Occlum v1.0: Open‑Source Trusted Execution Environment OS with Major Performance Gains and Spark Big Data Integration

On December 10, 2022, at the CNCC2022 Trusted Privacy Computing Forum, Ant Group announced the official release of Occlum v1.0, an open‑source trusted execution environment (TEE) operating system with significantly higher stability and completeness.

The new version achieves up to five times performance improvement in thread scheduling, network, and storage I/O, and fully integrates the Spark big‑data analysis solution jointly developed by Ant Group and Intel, enabling seamless migration of Spark workloads into confidential TEE environments.

Occlum Development History

Occlum is an open‑source memory‑safe multi‑task user‑mode OS for various TEEs, currently supporting Intel SGX and Ant Group’s domestic TEE‑HyperEnclave. The project started in 2018, was open‑sourced on GitHub in 2019, and published its first community version the same year.

In March 2020, Occlum presented a paper at ASPLOS’2020, describing a high‑efficiency multi‑task user‑mode OS running inside a single SGX enclave, which gave it advantages in resource usage and runtime performance over other LibOS solutions.

In 2021, Ant Group donated Occlum to the Linux Foundation Confidential Computing Consortium (CCC), making it the first open‑source project initiated by a Chinese tech company in the consortium. To date, Occlum has released over 40 versions and earned more than 1,000 GitHub stars.

Occlum is a core component of Ant Group’s “YinYu” confidential computing stack, the default runtime for Alibaba’s Inclavare Containers, and has been highlighted by Microsoft Azure as a recommended platform for confidential computing applications.

Technical Highlights of Occlum v1.0

1) 150+ Linux‑compatible system calls – Enables unmodified Linux applications (C/C++, Java, Python, Go, Rust, shell scripts, etc.) to run inside an enclave, with demos such as SQLite, TensorFlow, OpenVINO, PyTorch, Redis, MySQL, Spark, and Flink.

2) Ease of use, high efficiency, practicality, and memory safety – Occlum offers a container‑like deployment experience, a single‑address‑space architecture for fast process startup and inter‑process communication, support for encrypted and in‑memory file systems, and is written in Rust to eliminate low‑level memory bugs.

3) Four core technologies :

Asynchronous‑centric design using Rust async runtime and lightweight coroutines for efficient thread scheduling, especially for ML and distributed workloads.

Integration of Linux’s next‑generation async I/O interface io_uring , delivering near‑native network I/O performance.

Adoption of a log‑structured trusted virtual block device, providing stronger security and higher I/O performance than existing Linux or SGX‑PFS solutions.

Dynamic memory management with on‑demand allocation, improving enclave memory utilization and reducing application load time.

Performance tests show Occlum v1.0’s thread scheduling is five times faster than the previous 0.29 version, with 2× network throughput and 3× file I/O throughput improvements.

4) Spark Big‑Data Analysis Solution – In collaboration with Intel’s BigDL team, Ant Group integrated Apache Spark into Occlum, releasing a secure end‑to‑end distributed Spark analytics platform that supports multiple deployment modes and adds transparent remote attestation.

The solution enables existing Spark applications to run in a TEE without code changes, scales horizontally to terabyte‑scale data, and provides built‑in remote proof of integrity, all open‑sourced and showcased on Microsoft Azure’s confidential computing blog.

Conclusion and Future Directions

Occlum will continue to deepen its work in privacy computing, targeting GPU‑based TEEs, preparing for Intel’s upcoming TDX architecture, and evolving from a user‑mode OS to a kernel‑mode OS, while fostering ecosystem collaboration and open‑source community engagement.