This project demonstrates how Occlum enables unmodified Python programs running in SGX enclaves, which is based on glibc.
To make the sample code more realistic, we choose to write a Python program that processes CSV data files using NumPy, pandas, and scikit-learn. The sample code can be found here.
This tutorial is written under the assumption that you have Docker installed and use Occlum in a Docker container.
Occlum is compatible with glibc-supported Python, we employ miniconda as python installation tool. You can import any python dependencies using conda. Here, miniconda is automatically installed by install_python_with_conda.sh script, the required python and related dependencies for this project are also loaded by this script. Here, we take occlum/occlum:0.23.0-ubuntu18.04 as example.
Step 1 (on the host): Start an Occlum container
docker pull occlum/occlum:0.23.0-ubuntu18.04
docker run -it --name=pythonDemo --device /dev/sgx/enclave occlum/occlum:0.23.0-ubuntu18.04 bash
Step 2 (on the host): Download miniconda and install python to prefix position.
cd /root/occlum/demos/python/python_glibc
bash ./install_python_with_conda.sh
Step 3 (on the host): Run the sample code on Occlum
cd /root/occlum/demos/python/python_glibc
bash ./run_python_on_occlum.sh
It will process CSV data files and generate a file (smvlight.dat) in ./occlum_instance.