This repository implements Secure Enclaves by Intel SGX to run YOLO machine learning model on input images which are sourced from a resource server in a privacy preserving workflow.
- Create virtual environment.
python -m venv .env - Source the virtual environment.
source env/bin/activate - Install requirement.txt (for tokenization flow) and yolov5/requirement.txt (for yolo).
pip install -r requirements.txt -r yolov5/requirements.txt - Build the application.
make SGX=1 RA_TYPE=dcap - Run the application.
gramine-sgx ./python runSecureApp.py - Remove the manifest, input files and output files.
make clean
- The host machine with the YOLO model in it generates a SGX quote with a RSA public key embedded inside it and sends it to the APD server.
- The APD server uses the Intel PCCS service to verify the quote.
- If authorised, a token with the same RSA public key embedded inside it is sent back to the SGX machine.
- The token is then sent to the resource server. If authorised, then the resource server encrypts the files using a symmetric key and then encrypts the symmetric key using the RSA public key which was embedded inside the token.
- The encrypted file along with the encrypted symmetric key are loaded into a pickle and sent to the SGX machine.
- The RSA private key is used to decrypt the encrypted symmetric key and then the decrypted symmetric key is used to decrypt the files.
- The decrypted files are used to run the application inside a secure enclave.
