This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/master by this push:
new 0d9efa9 Polish documents (#508)
0d9efa9 is described below
commit 0d9efa97551a4ee7cfd35afca56e2f1f4930281a
Author: Hongbo <[email protected]>
AuthorDate: Thu Jun 17 22:22:34 2021 -0700
Polish documents (#508)
---
README.md | 1 +
docs/README.md | 1 +
docs/access-control.md | 18 ++++++++--------
docs/adding-custom-executor.md | 46 ----------------------------------------
docs/adding-executors.md | 48 ++++++++++++++++++++++++++++++++++++++++++
5 files changed, 59 insertions(+), 55 deletions(-)
diff --git a/README.md b/README.md
index affc953..fa4d187 100644
--- a/README.md
+++ b/README.md
@@ -48,6 +48,7 @@ platform, making computation on privacy-sensitive data safe
and simple.
- [Access Control](docs/access-control.md)
- [Build System](docs/build-system.md)
- [Teaclave Service Internals](docs/service-internals.md)
+- [Adding Executors](docs/adding-executors.md)
- [Papers, Talks, and Related Articles](docs/papers-talks.md)
### Contribute to Teaclave
diff --git a/docs/README.md b/docs/README.md
index 46926f7..e7f7c55 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -18,6 +18,7 @@ permalink: /docs/
- [Mutual Attestation: Why and How](mutual-attestation.md)
- [Threat Model](threat-model.md)
- [Teaclave Service Internals](service-internals.md)
+- [Adding Executors](adding-executors.md)
- [Papers, Talks, and Related Articles](papers-talks.md)
## Contribute
diff --git a/docs/access-control.md b/docs/access-control.md
index 13e5bfd..c04ba12 100644
--- a/docs/access-control.md
+++ b/docs/access-control.md
@@ -3,12 +3,12 @@ permalink: /docs/access-control
---
# Access Control in Teaclave
-Access control in multi-party computation, by its nature, is set-centric.
-Unlike in traditional settings where only one entitiy, group, or role is
-involved in an action, in multi-party computation tasks an access is aproved or
-denified by combinging the decisions of all stakeholders. Ownership is also
-set-like, because the result of a joint computation task very likely belongs to
-all parties that have provided data.
+Access control in multi-party computation, by its nature, is set-centric.
Unlike
+in traditional settings where only one entity, group, or role is involved in an
+action, in multi-party computation tasks an access is approved or denied by
+combining the decisions of all stakeholders. Ownership is also set-like,
because
+the result of a joint computation task very likely belongs to all parties that
+have provided data.
We found that access control models in conventional systems like RBAC and ABAC
are not powerful enough to govern data usages in Teaclave. Therefore, we
@@ -24,9 +24,9 @@ The file has three sections:
Before diving into the details about how our access control model works, we
recommend readers learn about [logic
programming](https://en.wikipedia.org/wiki/Logic_programming)
-first, because
-our model configuration language is actually a home-baked tiny logic
-programming language.
+first, because our
+model configuration language is actually a home-baked tiny logic programming
+language.
### request
A request is a query that should be answered by the access control service. The
diff --git a/docs/adding-custom-executor.md b/docs/adding-custom-executor.md
deleted file mode 100644
index da53abc..0000000
--- a/docs/adding-custom-executor.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-permalink: /docs/adding-custom-executor
----
-
-# Source Code of the Executor
-
-The source code of the new executor should be at `executor/src/`.
-
-1. Create a public executor unit struct.
-2. Implement `TeaclaveExecutor` trait and `execute` function for the new
struct.
-3. Re-export your new executor in `executor/src/lib.rs` to make it callable.
-4. Optionally, add unit test code to test your executor, and add a line
calling your test in `executor/src/lib.rs`.
-
-## Extern Function
-
-Usually the new executor for other language or bytecode cannot be supported by
this single rust source file,
-and the embedded execution environment is ported from another project, which
can be written in another
-language. Therefore some extern functions should be imported to the rust
source code and a **static** library
-is needed in linking.
-
-You may add this library in the linking command located at
`cmake/scripts/sgx_link_sign.sh`, and such library
-should be in `${TEACLAVE_OUT_DIR}`, which will be parsed to
`build/intermediate` in build phase.
-
-# Add the Interface
-
-You also need to add some auxillary code for teaclave and tell it when and how
to invoked the new executor.
-
-## `types/src/worker.rs`
-
-1. Add a new enum value in `ExecutorType`;
-2. Add a match case in `ExecutorType::try_from` to get the `ExecutorType` from
a string;
-3. Add a match case in `ExecutorType::fmt` for printing;
-4. Besides, add a enum in `Executor`;
-5. Add match cases in `Executor::try_from` and `Executor::fmt` just like what
you've done in step 3 and 4.
-
-## `worker/src/worker.rs`
-
-1. Import the executor in `use teaclave_executor::{...}`
-2. Register the new executor in `Worker::Default`
-
-# Invoke the New Executor
-
-Just call the API and remember to set `executor_type` to your new executor
type's name (the string used in
-`ExecutorType::try_from` match case) when calling `register_function`, and set
the `executor` to the executor's
-name correspondingly.
-
diff --git a/docs/adding-executors.md b/docs/adding-executors.md
new file mode 100644
index 0000000..5dc1369
--- /dev/null
+++ b/docs/adding-executors.md
@@ -0,0 +1,48 @@
+---
+permalink: /docs/adding-executors
+---
+
+# Adding Executors
+
+Teaclave supports several function executors currently: `builtin`, `mesapy` and
+`wamr` (WebAssembly Micro Runtime). For more information about current function
+executors, please check [this link](executor).
+
+However, sometimes platform providers may found current executors built in
+Teaclave are not applicable for hosting some services, and they want to use
+their own executor or an executor shipped by the third-party to execute their
+code (for example, written languages other than Python or WASM). They can then
+modify Teaclave's source code to add a customized executor to run their
+functions.
+
+## Steps of Adding a New Executor
+
+Executors can be either linked to Teaclave as a third-party library (e.g.
Mesapy
+executor) or built in Teaclave itself (e.g. builtin executor). The source code
+of either type is located at `executor/src/`. The general steps for adding a
+custom executor can be summarized in the following steps:
+
+1. Create a public executor unit struct and implement the `TeaclaveExecutor`
trait.
+2. Re-export your new executor in `executor/src/lib.rs` to make it callable.
+3. Add enums in `ExecutorType` and `Executor` (in `types/src/worker.rs`), as
+ well as corresponding logics for handling the added enums.
+4. Import and register the added executor in `worker/src/worker.rs`.
+5. (Optional) Add unit test to your customized executor
+
+### Linking Related Libraries
+
+If the custom executor is embedded or ported to Teaclave, `extern` functions
+might be introduced into Teaclave and thus you also need to tell the build
+system where to find the library containing these external functions. You may
+add this library in the linking command at script
+`cmake/scripts/sgx_link_sign.sh`. The linker will try to find the library in
+`${TEACLAVE_OUT_DIR}`, which is be parsed to `build/intermediate` in build
+phase. Besides, you can also add several lines to generate or download the
+library in `CMakeList.txt`.
+
+## Invoking the New Executor
+
+Just call the API and remember to set `executor_type` to your new executor
+type's name (the string used in `ExecutorType::try_from` match case) when
+calling `register_function`, and set the `executor` to the executor's name
+correspondingly.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
