A Platform for Secure Analytics and Machine Learning

Born out of research in the UC Berkeley RISE Lab, MC² is a platform for running secure analytics and machine learning on encrypted data. With MC², users can outsource their confidential data workloads to the cloud, while ensuring that the data is never exposed unencrypted to the cloud provider. MC² also enables secure collaboration -- multiple data owners can use the platform to jointly analyze their collective data, without revealing their individual data to each other.

MC² provides the following (actively maintained) secure computation services:

• Opaque SQL: Encrypted data analytics on Spark SQL using hardware enclaves
• Secure XGBoost: Collaborative XGBoost training and inference on encrypted data using hardware enclaves
• Federated XGBoost: Collaborative XGBoost in the federated setting

The MC² project also includes exploratory research prototypes that develop new cryptographic techniques for secure computation. Please visit the individual project pages for more information:

• Cerebro: A general purpose Python DSL for learning with secure multiparty computation.
• Delphi: Secure inference for deep neural networks.

This repository contains the source code for the MC² client, which enables users to easily interface with MC² services deployed remotely in the cloud. Currently, the client supports remote deployments of Opaque SQL only. Support for Secure XGBoost is coming soon. To run an end-to-end MC² workflow:

1. Launch Opaque SQL in the cloud (instructions to do so can be found in the respective repositories)
2. Use the MC² client to encrypt data locally, transfer it to the cloud VMs, run scripts specifying the desired computation, and retrieve and view encrypted results.

Table of Contents

• Installation
• Quickstart
• Documentation
• Contact

Installation

To quickly play with MC² Client and Opaque SQL, you can use the provided Dockerfile to build a container (takes ~7 min) with all MC² Client and Opaque SQL dependencies. To do so, you must have Docker installed.

The container will have the contents of this mc2 directory at /mc2/client, and Opaque SQL will be at /mc2/opaque-sql

For ease of use, we recommend that you create a directory within your host mc2 directory that will serve as your playground, and then mount your playground directory to the Docker container. Mounting will ensure that changes you make in your playground directory outside the container will be reflected inside the container, and vice versa. If you're bringing your own data, you can either copy your data over to your playground directory, or separately mount your data directory to the container.

# Clone the `mc2-project/mc2 repo`
# Build a Docker image called `mc2_img`
docker build -t mc2_img .

# Run the container, mounting your playground to the container, and open a shell into the container
docker run -it -v </absolute/path/to/mc2/playground>:/mc2/client/playground mc2_img /bin/bash

Alternatively, if you'd like to install MC² Client directly on your host, follow these instructions.

Quickstart

This quickstart will give you a flavor of using MC² with Opaque SQL, and can be entirely done locally with Docker if desired. You will use MC² Client to encrypt some data, transfer the encrypted data to a remote machine, run an Opaque SQL job on the encrypted data on the remote machine, and retrieve and decrypt the job's encrypted results. To run everything securely, you can choose to spin up Opaque SQL on Azure VMs with SGX-support. Alternatively, to get a flavor of MC² without having to use Azure, you can use the deployment of Opaque SQL in the Docker container.

MC² Client provides a command line interface that enables you to remotely interact with MC² compute services. The CLI relies on a configuration file that you should modify before each step in this quickstart to tell MC² Client what exactly you want to do. An example of the configuration file is here.

Docker Quickstart

If you'd like to try everything out locally, you can do so within the Docker container you built in the installation section.

1. Copy the contents of the quickstart directory to your mounted "playground" directory to ensure that your changes inside the container get reflected on your host. Then, set the MC2_CONFIG environment variable to the path of your configuration file.

   # From the /mc2/client directory
   cp -r quickstart/* playground
   export MC2_CONFIG=</path/to/playground/config.yaml>

2. Optionally, generate a keypair and a symmetric key that MC² Client will use to encrypt your data. Specify your username and output paths in the user section of the configuration file. Then, generate the keys.

   mc2 init

3. Start the Opaque SQL compute service.

   mc2 start

4. Prepare your data for computation by encrypting and uploading it. Note that "uploading" here means copying because we have a local deployment.

   mc2 upload

5. Run the provided Opaque SQL quickstart script, to be executed by MC². The script can be found here.

   mc2 run

6. Once computation has finished, you can retrieve your encrypted results and decrypt them. Specify the results' path and their encryption format in the download section of configuration. The decrypted results will be in the same directory.

   mc2 download

Azure Quickstart

You can also choose to run this quickstart with enclave-enabled VMs on the cloud with Azure Confidential Computing. This guide will take you through launching such VMs and using them with MC².

1. In the container, copy the contents of the quickstart directory to your mounted "playground" directory to ensure that your changes inside the container get reflected on your host. Otherwise, no need to do anything. Then, set the MC2_CONFIG environment variable to the path of your configuration file.

   # From the /mc2/client directory
   cp -r quickstart/* playground
   export MC2_CONFIG=</path/to/playground/config.yaml>

2. Optionally, generate a keypair and a symmetric key that MC² Client will use to encrypt your data. Specify your username and output paths in the user section of the configuration file. Then, generate the keys.

   mc2 init

3. Next, launch the machines and resources you'll be using for computation. MC² Client provides an interface to launch resources on Azure (and sets up the machines with necessary dependencies). Take a look at the launch section of the configuration file -- you'll need to specify the path to your Azure configuration file, which is a YAML file that details the names and types of various resources you will launch.

   Next, log in to Azure through the command line and set your subscription ID. Here are instructions on how to find your subscription ID.

   az login
   az account set -s <YOUR_SUBSCRIPTION_ID>

   Once you've done that, launch the resources.

   mc2 launch

4. Start the Opaque SQL compute service.

   mc2 start

5. Prepare your data for computation by encrypting and uploading it.

   mc2 upload

6. Run the provided Opaque SQL demo script, to be executed by MC². The script can be found here. All paths in the script are remote paths, since the script will be executing on the remote Opaque SQL service. Then, go to the run section of the configuration and specify the path to your script, as well as parameters for remote attestation. Run the following command to remotely start computation.

   mc2 run

7. Once computation has finished, you can retrieve your encrypted results and decrypt them.

   mc2 download

8. Once you've finished using your Azure resources, you can use MC² Client to terminate them. You can specify which resources to terminate in the teardown section of the configuration.

   mc2 teardown

Documentation

For more thorough documentation on installation and usage, please visit:

• MC² Client
• Opaque SQL
• Secure XGBoost

Contact

Join our Slack, open a GitHub issue, or send a message to mc2-dev@googlegroups.com.