The current applications ( there are two applications) is designed in the following way. Client Application. Sends REST request ( using JMeter) with to SGX server 2. Receives in base64 format from SGX server. SGX server Application. Secret Network is a blockchain-based, open-source protocol that lets anyone perform computations on encrypted data, bringing privacy to smart contracts and public blockchains.
-->Confidential computing infrastructure requires specific tools and software. This page specifically discusses concepts related to application development for Azure confidential computing virtual machines running on Intel SGX. Before reading this page, read the introduction of Intel SGX virtual machines and enclaves.
- #Prepare your Hardware. If you're running a local machine and not a cloud-based VM - Go to your BIOS menu; Enable SGX (Software controlled is not enough).
- Intel Software Guard Extensions is a set of security-related instruction codes that are built into some modern Intel central processing units. They allow user-level as well as operating system code to define private regions of memory, called enclaves, whose contents are protected and unable to be either read or saved by any process outside the enclave itself, including processes running at higher privilege levels.
To leverage the power of enclaves and isolated environments, you'll need to use tools that support confidential computing. There are various tools that support enclave application development. For example, you can use these open-source frameworks:
Overview
An application built with enclaves is partitioned in two ways:
- An 'untrusted' component (the host)
- A 'trusted' component (the enclave)
The host is where your enclave application is running on top of and is an untrusted environment. The enclave code deployed on the host can't be accessed by the host.
The enclave is where the application code and its cached data/memory runs. Secure computations should occur in the enclaves to ensure secrets and sensitive data, stay protected.
During application design, it's important to identify and determine what part of the application needs to run in the enclaves. The code that you choose to put into the trusted component is isolated from the rest of your application. Once the enclave is initialized and the code is loaded to memory, that code can't be read or changed from the untrusted components.
Is There An Sgx Sdk File
Open Enclave Software Development Kit (OE SDK)
Is There An Sgx Sdk App
Use a library or framework supported by your provider if you want to write code that runs in an enclave. The Open Enclave SDK (OE SDK) is an open-source SDK that allows abstraction over different confidential computing-enabled hardware.
The OE SDK is built to be a single abstraction layer over any hardware on any CSP. The OE SDK can be used on top of Azure confidential computing virtual machines to create and run applications on top of enclaves.
EGo Software Development Kit
EGo is an open-source SDK that enables you to run applications written in the Go programming language inside enclaves. EGo builds on top of the OE SDK and comes with an in-enclave Go library for attestation and sealing. Many existing Go applications run on EGo without modifications.
Confidential Consortium Framework (CCF)
The CCF is a distributed network of nodes, each running their own enclaves. The trusted node network allows you to run a distributed ledger. The ledger provides secure, reliable components for the protocol to use.
This open-source framework enables high throughout, fine-grained confidentiality, and consortium governance for blockchain. With each node using TEEs, you can ensure secure consensus and transaction processing.