Secure XGBoost is a library that leverages secure enclaves and data-oblivious algorithms to enable the collaborative training of and inference using XGBoost models on encrypted data.
Data owners can use Secure XGBoost to train a model on a remote server, e.g., the cloud, without revealing the underlying data to the remote server. Collaborating data owners can use the library to jointly train a model on their collective data without exposing their individual data to each other.
This project is currently under development as part of the broader MC2 effort (i.e., Multiparty Collaboration and Coopetition) by the UC Berkeley RISE Lab.
NOTE: The Secure XGBoost library is a research prototype, and has not yet received independent code review.
- Installation
- Docker build for local development
- Usage
- Documentation
- Additional Resources
- Getting Involved
The following instructions will create an environment from scratch. Note that Secure XGBoost has only been tested on Ubuntu 18.04, so we recommend that you install everything on Ubuntu 18.04.
-
Install the Open Enclave SDK (0.17.1) and the Intel SGX DCAP driver by following these instructions. In Step 3 of the instructions, install Open Enclave version 0.17.1 by specifying the version:
sudo apt -y install clang-8 libssl-dev gdb libsgx-enclave-common libsgx-quote-ex libprotobuf10 libsgx-dcap-ql libsgx-dcap-ql-dev az-dcap-client open-enclave=0.17.1
-
Configure the required environment variables.
source /opt/openenclave/share/openenclave/openenclaverc
-
Install CMake and other Secure XGBoost dependencies.
wget https://github.com/Kitware/CMake/releases/download/v3.15.6/cmake-3.15.6-Linux-x86_64.sh sudo bash cmake-3.15.6-Linux-x86_64.sh --skip-license --prefix=/usr/local sudo apt-get install -y libmbedtls-dev python3-pip pip3 install numpy pandas sklearn numproto grpcio grpcio-tools requests
-
Clone Secure XGBoost.
git clone https://github.com/mc2-project/secure-xgboost.git
-
Before building, you may choose to configure the build parameters in
CMakeLists.txt
, e.g., whether to perform training and inference obliviously. In particular, if running Secure XGBoost on a machine without enclave support, you'll have to set theOE_DEBUG
parameter to1
and theSIMULATE
parameter toON
. -
Build Secure XGBoost and install the Python package.
cd secure-xgboost mkdir build cd build cmake .. make -j4 cd ../python-package sudo python3 setup.py install
You can use the provided Docker image if you want to run everything in simulation mode locally.
-
Clone Secure XGBoost.
git clone https://github.com/mc2-project/secure-xgboost.git
-
Pull the Docker image.
docker pull mc2project/ubuntu-oe0.9:v1
-
Run the Docker image with the cloned directory mounted to the container's
/root/secure-xgboost/
directory using the-v
flag when starting the container.docker run -it -v <path/to/secure-xgboost>:/root/secure-xgboost mc2project/ubuntu-oe0.9:v1 /bin/bash
-
Install Open Enclave within the image.
sudo apt update sudo apt -y install open-enclave
-
Before building, you may choose to configure the build parameters in
CMakeLists.txt
, e.g., whether to perform training and inference obliviously. In particular, if running Secure XGBoost on a machine without enclave support, you'll have to set theOE_DEBUG
parameter to1
and theSIMULATE
parameter toON
. -
Build Secure XGBoost and install the Python package.
cd secure-xgboost mkdir build cd build cmake .. make -j4 cd ../python-package sudo python3 setup.py install
To use Secure XGBoost, replace the XGBoost import.
# import xgboost as xgb
import securexgboost as xgb
For ease of use, the Secure XGBoost API mirrors that of XGBoost as much as possible. While the below block demonstrates usage on a single machine, Secure XGBoost is meant for the client-server model of computation. More information can be found here.
Note: If running Secure XGBoost in simulation mode, pass in verify=False
to the attest()
function.
# Generate a key and use it to encrypt data
KEY_FILE = "key.txt"
xgb.generate_client_key(KEY_FILE)
xgb.encrypt_file("demo/data/agaricus.txt.train", "demo/data/train.enc", KEY_FILE)
xgb.encrypt_file("demo/data/agaricus.txt.test", "demo/data/test.enc", KEY_FILE)
# Initialize client and connect to enclave
xgb.init_client(user_name="user1",
sym_key_file="key.txt",
priv_key_file="config/user1.pem",
cert_file="config/user1.crt")
xgb.init_server(enclave_image="build/enclave/xgboost_enclave.signed", client_list=["user1"])
# Remote attestation to authenticate enclave
# If running in simulation mode, pass in `verify=False` below
xgb.attest(verify=True)
# Load the encrypted data and associate it with your user
dtrain = xgb.DMatrix({"user1": "demo/data/train.enc"})
dtest = xgb.DMatrix({"user1": "demo/data/test.enc"})
params = {
"objective": "binary:logistic",
"gamma": "0.1",
"max_depth": "3"
}
# Train a model
num_rounds = 5
booster = xgb.train(params, dtrain, num_rounds)
# Get encrypted predictions and decrypt them
predictions, num_preds = booster.predict(dtest)
For more background on enclaves and data-obliviousness, additional tutorials, and more details on build parameters and usage, please refer to the documentation.
- CCS PPMLP Paper
- Blog Post
- RISE Camp 2020 Tutorial and Walkthrough
- mc2-dev@googlegroups.com: For questions and general discussion
- Slack: A more informal setting for discussion
- GitHub Issues: For bug reports and feature requests.
- Pull Requests: For code contributions.