MarbleRun

MarbleRun is a framework for creating distributed confidential-computing apps.

Build your confidential microservices with EGo or another runtime, distribute them with Kubernetes on an SGX-enabled cluster, and let MarbleRun take care of the rest. Deploy end-to-end secure and verifiable AI pipelines or crunch on sensitive big data in the cloud.

MarbleRun guarantees that the topology of your distributed app adheres to a Manifest specified in simple JSON. MarbleRun verifies the integrity of services, bootstraps them, and sets up encrypted connections between them. If a node fails, MarbleRun will seamlessly substitute it with respect to the rules defined in the Manifest.

To keep things simple, MarbleRun issues one concise remote attestation statement for your whole distributed app. This can be used by anyone to verify the integrity of your distributed app.

Key features

:lock: Authentication and integrity verification of microservices with respect to a Manifest written in simple JSON

:key: Secrets management for microservices

:package: Provisioning of certificates, configurations, and parameters for microservices

:globe_with_meridians: Remote attestation of the entire cluster

Overview

Supported runtimes

MarbleRun supports services built with one of the following frameworks:

• EGo
• Gramine
• Occlum
• Edgeless RT

Quickstart and documentation

See the Getting Started Guide to set up a distributed confidential-computing app in a few steps. See the documentation for details.

Community & help

• Got a question? Please file an issue.
• If you see an error message or run into an issue, please make sure to create a bug report.
• Get the latest news and announcements on Twitter, LinkedIn or sign up for our monthly newsletter.
• Visit our blog for technical deep-dives and tutorials.

Contributing

• Read CONTRIBUTING.md for information on issue reporting, code guidelines, and our PR process.
• BUILD.md includes general information on how to work in this repo.
• Pull requests are welcome! You need to agree to our Contributor License Agreement.
• This project and everyone participating in it are governed by the Code of Conduct. By participating, you are expected to uphold this code.
• Please report any security issue via a private GitHub vulnerability report or write to security@edgeless.systems.

Examples

Hello world

We provide basic examples on how to build confidential apps with MarbleRun:

• See helloworld for an example in Go
• See helloc++ for an example in C++
• See gramine-hello for an example using Gramine
• See occlum-hello for an example using Occlum

Advanced

In case you want to see how you can integrate popular existing solutions with MarbleRun, we provide more advanced examples:

• See gramine-nginx for an example of converting an existing Gramine application to a Marble
• See gramine-redis for a distributed Redis example using Gramine

Confidential emoji voting

The popular Linkerd service mesh uses the simple and scalable emojivoto app as its default demo. Check out our confidential variant. Your emoji votes have never been more secure! 😉

<!-- refs -->