Hello world

.github/linters/.arm-ttk.psd1

@@ -0,0 +1,31 @@
+# Documentation:
+#  - Test Parameters: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-toolkit#test-parameters
+#  - Test Cases: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-cases
+@{
+    Test = @(
+        'Parameters Property Must Exist',
+        'Parameters Must Be Referenced',
+        'Secure String Parameters Cannot Have Default',
+        'Resources Should Have Location',
+        'VM Size Should Be A Parameter',
+        'Min And Max Value Are Numbers',
+        'artifacts-parameter',
+        'Variables Must Be Referenced',
+        'Dynamic Variable References Should Not Use Concat',
+        'Providers apiVersions Is Not Permitted',
+        'Template Should Not Contain Blanks',
+        'DependsOn Must Not Be Conditional',
+        'Deployment Resources Must Not Be Debug',
+        'adminUsername Should Not Be A Literal',
+        'VM Images Should Use Latest Version',
+        'Virtual-Machines-Should-Not-Be-Preview',
+        'ManagedIdentityExtension must not be used',
+        'Outputs Must Not Contain Secrets'
+    )
+    Skip = @(
+        'apiVersions Should Be Recent',
+        'IDs Should Be Derived From ResourceIDs',
+        'Location Should Not Be Hardcoded',
+        'ResourceIds should not contain'
+    )
+}

.github/linters/.jscpd.json

@@ -0,0 +1,10 @@
+{
+  "threshold": 4,
+  "reporters": [
+    "consoleFull"
+  ],
+  "ignore": [
+    "**/__snapshots__/**"
+  ],
+  "absolute": true
+}

.github/workflows/main.yml

@@ -0,0 +1,117 @@
+name: Continous Integration
+
+# Run this workflow every time a new commit pushed to your repository
+on:
+  push:
+    branches: 
+      - master
+  pull_request:
+    branches:
+      - master
+
+jobs:
+
+  build:
+    name: Build, install, and test MC2 Client
+    # Define the OS to run on
+    runs-on: ubuntu-18.04
+    strategy:
+      matrix:
+        python-version: ['3.6', '3.7', '3.8']
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps: 
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          submodules: true
+          path: main
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Upgrade Pip
+        run: python -m pip install --upgrade pip setuptools wheel
+
+      - name: Install apt package dependencies
+        run: |
+          # Install OpenEnclave 0.12.0
+          echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
+          wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
+          echo "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-7 main" | sudo tee /etc/apt/sources.list.d/llvm-toolchain-bionic-7.list
+          wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
+          echo "deb [arch=amd64] https://packages.microsoft.com/ubuntu/18.04/prod bionic main" | sudo tee /etc/apt/sources.list.d/msprod.list
+          wget -qO - https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
+
+          sudo apt update
+          sudo apt -y install clang-7 libssl-dev gdb libsgx-enclave-common libsgx-enclave-common-dev libprotobuf10 libsgx-dcap-ql libsgx-dcap-ql-dev az-dcap-client open-enclave=0.12.0 
+
+          # CMake
+          wget https://github.com/Kitware/CMake/releases/download/v3.15.6/cmake-3.15.6-Linux-x86_64.sh
+
+          # Mbed TLS
+          sudo apt-get install -y libmbedtls-dev
+
+      - name: Build C++
+        run: | 
+          # Build C++ source
+          cd main
+          cd src
+          mkdir build
+          cd build
+          cmake ..
+          make -j4
+          cd ../..
+
+      - name: Install Python dependencies
+        run: |
+          # Python packages
+          # pip install setuptools wheel pytest
+
+          cd main
+          pip install -r requirements.txt 
+
+      - name: Install mc2client Python package
+        run: |
+          # Install the Python package
+          cd main/python-package
+          python setup.py install
+
+      - name: Checkout sequencefile Python package
+        uses: actions/checkout@master
+        with:
+            path: sequencefile
+            repository: opaque-systems/sequencefile
+
+      - name: Install sequencefile Python package
+        run: cd sequencefile; python setup.py install
+        shell: bash
+
+      - name: Run tests
+        run: cd main/python-package/tests; pytest
+        shell: bash
+
+
+  # Set the job key. The key is displayed as the job name
+  # when a job name is not provided
+  super-lint:
+    # Name the Job
+    name: Lint code base
+    # Set the type of machine to run on
+    runs-on: ubuntu-18.04
+
+    steps:
+      # Checks out a copy of your repository on the ubuntu-18.04 machine
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      # Runs the Super-Linter action
+      - name: Run Super-Linter
+        uses: github/super-linter@v3
+        env:
+          DEFAULT_BRANCH: master
+          VALIDATE_JSCPD: false
+          VALIDATE_BASH: false
+          VALIDATE_PROTOBUF: false

.gitignore

@@ -0,0 +1,21 @@
+python-package/mc2client/__pycache__/
+python-package/mc2client/toolchain/__pycache__/
+__pycache__/
+python-package/build/
+python-package/dist/
+python-package/mc2client.egg-info/
+src/build/
+python-package/mc2client/rpc/ndarray_pb2.py
+python-package/mc2client/rpc/ndarray_pb2_grpc.py
+python-package/mc2client/rpc/opaquesql_pb2.py
+python-package/mc2client/rpc/opaquesql_pb2_grpc.py
+python-package/mc2client/rpc/remote_pb2.py
+python-package/mc2client/rpc/remote_pb2_grpc.py
+docs/_build/
+
+# Keys
+*.pem
+*.key
+
+# Any sample encrypted files
+*.enc

README.md

@@ -0,0 +1,105 @@
+# MC<sup>2</sup>: A Platform for Secure Analytics and Machine Learning
+Born out of research in the [UC Berkeley RISE Lab](https://rise.cs.berkeley.edu/), MC<sup>2</sup> is a platform for running secure analytics and machine learning in an untrusted environment, like the cloud. MC<sup>2</sup> provides compute services that can be cryptographically trusted to correctly and securely perform computation even when the machines they run on have been compromised.
+
+This repo contains the source code for the MC<sup>2</sup> client, which enables a user to interface with MC<sup>2</sup>'s cloud compute services. Actively maintained compute services include:
+
+* [Federated XGBoost](https://github.com/mc2-project/federated-xgboost): Collaborative XGBoost in the federated setting.
+* [Opaque SQL](https://github.com/mc2-project/opaque): Encrypted data analytics on Spark SQL with hardware enclaves.
+* [Secure XGBoost](https://github.com/mc2-project/secure-xgboost): Collaborative XGBoost training and inference on encrypted data using hardware enclaves.
+
+MC<sup>2</sup> also contains some research prototypes:
+
+* [Cerebro](https://github.com/mc2-project/cerebro): A general purpose Python DSL for learning with secure multiparty computation.
+* [Delphi](https://github.com/mc2-project/delphi): Secure inference for deep neural networks.
+
+## Table of Contents
+* [MC<sup>2</sup> Client](#mc2-client)
+* [Quickstart](#quickstart)
+* [Documentation](#documentation)
+
+## MC<sup>2</sup> Client
+The Opaque SQL and Secure XGBoost compute services require a client to run an end-to-end workflow. In particular, once a user has launched VM's running Opaque SQL or Secure XGBoost (instructions to do so can be found in each repository), the user can encrypt their data and transfer it to such VMs, submit queries to specify the exact computation they want to run, and retrieve and view encrypted results.
+
+## Quickstart
+To quickly get a flavor of MC<sup>2</sup>, you can work in a Docker image that comes with pre-built versions of MC<sup>2</sup> Client, Opaque SQL, and Secure XGBoost, and all dependencies. This quickstart is completely self-contained within a container.
+
+1. Pull the Docker image.
+
+    ```sh
+    docker pull mc2project/mc2
+    ```
+
+1. Launch a container from the image, binding necessary ports from your host to the container.
+
+    ```sh
+    docker run -it -p 22:22 -p 50051-50055:50051-50055 -w /root mc2project/mc2
+    ```
+
+1. Navigate to the `mc2-client/demo` directory. The configuration for this quickstart has been pre-populated in `demo/mc2.yaml`. More on the configuration can be found [here](). By default, the configuration has been set assuming you want to run Secure XGBoost. If you want to run Opaque SQL instead, comment out the Secure XGBoost section in the `local` part of the YAML configuration and comment in the Opaque SQL section.
+
+    ```yaml
+    # Configuration for local data
+    local:
+        # If you want to run Secure XGBoost
+        # Your data to compute on
+        data:
+            - data/opaquexgb.csv.train
+            - data/opaquexgb.csv.test
+
+        # Opaque XGBoost script to run
+        script: opaque_xgboost_demo.py
+        # ----------------------------------
+
+
+        # # If you want to run Opaque SQL
+        # # Your data to compute on
+        # data:
+        #     - data/opaquesql.csv
+        # 
+        # schemas:
+        #     - data/opaquesql.csv.schema
+        # 
+        # # Opaque SQL script to run
+        # script: opaque_sql_demo.scala
+        # # ------------------------------
+    ```
+
+1. Start the desired compute service within the container (Secure XGBoost or Opaque SQL). In a production environment, these compute services would be started in the cloud. Starting a compute service will start a listener that listens on port 50052.
+
+    * To start Secure XGBoost, navigate to `/root/secure-xgboost/demo/python/remote-control/server` and start the (simulated) enclave, then navigate to `/root/secure-xgboost/demo/python/remote-control/orchestrator` and start the orchestrator.
+
+    ```sh
+    cd /root/secure-xgboost/demo/python/remote-control/server/
+    python3 enclave_serve.py
+
+    cd ../orchestrator
+    python3 start_orchestrator.py
+    ```
+
+    * To start Opaque SQL, navigate to `/root/opaque/` and start everything at once.
+
+    ```sh
+    cd /root/opaque/
+    build/sbt run
+    ```
+
+1. Once you've started the compute service, encrypt and transfer the encrypted data. Data to be encrypted/transferred is in `mc2.yaml` (this is pre-populated with the sample data). In this quickstart, the "transfer" is just a `scp` to another directory in the same container. In practice, the transfer is an upload to a remote machine in the cloud. The destination path for the data can also be specified in the configuration YAML under `cloud/data_dir`. Run the following command depending on which compute service you've started.
+
+    ```sh
+    mc2 upload --xgb/--sql
+    ```
+
+1. Now, you're ready to run computation. Start computation through MC<sup>2</sup> according to the compute service.
+
+    ```sh
+    mc2 run --xgb/--sql
+    ```
+
+1. Once computation has finished, download and decrypt results. The source and destination of downloaded results can be specified in the configuration YAML under `cloud/results` and `local/results`, respectively.
+
+    ```sh
+    mc2 download --xgb/--sql
+    ```
+
+## Documentation
+More thorough documentation on installation and usage can be found [here]().