Skip to content

Commit

Permalink
doc: update documents
Browse files Browse the repository at this point in the history 
Signed-off-by: Bokdeuk Jeong <bd.jeong@samsung.com>
  • Loading branch information
@bokdeuk-jeong
bokdeuk-jeong committed Nov 7, 2023
1 parent fc91388 commit 0d10706
Show file tree
Hide file tree
Showing 2 changed files with 95 additions and 68 deletions.
67 changes: 47 additions & 20 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,56 @@
# ISLET
ISLET is a project of Samsung Research that extends confidential computing to user devices.
We enable on-device confidential computing for end users by leveraging ARMv9 CCA that is
the newly emerging confidential computing hardware on ARM devices.

Using the hardware support, ISLET enables a Trusted Execution Environment (TEE)
on user’s devices within which users can securely process, store, communicate
and manage their private data. The protection provided by
ISLET applies not only to data-at-rest but also to data-in-use
even in the presence of malicious privileged software on devices.

We develop components enabling Realm Virtual Machines (VMs),
which are secure VM-level TEE provided by ARMv9 CCA.
To manage Realm VMs, Realm Management Monitor (RMM)
is needed to be running at EL2 in the Realm world.
ISLET provides the implementation of RMM that is written in Rust.
# Islet
Islet is an open-source software project written in Rust that enables confidential computing
on ARM architecture devices using the ARMv9 CCA.
The primary objective of Islet is to enable on-device confidential computing
and protect user privacy on end user devices.

While current confidential computing solutions mainly focus on server-side
protection, it is equally important to safeguard user information at the user
device level since that is where private data collection initially occurs.
Furthermore, as more and more users rely on privacy apps such as private
messengers, secure emails, password managers, and web browsers with privacy
settings, there is a growing need to ensure privacy on user devices.
Islet, an open-source project, addresses this need by providing a platform
for ARM-based confidential computing.

Enabling CC on user devices will not only establish end-to-end CC throughout
the entire data processing path,
but it will also help create a secure computation model
that enables processing of user private data on the user device
using the same components that previously were employed at the server side
without disclosing business logic.
Furthermore, on-device confidential computing will be a key enabler for
machine-to-machine computing without the need for server intervention

## Feature Overview
- Rust-based Realm Management Monitor
- Realm Management Monitor
- Hardware Enforced Security
- Confidential Computing API Standardization
- Confidential Machine Learning
- Use case : Confidential Machine Learning

## Overall Architecture
We contribute mainly to `Islet RMM`, `Islet SDK`.

![islet-overview](https://github.com/Samsung/islet/raw/main/doc/islet-overview.png)
Islet provides a platform for running virtual machines (VMs)
confidentially, with standard SDKs for easy integration with other confidential
computing frameworks at upper layers.
The platform consists of two key components:
the Islet Realm Management Monitor (Islet-RMM) and Islet Hardware Enforced Security (Islet-HES).

- `Islet RMM` operates at EL2 in the Realm world on the application processor cores
and manages the confidential VMs, known as realms.
- On the other hand, `Islet HES` performs device boot measurement, generates
platform attestation reports, and manages sealing key functionality within a secure
hardware IP apart from the main application processor.

![islet-overview](doc/res/overview.png)

In designing Islet, we aim to to address the current security challenges in confidential
computing technologies right from the very beginning.
To ensure that our software is built with safety in mind, we have chosen to use the
Rust programming language, known for its unique security model that ensures memory
safety and concurrency safety.
Moving forward, we also plan to incorporate formal
verification techniques to further enhance the security of our design and implementation.

For more information, please visit our [developer site](https://samsung.github.io/islet/).

Expand Down
96 changes: 48 additions & 48 deletions doc/dev-dependencies.md
View file
Original file line number Diff line number Diff line change
@@ -1,54 +1,54 @@
## Islet RMM dependencies
| Name | Type | License | URL |
|-----------------------|------------|---------------------------|----------------------------------------------------------------|
| bitflags | runtime | MIT/Apache-2.0 | https://github.com/bitflags/bitflags |
| cc | build time | MIT OR Apache-2.0 | https://github.com/rust-lang/cc-rs |
| ciborium | runtime | Apache-2.0 | https://github.com/enarx/ciborium |
| coset | runtime | Apache-2.0 | https://github.com/google/coset |
| ecdsa | runtime | Apache-2.0 OR MIT | https://github.com/RustCrypto/signatures/tree/master/ecdsa |
| hashbrown | runtime | MIT OR Apache-2.0 | https://github.com/rust-lang/hashbrown |
| hex | runtime | MIT OR Apache-2.0 | https://github.com/KokaKiwi/rust-hex |
| lazy_static | runtime | MIT/Apache-2.0 | https://github.com/rust-lang-nursery/lazy-static.rs |
| linked_list_allocator | runtime | Apache-2.0/MIT | https://github.com/phil-opp/linked-list-allocator |
| lock_api | runtime | MIT OR Apache-2.0 | https://github.com/Amanieu/parking_lot |
| log | runtime | MIT OR Apache-2.0 | https://github.com/rust-lang/log |
| p384 | runtime | Apache-2.0 OR MIT | https://github.com/RustCrypto/elliptic-curves/tree/master/p384 |
| sha2 | runtime | MIT OR Apache-2.0 | https://github.com/RustCrypto/hashes |
| spin | runtime | MIT | https://github.com/mvdnes/spin-rs.git |
| spinning_top | runtime | MIT/Apache-2.0 | https://github.com/rust-osdev/spinning_top |
| tinyvec | runtime | Zlib OR Apache-2.0 OR MIT | https://github.com/Lokathor/tinyvec |
| Name | Build time | Runtime | License | URL |
| --------------------- | :----------------: | :----------------: | ------------------------- | -------------------------------------------------------------- |
| bitflags | :heavy_check_mark: | :heavy_check_mark: | MIT/Apache-2.0 | https://github.com/bitflags/bitflags |
| cc | :heavy_check_mark: | | MIT OR Apache-2.0 | https://github.com/rust-lang/cc-rs |
| ciborium | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 | https://github.com/enarx/ciborium |
| coset | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 | https://github.com/google/coset |
| ecdsa | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 OR MIT | https://github.com/RustCrypto/signatures/tree/master/ecdsa |
| hashbrown | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/rust-lang/hashbrown |
| hex | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/KokaKiwi/rust-hex |
| lazy_static | :heavy_check_mark: | :heavy_check_mark: | MIT/Apache-2.0 | https://github.com/rust-lang-nursery/lazy-static.rs |
| linked_list_allocator | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0/MIT | https://github.com/phil-opp/linked-list-allocator |
| lock_api | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/Amanieu/parking_lot |
| log | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/rust-lang/log |
| p384 | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 OR MIT | https://github.com/RustCrypto/elliptic-curves/tree/master/p384 |
| sha2 | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/RustCrypto/hashes |
| spin | :heavy_check_mark: | :heavy_check_mark: | MIT | https://github.com/mvdnes/spin-rs.git |
| spinning_top | :heavy_check_mark: | :heavy_check_mark: | MIT/Apache-2.0 | https://github.com/rust-osdev/spinning_top |
| tinyvec | :heavy_check_mark: | :heavy_check_mark: | Zlib OR Apache-2.0 OR MIT | https://github.com/Lokathor/tinyvec |

## Islet SDK dependencies
| Name | Type | License | URL |
| -------- | ---------- | ----------------- | -------------------------------------------------------------- |
| bincode | runtime | MIT | https://github.com/servo/bincode |
| cbindgen | build time | MPL-2.0 | https://github.com/eqrion/cbindgen |
| cfg_if | build time | MIT/Apache-2.0 | https://github.com/alexcrichton/cfg-if |
| ciborium | runtime | Apache-2.0 | https://github.com/enarx/ciborium |
| coset | runtime | Apache-2.0 | https://github.com/google/coset |
| hex | runtime | MIT OR Apache-2.0 | https://github.com/KokaKiwi/rust-hex |
| minicbor | runtime | BlueOak-1.0.0 | https://gitlab.com/twittner/minicbor |
| nix | runtime | MIT | https://github.com/nix-rust/nix |
| p256 | runtime | Apache-2.0 OR MIT | https://github.com/RustCrypto/elliptic-curves/tree/master/p256 |
| p384 | runtime | Apache-2.0 OR MIT | https://github.com/RustCrypto/elliptic-curves/tree/master/p384 |
| rand | runtime | MIT OR Apache-2.0 | https://github.com/rust-random/rand |
| rsa | runtime | MIT OR Apache-2.0 | https://github.com/RustCrypto/RSA |
| serde | runtime | MIT OR Apache-2.0 | https://github.com/serde-rs/serde |
| Name | Build time | Runtime | License | URL |
| -------- | :----------------: | :----------------: | ----------------- | -------------------------------------------------------------- |
| bincode | :heavy_check_mark: | :heavy_check_mark: | MIT | https://github.com/servo/bincode |
| cbindgen | :heavy_check_mark: | | MPL-2.0 | https://github.com/eqrion/cbindgen |
| cfg_if | :heavy_check_mark: | | MIT/Apache-2.0 | https://github.com/alexcrichton/cfg-if |
| ciborium | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 | https://github.com/enarx/ciborium |
| coset | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 | https://github.com/google/coset |
| hex | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/KokaKiwi/rust-hex |
| minicbor | :heavy_check_mark: | :heavy_check_mark: | BlueOak-1.0.0 | https://gitlab.com/twittner/minicbor |
| nix | :heavy_check_mark: | :heavy_check_mark: | MIT | https://github.com/nix-rust/nix |
| p256 | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 OR MIT | https://github.com/RustCrypto/elliptic-curves/tree/master/p256 |
| p384 | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 OR MIT | https://github.com/RustCrypto/elliptic-curves/tree/master/p384 |
| rand | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/rust-random/rand |
| rsa | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/RustCrypto/RSA |
| serde | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/serde-rs/serde |


## Islet HES dependencies
| Name | Type | License | URL |
|----------------|---------|---------------------------|-----------------------------------------------------------------|
| aes | runtime | MIT OR Apache-2.0 | https://github.com/RustCrypto/block-ciphers |
| ciborium | runtime | Apache-2.0 | https://github.com/enarx/ciborium |
| clap | runtime | MIT OR Apache-2.0 | https://github.com/clap-rs/clap |
| coset | runtime | Apache-2.0 | https://github.com/google/coset |
| daemonize | runtime | MIT OR Apache-2.0 | https://github.com/knsd/daemonize |
| ecdsa | runtime | Apache-2.0 OR MIT | https://github.com/RustCrypto/signatures/tree/master/ecdsa |
| elliptic-curve | runtime | Apache-2.0 OR MIT | https://github.com/RustCrypto/traits/tree/master/elliptic-curve |
| hex | runtime | MIT OR Apache-2.0 | https://github.com/KokaKiwi/rust-hex |
| hkdf | runtime | MIT OR Apache-2.0 | https://github.com/RustCrypto/KDFs/ |
| p256 | runtime | Apache-2.0 OR MIT | https://github.com/RustCrypto/elliptic-curves/tree/master/p256 |
| p384 | runtime | Apache-2.0 OR MIT | https://github.com/RustCrypto/elliptic-curves/tree/master/p384 |
| sha2 | runtime | MIT OR Apache-2.0 | https://github.com/RustCrypto/hashes |
| tinyvec | runtime | Zlib OR Apache-2.0 OR MIT | https://github.com/Lokathor/tinyvec |
| Name | Build time | Runtime | License | URL |
| -------------- | :----------------: | :----------------: | ------------------------- | ----------------------------------------------------------------|
| aes | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/RustCrypto/block-ciphers |
| ciborium | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 | https://github.com/enarx/ciborium |
| clap | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/clap-rs/clap |
| coset | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 | https://github.com/google/coset |
| daemonize | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/knsd/daemonize |
| ecdsa | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 OR MIT | https://github.com/RustCrypto/signatures/tree/master/ecdsa |
| elliptic-curve | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 OR MIT | https://github.com/RustCrypto/traits/tree/master/elliptic-curve |
| hex | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/KokaKiwi/rust-hex |
| hkdf | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/RustCrypto/KDFs/ |
| p256 | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 OR MIT | https://github.com/RustCrypto/elliptic-curves/tree/master/p256 |
| p384 | :heavy_check_mark: | :heavy_check_mark: | Apache-2.0 OR MIT | https://github.com/RustCrypto/elliptic-curves/tree/master/p384 |
| sha2 | :heavy_check_mark: | :heavy_check_mark: | MIT OR Apache-2.0 | https://github.com/RustCrypto/hashes |
| tinyvec | :heavy_check_mark: | :heavy_check_mark: | Zlib OR Apache-2.0 OR MIT | https://github.com/Lokathor/tinyvec |

0 comments on commit 0d10706

Please sign in to comment.