) has following highlights:
- Security: Teaclave adopts multiple security technologies to enable secure computing, in particular, Teaclave uses Intel SGX to serve the most security-sensitive tasks with hardware-based isolation, memory encryption and attestation. Also, Teaclave is written in Rust to prevent memory-safety issues.
- Functionality: Teaclave is provided as a function-as-a-service platform. With many built-in functions, it supports tasks like machine learning, private set intersection, crypto computation, etc. In addition, developers can also deploy and execute Python scripts in Teaclave. More importantly, unlike traditional FaaS, Teaclave supports both general secure computing tasks and flexible single- and multi-party secure computation.
- Usability: Teaclave builds its components in containers, therefore, it supports deployment both locally and within cloud infrastructures. Teaclave also provides convenient endpoint APIs, client SDKs and command line tools.
- Modularity: Components in Teaclave are designed in modular, and some like remote attestation can be easily embedded in other projects. In addition, Teaclave SGX SDK can also be used separately to write standalone SGX enclaves for other purposes.
Compared to the pre- Apache incubator version, we made the following changes to improve overall functionality, usability, and documentation of Teaclave.
- support function and data registration
- input data of a function can be fetched from external storage
- reuse registered function in new tasks
- redesign function development workflow
- developers only need to write python script with native libraries written in Rust
- provide persistent database implementation
- port rusty-leveldb
- add dedicated database service for data persistency
- support protobuf compatible RPC protocol
- refactor existing service protocol with
.proto
files
- refactor existing service protocol with
- support distributed workers
- support docker deployment
- support customized workers
- service provider can deploy with other kinds of customized workers besides builtin worker
- better documentation
- better error handling
- errors can be propagated through RPC
- better error triage
- testsuite cleanup/refactoring
- implement more built-in functions
- support more flexible attestation mechanisms (DCAP)
- RPC enhancement
- multi-language client