iExec Dev Letter #16: Documentation & New Dapps — March 14, 2018

Julien Béranger
iExec
Published in
6 min readMar 15, 2018

In the Dev Letter #14, Lei Zhang explained how to protect the privacy of dapps and their data and also how to efficiently control the execution of dapps. The first part of this Dev Letter is focusing on how to protect the execution of dapps and their result based on SGX.

By the way, iExec is invited to a discussion panel on this specific topic IBM Think on March 19–22, 2018 in Las Vegas.

Also we’ll present the latest developments of the project. We’ve updated the documentation and the resources about the iExec SDK, we added two new applications on the Dapp Store, and we’ll share the dapp example we’ve deployed during the live coding session we had at EthCC, actually inside the Conservatoire national des arts et métiers (a museum of technological innovation in Paris).

Protect DApp execution and its result.

Since applications are running on different distributed nodes over the networks, and are out of our control; We do not have full visibility whether the applications are correctly running. For example, malicious worker can modify the application, or halt the running application and fabricate a fake result (or copy a result distributed by a sybil attacker) to feed iExec scheduler.

In the SGX enabled iExec worker, the application is not triggered directly, the worker always call a loader which is encrypted and protected by SGX enclave, the loader is the only entrypoint for the worker to trigger the application.

Our SGX based solution allows solving these issues — namely, our solution is able to:

  • Make sure the CORRECT application on worker is running.
  • Make sure the application CORRECTLY EXECUTES, not tampered or interrupted by workers.
  • Make sure the result is VALID, neither copied, nor fabricated by workers.
  • Privacy of result (optional): Make sure the result is encrypted by user-provided key in enclave (i.e. not a fake key from malicious attacker), and the result can never be inspected by anyone else (e.g. including the worker and scheduler).

Impact of recent Meltdown Spectre attack on SGX

SGX is not impacted by Meltdown, however, Intel SGX enclaves are indeed vulnerable to the Spectre attack; but exploiting the chip-level vulnerabilities requires local access: a miscreant must be able to log in, and malware must be running in order to leverage the design blunder to attack an SGX enclave, etc. which is a barrier for the attackers.

iExec is also working with industrial partners to integrate the full protection against Spectre (variants 1 and 2) into our SGX solution.

Live Coding Session at EthCC

At the Ethereum Community Conference, François Branciard had a great Live Coding session with around 50 people in the room. He shown how to deploy an app on iExec. If you need more context, the general presentation of iExec is also available on Youtube.

Live Coding Video
EthCC Live Coding in Paris
iExec Live Coding slides

New Dapps available

The team has deployed the following apps that will be directly accessible from the Dapp Store.

Gimp

GIMP (GNU Image Manipulation Program) is a free and open-source raster graphics editor used for image retouching and editing, free-form drawing, converting between different image formats, and more specialized tasks.

ImageMagick

ImageMagick is a free and open-source software suite for displaying, converting, and editing raster image and vector image files. It can read and write over 200 image file formats. ImageMagick was created in 1987 by John Cristy when working at DuPont, to convert 24-bit images (16 million color) to 8-bit images (256-color), so they could be displayed on most screens. It was freely released in 1990 when DuPont agreed to transfer copyright to ImageMagick Studio LLC, still currently the project maintainer organization.

The Time Clock

Badge-in, badge-out, get pay in ETH and switch the office alarm back on with iExec.

The R Clifford Attractors

This CliffordAttractors R script have been created by Antonio Sánchez Chinchón.

You can read his blog post about it here.

You can find also plenty of others amazing R Scripts on Antonio Sánchez Chinchón website : https://fronkonstin.com/

To run this R Script, we start on the r-base docker image and we added some libraries and needed dependencies.

You can see the corresponding Dockerfile. This docker image has been pushed into this docker repository iexechub/r-clifford-attractors.

Providing a complete documentation

Everyone knows that a complete documentation is essential to any project. The following doc is now available:

In addition, all the following examples, tutorials and resources can also be helpful while deploying your app on iExec (source: iExec SDK repository):

Submitting issues on iExec Github repository

If you meet any problem while using iExec, you now can open an issue in iExec SDK Github repository so that the team can investigate on it. It will be appreciated so thanks in advance!

Stay in touch

iExec re-invents cloud computing by building a decentralized marketplace where everyone can monetize their applications, servers, and data-sets. Blockchains cannot support the kind of computational needs that many dapps will require, and this problem will only compound exponentially as more dapps release their working platforms and products. Blockchains need a solution that allows them to compute off-chain and bring only the results on-chain. iExec provides exactly that solution.

--

--

Julien Béranger
iExec
Writer for

DevRel at Arthera | Member of the W3HC | Co-founder of Āto | Founder of Strat | Volunteer at Emmaüs Connect