ayo/ipex-llm
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

[PPML] Attestation basic (#6778)

Browse source 
* Add attestation basic doc to readthedoc
This commit is contained in:
Qiyuan Gong 2022-11-28 13:26:52 +08:00 committed by GitHub
parent 242de02c0e
commit 3571247d65
3 changed files with 89 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docs/readthedocs/source/_toc.yml
View file

@ -247,6 +247,7 @@ subtrees:
subtrees:
- entries:
- file: doc/PPML/Overview/ppml
- file: doc/PPML/Overview/attestation_basic
- file: doc/PPML/Overview/trusted_big_data_analytics_and_ml
- file: doc/PPML/Overview/trusted_fl
- file: doc/PPML/QuickStart/secure_your_services

87
docs/readthedocs/source/doc/PPML/Overview/attestation_basic.md Normal file
View file

@ -0,0 +1,87 @@
# Ensure Integrity and Build Trust with Attestation
The process of validating the integrity of a computing device such as a server needed for trusted computing. It is widely used in a Trusted Execution Environment (TEE) or Trusted Platform Module (TPM) for ensuring integrity and building trust.
### Attestation Basic
The basic idea of attestation is to verify:
1. The platform is secured. Trusted Computing Base (TCB) is secured.
2. Running in TEE/TPM.
3. Application is as expected (same hash or HMAC).
Local or remote attestation:
* Verifying a local enclave (TEE env) on the same node/server is called local attestation.
* Verifying a remote enclave on another node/server is called remote attestation.
Due to platform differences, Intel SGX has 2 kinds of attestations:
1. Elliptic Curve Digital Signature Algorithm (ECDSA) Attestation for 3rd generation Intel® Xeon® Scalable processors and selected Intel® Xeon® E3 processors.
2. Intel® Enhanced Privacy ID (Intel® EPID) Attestation for desktop and Xeon E3 processors, and selected Intel® Xeon® E processor.
*Note that SGX attestation mentioned in BigDL PPML should be ECDSA attestation with DCAP.*
The basic workflow of attestation:
```eval_rst
.. mermaid::
sequenceDiagram
Verifier->>App in SGX: Challenge(Prove YourSelf)
Note right of App in SGX: Generate Quote(Signed Context)
App in SGX->>Verifier: Evidence(App Quote)
Note left of Verifier: Verify Quote
Verifier ->>App in SGX: Response(Pass/Fail)
```
The key steps in attestation:
* Quote Generation. Generate a Quote/Evidence with SDK/API. This quote is signed by a pre-defined key, and it cannot be modified. You can add 128b its user data into a SGX quote.
* Quote Verification. Verify a Quote/Evidence with SDK/API.
### Attestation in E2E PPML applications
Attestation is not hard if you are running a new written application. Because you can directly integrate `quote generation` and `quote verification` into your application code. However, if you are migrating an existing application, attestation may cause some additional effort. Especially, when you are running distributed applications like PPML applications in multi-nodes. That means you have to add attestation into your distributed applications or frameworks, e.g., add attestation when modules running on different nodes build connections.
To avoid such changes, we can utilize a third-party attestation service to offload `quote verification` from your existing applications. This service will help us to verify if a running application is as expected.
#### Attestation Service
When working with an attestation service, we can define a policy/requirement for each application. During application initialization (server or worker), we can require each module to generate its quote and send it to an attestation service. This attestation service will check these quotes based on pre-defined policy/requirement, then send back responses (`success/fail`). If we get a `success` result, we keep starting this module. Otherwise, we just quit or kill this module.
```eval_rst
.. mermaid::
graph TD
Admin --Policy--> as(Attestation Service)
subgraph Production Env/Cloud
sgxserver(Server in SGX) -.- sgxworker1
sgxserver(Server in SGX) -.- sgxworker2
sgxworker1(Worker1 in SGX)
sgxworker2(Worker2 in SGX)
end
sgxserver --Quote--> as
sgxworker1 --Quote--> as
sgxworker2 --Quote--> as
as --response-->sgxserver
as --response-->sgxworker1
as --response-->sgxworker2
```
With this attestation service design, we can avoid adding malicious applications or modules to distributed applications.
#### Attestation Service for Cloud Service Provider (CSP)
### Advanced Usage
During remote attestation, the attestation protocol will build a secure channel. It can help build [TLS connection with integirty](https://arxiv.org/pdf/1801.05863.pdf). Meanwhile, attestation can be [integrated with HTTP protocol to provide trusted end-to-end web service](https://arxiv.org/abs/2205.01052).
### References
1. https://sgx101.gitbook.io/sgx101/sgx-bootstrap/attestation
2. https://www.intel.com/content/www/us/en/developer/articles/technical/quote-verification-attestation-with-intel-sgx-dcap.html
3. https://download.01.org/intel-sgx/sgx-dcap/1.9/linux/docs/Intel_SGX_DCAP_ECDSA_Orientation.pdf
4. https://azure.microsoft.com/en-us/products/azure-attestation/
5. https://en.wikipedia.org/wiki/Trusted_Computing
6. [Integrating Intel SGX Remote Attestation with Transport Layer Security](https://arxiv.org/pdf/1801.05863.pdf)
7. [HTTPA/2: a Trusted End-to-End Protocol for Web Services](https://arxiv.org/abs/2205.01052)

1
docs/readthedocs/source/doc/PPML/Overview/misc.rst
View file

@ -2,6 +2,7 @@ Advanced Topic
====================
* `PPML User Guide <ppml.html>`_
* `Ensure Integrity and Build Trust with Attestation <attestation_basic.html>`_
* `Trusted Big Data Analytics and ML <trusted_big_data_analytics_and_ml.html>`_
* `Trusted FL (Federated Learning) <trusted_fl.html>`_
* `Secure Your Services <../QuickStart/secure_your_services.html>`_