general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Udpate README.md to reflect the new name Occlum

Browse Source
This commit is contained in:
Tate, Hongliang Tian 2018-11-14 22:42:15 +08:00
parent 644b3538dd
commit 65826cb1b6
1 changed files with 36 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
README.md
View File

@ -1,45 +1,62 @@
# Rusgx
# Occlum
Rusgx is a single-address-space library OS for Intel SGX. It is written in Rust programming language for memory safety. This project is still work-in-progress.
Occlum is a memory-safe, multi-process library OS for Intel SGX. As a library OS, it enables *unmodified* applications to run on SGX, thus protecting the confidentiality and integrity of user workloads transparently.
## How to build
Compared to existing library OSes for SGX, Occlum has following unprecedented features:
* **Memory safety.** The library OS itself is written in Rust, a memory-safe programming language, thus free from low-level, memory bugs;
* **Efficient multitasking.** The library OS has a complete and efficient multi-process support, including fast process creation, low-cost IPC, code sharing (e.g., shared libraries) and data sharing (e.g., encrypted file systems).
* **Fault isolation** - The crash of one user process cannot crash the library OS or other user processes, which is good for system stability and data integrity.
## How to Build?
### Prerequisite
Rusgx depends on [Rust SGX SDK](https://github.com/baidu/rust-sgx-sdk/). So, make sure Rust SGX SDk can be built properly. We have tested with Rust SGX SDK 1.1, Rust nightly-2018-08-25 and Intel SGX SDK 2.2 on Ubuntu 16.04.
Occlum depends on [Rust SGX SDK](https://github.com/baidu/rust-sgx-sdk/) and [Intel SGX SDK](https://github.com/intel/linux-sgx/). So, make sure Rust SGX SDK and Intel SGX SDK can be built properly on your machine. We have tested with Rust SGX SDK 1.1, Rust nightly-2018-08-25 and Intel SGX SDK 2.2 on Ubuntu 16.04.
### Compile
The first time to compile the project, there are some dependencies must be first downloaded. To do this, run the following commands
cd path/to/rusgx
make init
cd path/to/occlum-libos
make submodule
Then, compile the project with the following commands
cd src/
make
## How to use
The long-term goal is to integrate a dynamic loader into the library OS so that a single instance of Rusgx can run unmodified executables in multiple software-isolated processes. For now, we don't have to a dynamic loader; so, the temporary solution is to statically link the library OS and the executable together. Another related but different issue is the lack of the fully-fleged C standard library. We now use SGX SDK's tlibc, as it does not depend on syscalls and hence is easy to integrate. We plan to use musl libc in the future.
### Run all tests
### Run tests
Build and run all tests with the following commands
cd test/
make
make test
### Write new program or test
## How to Use?
Add a C file, say `try.c`, in `/test`. To compile the program, run
To be written...
make try
## How it Works?
To run the program, run
To be written...
make test-try
### Architecture Overview
To be written...
### Software Isolated Processes (SIPs)
To be written...
## Why the Name?
The project name Occlum stems from the word *Occlumency* coined in Harry Porter series by J. K. Rowling. In *Harry Porter and the Order of Pheonix*, Occlumency is described as:
> The magical defence of the mind against external penetration. An obscure branch of magic, but a highly useful one... Used properly, the power of Occlumency wil help sheild you from access or influence.
The same thing can be said to Occlum, not for mind, but program:
> The magical defence of the program agaist external penetration. An obsecure branch of technology, but a highly useful one... Used properly, the power of Occlum will help sheild your program from access or influence.
Of course, Occlum must be run on Intel x86 CPUs with SGX support to do its magic.