Skip to content

Commit

Permalink
Merge pull request #36 from DerrickKirimi/COCOS-noissue-url-typo
Browse files Browse the repository at this point in the history
NOISSUE: Fix typos in docs and unreachable URL in README.md
  • Loading branch information
drasko authored Aug 7, 2024
2 parents ea7a362 + 25dd375 commit 9b7cac2
Show file tree
Hide file tree
Showing 6 changed files with 40 additions and 31 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,4 @@ mkdocs serve
Then just point the browser to [http://127.0.0.1:8000](http://127.0.0.1:8000).


[docs]: https://docs.cocos.ai
[docs]: https://docs.cocos.ultraviolet.rs
7 changes: 5 additions & 2 deletions docs/agent.md
Original file line number Diff line number Diff line change
@@ -1,17 +1,19 @@
# Agent

The agent is responsible for the life cycle of the computation, i.e., running the computation and sending events about the status of the computation within the TEE. The agent is found inside the VM (TEE), and each computation within the TEE has its own agent. When a computation run request is sent from from the manager, manager creates a VM where the agent is found and sends the computation manifest to the agent.
The agent is responsible for the life cycle of the computation, i.e., running the computation and sending events about the status of the computation within the TEE. The agent is found inside the VM (TEE), and each computation within the TEE has its own agent. When a computation run request is sent from the manager, manager creates a VM where the agent is found and sends the computation manifest to the agent.

The picture below shows where the Agent runs in the Cocos system, helping us better understand its role.

![Agent](./img/agent.png){ align=center }

## StateMachine

- Orchestrates the overall flow of the computation.
- Transitions between states based on received events.
- Defines valid state transitions and associated functions.

### States

- `idle`: Initial state, waiting for the computation to start.
- `receivingManifest`: Receives the initial computation manifest.
- `receivingAlgorithm`: Receives the algorithm for the computation.
Expand All @@ -21,6 +23,7 @@ The picture below shows where the Agent runs in the Cocos system, helping us bet
- `complete`: All results have been consumed, computation lifecycle ends.

### Events

- `start`: Triggers the computation startup process.
- `manifestReceived`: Indicates computation manifest has been received.
- `algorithmReceived`: Indicates the algorithm has been received.
Expand All @@ -30,7 +33,7 @@ The picture below shows where the Agent runs in the Cocos system, helping us bet

## Agent Events

As the computation in the agent undergoes different operations, it sends events to the manager so that the user can monitor the computation from either the UI or other client. Events sent to the manager based on the agent state as defined by the statemachine.
As the computation in the agent undergoes different operations, it sends events to the manager so that the user can monitor the computation from either the UI or other client. Events sent to the manager are based on the agent state as defined by the statemachine.

## Vsock Connection Between Agent & Manager

Expand Down
12 changes: 6 additions & 6 deletions docs/architecture.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,15 @@
CocosAI system is running on the host, and it's main goal is to enable:

- Programatic creation of enclaves (TEEs)
- Gest OS and system enviroment withn the enclave VMs
- Guest OS and system environment within the enclave VMs
- Monitoring of enclaves
- In-enclave SW manager agent
- Ectyped data trensfer into the enclave and computation execution
- Ecrypted data transfer into the enclave and computation execution
- Result retrieval via encrypted channel to an authorized party
- Providing of HW measurement and attestation report
- Enablement of vTPM and [DICE](https://trustedcomputinggroup.org/accurately-attest-the-integrity-of-devices-with-dice/) integrity checks (root chain of trust) in order to ensure secure boot of the TEEs

These features are implemented by several independed components of CocosAI system:
These features are implemented by several independent components of CocosAI system:

1. Manager
2. Agent
Expand All @@ -21,21 +21,21 @@ These features are implemented by several independed components of CocosAI syste
![Cocos Arch](./img/arch.png){ align=center }


>**N.B.** CocosAI open-source project does not provide Computation Management service. It is usually a cloud component, used to define a Computation (i.e. define computation metadata, like participant list, algorithm and data providers, result recipients, etc...). Ultraviolet provide commercial product Prism, a multi-party computation platform, that implements multi-tenant and scalable Computation Management service, running in the cloud or on premise, and capable to connect and control CocosAI system running on the TEE host.
>**N.B.** CocosAI open-source project does not provide Computation Management service. It is usually a cloud component, used to define a Computation (i.e. define computation metadata, like participants list, algorithm and data providers, result recipients, etc...). Ultraviolet provides commercial product Prism, a multi-party computation platform, that implements multi-tenant and scalable Computation Management service, running in the cloud or on premise, and capable to connect and control CocosAI system running on the TEE host.
## Manager

Manager is a gRPC client that listens to requests sent through gRPC and sends them to Agent via vsock. Manager creates a secure enclave and loads the computation where the agent resides. The connection between Manager and Agent is through vsock, through which channel agent sends events periodically to manager, who forwards these via gRPC.

## Agent

Agent defines firmware which goes into the TEE and is used to control and monitor computation within TEE and enable secure and encrypted communication with outside world (in order to fetch the data and provide the result of the computation). The Agent contains a gRPC server that listens for requests from gRPC clients. Communication between the Manager and Agent is done via vsock. The Agent sends events to the Manager via vsock, which then forwards these via gRPC. Agent contains a gRPC server that exposes useful functions that can be accessed by other gRPC clients such as the CLI.
Agent defines firmware which goes into the TEE and is used to control and monitor computation within TEE and enable secure and encrypted communication with the outside world (in order to fetch the data and provide the result of the computation). The Agent contains a gRPC server that listens for requests from gRPC clients. Communication between the Manager and Agent is done via vsock. The Agent sends events to the Manager via vsock, which then forwards these via gRPC. Agent contains a gRPC server that exposes useful functions that can be accessed by other gRPC clients such as the CLI.

## EOS
EOS, or Enclave Operating System, is ...

## CLI

CoCoS CLI is used to access the agent within the secure enclave. CLI communicates to agent using gRPC, with funcitons such as algo to provide the algorithm to be run, data to provide the data to be used in the computation, and run to start the computation. It also has functions to fetch and validate the attestation report of the enclave.
CoCoS CLI is used to access the agent within the secure enclave. CLI communicates to agent using gRPC, with functions such as algo to provide the algorithm to be run, data to provide the data to be used in the computation, and run to start the computation. It also has functions to fetch and validate the attestation report of the enclave.

For more information on CLI, please refer to [CLI docs](./cli.md).
18 changes: 10 additions & 8 deletions docs/computation.md
Original file line number Diff line number Diff line change
@@ -1,24 +1,26 @@
# Computation
Computation in CocosAI is any execution of a program (Algorithm) or an data set (Data), that can be one data file, or a lot of files comping from different parties.

Computation in CocosAI is any execution of a program (Algorithm) on a data set (Data), that can be one data file, or a lot of files coming from different parties.

Computations are multi-party, meaning that program and data providers can be different parties that do not want to expose their intellectual property to other parties participating in the computation.

`Computation` is a structure that holds all the necessary information needed to execute the computation securely (list of participants, execution backend - i.e. where computation will be executed, role of each participant, cryptographic certificates, etc...).

## Computation Roles
Computation is multi-party, i.e. has multiple participants. Each of the users that participate in the computation can have one of the follwoing roles:

1. **Computation Owner** - user that created the `Computation` and that defines who will participate in it and with wich role (by inviting other users to the Computation)
2. **Algorithm Provider** - user that will provide th actual program to be executed
3. **Data Provider** - user that will provide a data on which algorithm will be executed, i.e. data which algorithm will process
Computation is multi-party, i.e. has multiple participants. Each of the users that participate in the computation can have one of the following roles:

1. **Computation Owner** - user that created the `Computation` and that defines who will participate in it and with which role (by inviting other users to the Computation)
2. **Algorithm Provider** - user that will provide the actual program to be executed
3. **Data Provider** - user that will provide data on which the algorithm will be executed, i.e. data which algorithm will process
4. **Result Recipient** - user that will recieve result after the processing

One user can have several roles - for example, Algorithm Provider can also be a Result Recipient.
One user can have several roles - for example, an Algorithm Provider can also be a Result Recipient.

## Computation Manifest
Computation Manifest represent that Computation description and is sent upon `run` command to the Manager as a JSON.

Computation Manifest represents the Computation description and is sent upon `run` command to the Manager as a JSON.

Manager fetches the Computation Manifest and sends it into the TEE to Agent, via vsock.

The first thing that Agent does upon boot, is that it fetches the Computation Manifest and reads it. For this Manifest, Agent understands who are the participants in the computation adn with wich role, i.e. from whom it can accept the connections and what data they will send. Agent also learns from the Manifest what algorithm is used and how many datasets will be provided. This way it knows when it received all necessary files to start the execution. Finally, Agent learns from the Manifest to whom it needs to send the Result of the computation.

6 changes: 3 additions & 3 deletions docs/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

CocosAI (Confidential Computing System for AI) is a SW system for enabling confidential and privacy-preserving AI/ML, i.e. execution of model training and algorithm inference on confidential data sets. Privacy-preservation is considered a “holy grail” of AI. It opens many possibilities, among which is a collaborative, trustworthy AI.

CocosAI leverages Confidential Computing, a novel paradigm based on specialized HW CPU extensions for producting secure encrypted enclaves in memory (Trusted Execution Enviroments, or TEEs), thus isloalting confidential data and programs from the rest of the SW running on the hos
CocosAI leverages Confidential Computing, a novel paradigm based on specialized HW CPU extensions for producting secure encrypted enclaves in memory (Trusted Execution Enviroments, or TEEs), thus isolating confidential data and programs from the rest of the SW running on the host.

The final product enables data scientists to train AI and ML models on confidential data that is never revealed, and can be used for Secure Multi-Party Computation (SMPC). AI/ML on combined data sets that come from different sources will unlock huge value.

Expand All @@ -13,7 +13,7 @@ The final product enables data scientists to train AI and ML models on confident
CoCoS.ai is enabling the following features:

- TEE enablement, deployment and monitoring
- In-enclave agent, netowrking controller and other system software
- In-enclave agent, networking controller and other system software
- Encrypted asynchronous data transfer and result delivery
- API for programmable platform manipulation
- HW and SW supported attestation with verification tools
Expand All @@ -23,4 +23,4 @@ CoCoS.ai is enabling the following features:
CocosAI is published under liberal [Apache-2.0](https://github.com/ultravioletrs/cocos/blob/main/LICENSE) open-source license.

## GitHub
CcosAI can be downlaoded from its [GitHub repository](https://github.com/ultravioletrs/cocos)
CocosAI can be downloaded from its [GitHub repository](https://github.com/ultravioletrs/cocos)
Loading

0 comments on commit 9b7cac2

Please sign in to comment.