Confidential Computing Zoo (CCZoo) offers a curated collection of code-ready reference solutions and incubating component projects for applying modern security technologies like Intel SGX, TDX, and Homomorphic Encryption to real-world cloud business scenarios. It targets developers seeking to build end-to-end confidential computing solutions, providing copy-paste guides and facilitating easier adoption of TEE, HE, and remote attestation.

How It Works

CCZoo leverages a matrix correlating business usages (e.g., AI inference, federated learning, big data analytics) with security technologies (e.g., TEE, HE, Remote Attestation, LibOS). Each intersection links to detailed documentation and source code, enabling developers to select and implement specific solutions. The project also incubates reusable security components, aiming to graduate them into standalone projects upon successful validation across various public cloud environments.

Quick Start & Requirements

• Installation: Solutions are typically run via provided scripts or Docker. Specific setup varies per solution.
• Prerequisites: Requires Intel SGX or TDX-enabled hardware, specific OS versions (e.g., Ubuntu 20.04, Alibaba Cloud Linux 2.1903), and potentially specific cloud provider instances (e.g., Alibaba Cloud g7t, Azure Standard_DC16s_v3). CUDA may be required for GPU-accelerated solutions.
• Resources: Setup time and resource footprint depend heavily on the chosen solution and cloud environment.
• Documentation: Official documentation is available at https://cczoo.readthedocs.io.

Highlighted Details

• Validated solutions across major public clouds including Alibaba Cloud, Tencent Cloud, AWS, and Azure.
• Incubates key component projects like RATS-TLS and Enhanced gRPC for remote attestation and secure communication.
• Includes penetration testing cases to demonstrate security vulnerabilities with and without TEE protection.
• Supports a wide range of business scenarios from AI and federated learning to big data and key management.

Maintenance & Community

• Actively maintained with ongoing validation and incubation of new projects.
• Community engagement is encouraged via GitHub issues and PRs.
• Community discussion channels include WeChat and a Slack channel.

Licensing & Compatibility

• The project itself appears to be under a permissive license, but individual solutions or components may have different licensing terms. Specific license details for each solution are not explicitly stated in the README.
• Compatibility for commercial use depends on the underlying technologies and specific solution licenses.

Limitations & Caveats

• Many solutions are marked as "Published" or "In Progress," indicating varying levels of maturity.
• Some solutions are "WIP" (Work in Progress) or "Incubating," suggesting potential instability or incomplete features.
• The dependency on specific Intel hardware (SGX/TDX) and cloud provider configurations can limit broad applicability.