Exploration on Confidential Computing for Big Data & AI using BigDL

Intel Software Guard Extensions (Intel SGX) is a securing computing tool that generates a trusted execution environment (TEE) for users that need secure and confidential environments for such use cases as private key management, multi-party computing with private data, and securing public cloud deployment for critical applications. While the Intel SGX SDK for Linux* OS successfully tackles these important use cases, its implementation is not simple. It can require significant system redesign and code changes by engineers because under the SGX SDK's threat model, the OS is not trusted, and only trusted applications and code can be worked on in the secure environment portioned out by SGX, i.e., an "enclave." Therefore, the trusted and untrusted components of the applications involved need to be separated. Moreover, engineers will then need to re-engineer some of their code base to ensure it will be trusted in this enclave.