Support lr he grpc under Azure (#174)

* secure logistic regression inference based on HE and SGX (#151)

* inital commit

Signed-off-by: Xiaojun Huang <xiaojun.huang@intel.com>

* first commit of lr_sgx_he solution

Signed-off-by: Huang, Xiaojun <xiaojun.huang@intel.com>

* infer client and infer server communicate via grpc

Signed-off-by: Huang, Xiaojun <xiaojun.huang@intel.com>

* add dockerfile and build scripts

Signed-off-by: Huang, Xiaojun <xiaojun.huang@intel.com>

* update dockerfile and build scripts

Signed-off-by: Huang, Xiaojun <xiaojun.huang@intel.com>

* Create README.md

* Update README.md

* update license wording in each file

Signed-off-by: Huang, Xiaojun <xiaojun.huang@intel.com>

* update the license date of gflags.cmake

Signed-off-by: Huang, Xiaojun <xiaojun.huang@intel.com>

* add the doc of lr_infer_he_sgx

Signed-off-by: Huang, Xiaojun <xiaojun.huang@intel.com>

Signed-off-by: Xiaojun Huang <xiaojun.huang@intel.com>
Signed-off-by: Huang, Xiaojun <xiaojun.huang@intel.com>
Co-authored-by: Zhu Yunge <yunge.zhu@intel.com>

* update readme and document (#165)

* Update README.md
* Update index.md

Signed-off-by: Xiaojun Huang <xiaojun.huang@intel.com>

* Add Secure Logistic Regression Inference with HE and Intel SGX solution support for Azure deployments (#170)

Signed-off-by: Xiaojun Huang <xiaojun.huang@intel.com>
Signed-off-by: Huang, Xiaojun <xiaojun.huang@intel.com>
Co-authored-by: Xiaojun Huang <xiaojun.huang@intel.com>
Co-authored-by: shui1 <sammy.hui@intel.com>

Author: 3 people

README.md

@@ -147,7 +147,8 @@ document section that explains the corresponding details and then guides you to
 				<p>
 					<span class="md-plain"><a href="https://cczoo.readthedocs.io/en/main/Solutions/horizontal-federated-learning/hfl.html#aliyun-ecs"><span>Alibaba Cloud</span></a>, <br />
 <a href="https://cczoo.readthedocs.io/en/main/Solutions/horizontal-federated-learning/hfl.html#tencent-cloud">Tencent Cloud</a>, <br />
-<a href="https://cczoo.readthedocs.io/en/main/Solutions/horizontal-federated-learning/hfl.html" target="_blank"><span>ByteDance Cloud</span></a></span> 
+<a href="https://cczoo.readthedocs.io/en/main/Solutions/horizontal-federated-learning/hfl.html" target="_blank"><span>ByteDance Cloud</span></a>, <br />
+<a href="https://cczoo.readthedocs.io/en/main/Solutions/horizontal-federated-learning/hfl.html#microsoft-azure">Microsoft Azure</a></span> 
 				</p>
 			</td>
 			<td>
@@ -199,7 +200,8 @@ document section that explains the corresponding details and then guides you to
 				<p>
 					<span class="md-plain"><span><a href="https://cczoo.readthedocs.io/en/latest/Solutions/vertical-federated-learning/vfl.html" target="_blank">Alibaba Cloud</a></span>, <br />
 <a href="https://cczoo.readthedocs.io/en/latest/Solutions/vertical-federated-learning/vfl.html" target="_blank">Tencent Cloud</a>, <br />
-<a href="https://cczoo.readthedocs.io/en/latest/Solutions/vertical-federated-learning/vfl.html" target="_blank">ByteDance Cloud</a></span> 
+<a href="https://cczoo.readthedocs.io/en/latest/Solutions/vertical-federated-learning/vfl.html" target="_blank">ByteDance Cloud</a>, <br />
+<a href="https://cczoo.readthedocs.io/en/latest/Solutions/vertical-federated-learning/vfl.html" target="_blank">Microsoft Azure</a></span> 
 				</p>
 			</td>
 			<td>
@@ -347,7 +349,8 @@ Cluster PPML</strong></span></a> <br />
 				<p>
 					<span class="md-plain"><a href="https://cczoo.readthedocs.io/en/main/Solutions/tensorflow-serving-cluster/index.html#alibaba-cloud"><span>Alibaba Cloud</span></a>, <br />
 <a href="https://cczoo.readthedocs.io/en/main/Solutions/tensorflow-serving-cluster/index.html#tencent-cloud">Tencent Cloud</a>, <br />
-<a href="https://cczoo.readthedocs.io/en/main/Solutions/tensorflow-serving-cluster/index.html#bytedance-cloud" target="_blank"><span>ByteDance Cloud</span></a></span> 
+<a href="https://cczoo.readthedocs.io/en/main/Solutions/tensorflow-serving-cluster/index.html#bytedance-cloud" target="_blank"><span>ByteDance Cloud</span></a>, <br />
+<a href="https://cczoo.readthedocs.io/en/main/Solutions/tensorflow-serving-cluster/index.html#microsoft-azure" target="_blank"><span>Microsoft Azure</span></a></span> 
 				</p>
 			</td>
 			<td>
@@ -359,7 +362,7 @@ Cluster PPML</strong></span></a> <br />
 				<span style="color:#333333;font-family:Arial;"><a href="https://cczoo.readthedocs.io/en/latest/Solutions/logistic-regression-inference-HE-SGX/index.html" target="_blank"><strong>Secure Logistic Logical Regression Inference with HE and SGX</strong></a></span>
 			</td>
 			<td>
-				-
+				Yes
 			</td>
 			<td>
 				-
@@ -392,10 +395,15 @@ Cluster PPML</strong></span></a> <br />
 				-
 			</td>
 			<td>
-				-
+				<p>
+					<span class="md-plain"><a href="https://cczoo.readthedocs.io/en/latest/Solutions/logistic-regression-inference-HE-SGX/index.html"><span>Alibaba Cloud</span></a>, <br />
+<a href="https://cczoo.readthedocs.io/en/latest/Solutions/logistic-regression-inference-HE-SGX/index.html">Tencent Cloud</a>, <br />
+<a href="https://cczoo.readthedocs.io/en/latest/Solutions/logistic-regression-inference-HE-SGX/index.html" target="_blank"><span>ByteDance Cloud</span></a>, <br />
+<a href="https://cczoo.readthedocs.io/en/latest/Solutions/logistic-regression-inference-HE-SGX/index.html" target="_blank"><span>Microsoft Azure</span></a></span> 
+				</p>
 			</td>
 			<td>
-				In Progress
+				Published
 			</td>
 		</tr>
 		<tr>
@@ -910,6 +918,9 @@ Below table shows solutions and component projects validated in public clouds. A
 					</li>
 				</ul>
 				<ul>
+					<li>
+						<a href="https://cczoo.readthedocs.io/en/latest/Solutions/logistic-regression-inference-HE-SGX/index.html" target="_blank">Secure Logistic Logical Regression Inference with HE and SGX</a>
+					</li>
 					<li>
 						<a href="https://cczoo.readthedocs.io/en/latest/Solutions/grpc-ra-tls/index.html">RA-TLS Enhanced gRPC</a> 
 					</li>
@@ -938,6 +949,9 @@ Below table shows solutions and component projects validated in public clouds. A
 					<li>
 						<a href="https://cczoo.readthedocs.io/en/latest/Solutions/vertical-federated-learning/vfl.html" target="_blank">Vertical Federated Learning</a> 
 					</li>
+					<li>
+						<a href="https://cczoo.readthedocs.io/en/latest/Solutions/logistic-regression-inference-HE-SGX/index.html" target="_blank">Secure Logistic Logical Regression Inference with HE and SGX</a>
+					</li>
 					<li>
 						<a href="https://cczoo.readthedocs.io/en/latest/Solutions/psi/PSI.html" target="_blank">Private
 Set Intersection (PSI)</a><br />
@@ -955,6 +969,12 @@ Set Intersection (PSI)</a><br />
 					<li>
 						<a href="https://cczoo.readthedocs.io/en/latest/Solutions/horizontal-federated-learning/hfl.html">Horizontal Federated Learning</a> 
 					</li>
+					<li>
+						<a href="https://cczoo.readthedocs.io/en/latest/Solutions/vertical-federated-learning/vfl.html" target="_blank">Vertical Federated Learning</a> 
+					</li>
+					<li>
+						<a href="https://cczoo.readthedocs.io/en/latest/Solutions/logistic-regression-inference-HE-SGX/index.html" target="_blank">Secure Logistic Logical Regression Inference with HE and SGX</a>
+					</li>
 				</ul>
 				<p>
 					<br />
@@ -983,6 +1003,9 @@ Set Intersection (PSI)</a><br />
 					<li>
 						<span></span><a href="https://cczoo.readthedocs.io/en/latest/Solutions/psi/PSI.html" target="_blank">Private Set Intersection (PSI)</a><br />
 					</li>
+					<li>
+						<a href="https://cczoo.readthedocs.io/en/latest/Solutions/logistic-regression-inference-HE-SGX/index.html" target="_blank">Secure Logistic Logical Regression Inference with HE and SGX</a>
+					</li>
 				</ul>
 				<p>
 					<br />

cczoo/lr_infer_he_sgx/Dockerfile

@@ -17,6 +17,9 @@
 
 FROM ubuntu:20.04
 
+# Optional build argument to select a build for Azure
+ARG AZURE
+
 ENV DEBIAN_FRONTEND=noninteractive
 ENV INSTALL_PREFIX=/usr/local
 ENV LD_LIBRARY_PATH=${INSTALL_PREFIX}/lib:${INSTALL_PREFIX}/lib/x86_64-linux-gnu:${LD_LIBRARY_PATH}
@@ -46,8 +49,30 @@ RUN wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.k
 # Install SGX-PSW
 RUN apt-get install -y libsgx-pce-logic libsgx-ae-qve libsgx-quote-ex libsgx-quote-ex-dev libsgx-qe3-logic sgx-aesm-service
 
-# Install SGX-DCAP
-RUN apt-get install -y libsgx-dcap-ql-dev libsgx-dcap-default-qpl libsgx-dcap-quote-verify-dev libsgx-dcap-default-qpl-dev
+# Install SGX DCAP
+RUN apt-get install -y libsgx-dcap-ql-dev libsgx-dcap-quote-verify-dev
+
+# Install SGX-DCAP quote provider library
+RUN if [ -z "$AZURE" ]; then \
+        # Not a build for Azure, so install the default quote provider library \
+        apt-get install -y libsgx-dcap-default-qpl; \
+    else \
+        # Build for Azure, so install the Azure DCAP Client (Release 1.10.0) \
+        AZUREDIR=/azure \
+        && apt-get install -y libssl-dev libcurl4-openssl-dev pkg-config software-properties-common \
+        && add-apt-repository ppa:team-xbmc/ppa -y \
+        && apt-get update \
+        && apt-get install -y nlohmann-json3-dev \
+        && git clone https://github.com/microsoft/Azure-DCAP-Client ${AZUREDIR} \
+        && cd ${AZUREDIR} \
+        && git checkout 1.10.0 \
+        && git submodule update --recursive --init \
+        && cd src/Linux \
+        && ./configure \
+        && make DEBUG=1 \
+        && make install \
+        && cp libdcap_quoteprov.so /usr/lib/x86_64-linux-gnu/; \
+    fi
 
 # Gramine
 ENV GRAMINEDIR=/gramine

cczoo/lr_infer_he_sgx/README.md

@@ -21,11 +21,21 @@ After the inference is completed, the encrypted result is sent back to the user
 ## Build and Run
 ### Prerequisite
 - A server with Intel SGX enabled
-- Docker
+- Docker Engine. Docker Engine is an open source containerization technology for
+  building and containerizing your applications.
+  Please follow [this guide](https://docs.docker.com/engine/install/ubuntu/#install-using-the-convenience-script)
+  to install Docker engine.
 ### Build Docker Image
 ```
 git clone https://github.com/intel/confidential-computing-zoo
 cd confidential-computing-zoo/cczoo/lr_infer_he_sgx
+```
+For deployments on Microsoft Azure:
+```shell
+AZURE=1 ./build_docker_image.sh
+```
+For other cloud deployments:
+```shell
 ./build_docker_image.sh
 ```
 ### Execution

cczoo/lr_infer_he_sgx/build_docker_image.sh

@@ -1,3 +1,4 @@
+#!/bin/bash
 #
 # Copyright (c) 2022 Intel Corporation
 # SPDX-License-Identifier: Apache-2.0
@@ -13,9 +14,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-#!/bin/bash
 set -e
 
+if  [ -z "$AZURE" ] ; then
+    azure=
+else
+    azure=1
+fi
+
 # You can remove no_proxy and proxy_server if your network doesn't need it
 no_proxy="localhost,127.0.0.1"
 proxy_server="" # your http proxy server
@@ -26,6 +32,7 @@ DOCKER_BUILDKIT=0 docker build \
     --build-arg no_proxy=${no_proxy} \
     --build-arg http_proxy=${proxy_server} \
     --build-arg https_proxy=${proxy_server} \
+    --build-arg AZURE=${azure} \
     -f Dockerfile \
     -t lr_infer_he_sgx:latest \
     .

cczoo/lr_infer_he_sgx/start_container.sh

@@ -1,3 +1,4 @@
+#!/bin/bash
 #
 # Copyright (c) 2022 Intel Corporation
 # SPDX-License-Identifier: Apache-2.0
@@ -13,7 +14,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-#!/bin/bash
 set -e
 
 function Usage() {
@@ -61,7 +61,7 @@ elif [ $1 = "server" ]; then
         -e http_proxy=${proxy_server} \
         -e https_proxy=${proxy_server} \
         lr_infer_he_sgx:latest \
-        bash
+        /lr_infer_he_sgx/infer_server
 else
     Usage
     exit 1

documents/readthedoc/docs/source/Cloud/cloudDeployment.md

@@ -279,6 +279,7 @@ The configuration of the M6ce instance as below:
 
 ---
 
+
 ## Microsoft Azure
 
 Microsoft Azure [DCsv3-series](https://docs.microsoft.com/en-us/azure/virtual-machines/dcv3-series) instances support Intel® SGX encrypted computing technology.
@@ -319,7 +320,7 @@ The following is the configuration of the DCsv3-series instance used:
 			</td>
 			<td>
 				<div>
-					<span><span>5.13.0-1031-azure</span> </span> 
+					<span><span>5.15.0-1022-azure</span> </span> 
 				</div>
 			</td>
 		</tr>
@@ -365,6 +366,9 @@ Validated Solution&nbsp; </span>
 					<li>
 						<span><a href="https://cczoo.readthedocs.io/en/latest/Solutions/horizontal-federated-learning/hfl.html">Horizontal Federated Learning&nbsp;</a></span> 
 					</li>
+					<li>
+						<span><a href="https://cczoo.readthedocs.io/en/latest/Solutions/logistic-regression-inference-HE-SGX/index.html">Secure Logistic Regression Inference with HE and Intel SGX&nbsp;</a></span> 
+					</li>
 					<li>
 						<a href="https://cczoo.readthedocs.io/en/latest/Solutions/grpc-ra-tls/index.html" target="_blank">RA-TLS Enhanced gRPC</a>
 					</li>

documents/readthedoc/docs/source/Solutions/logistic-regression-inference-HE-SGX/index.md

@@ -21,11 +21,21 @@ After the inference is completed, the encrypted result is sent back to the user
 ## Build and Run
 ### Prerequisite
 - A server with Intel SGX enabled
-- Docker
+- Docker Engine. Docker Engine is an open source containerization technology for
+  building and containerizing your applications.
+  Please follow [this guide](https://docs.docker.com/engine/install/ubuntu/#install-using-the-convenience-script)
+  to install Docker engine.
 ### Build Docker Image
 ```
 git clone https://github.com/intel/confidential-computing-zoo
 cd confidential-computing-zoo/cczoo/lr_infer_he_sgx
+```
+For deployments on Microsoft Azure:
+```shell
+AZURE=1 ./build_docker_image.sh
+```
+For other cloud deployments:
+```shell
 ./build_docker_image.sh
 ```
 ### Execution