Intel Software Guard Extensions (SGX) provides a hardware protect environment for confidential computing. However, migrating applications into SGX is not an easy job, it requires engineer effort as well as good understand about security and SGX.
In this talk, we will present a memory-safe, multi-process SGX LibOS solution named Occlum to address this pain point. This open source LibOS project, leaded by Ant Group, aims to empower everyone to run applications in SGX without modification. By combining Occlum with several security technologies, BigDL PPML (Privacy Preserving Machine Learning) extends this single node solution to provides a Trusted Cluster Environment, so as to run unmodified Big Data analysis and ML/DL programs in a secure fashion on (private or public) cloud.