Skip to main content

Occlum

Occlum is a memory-safe, multi-process library Operating System (OS) (confidential computing, secure runtime) that runs unmodified Linux applications inside Intel SGX enclaves for trusted execution.

  • Library OS for Intel SGX providing a secure POSIX-compatible runtime (confidential computing, secure runtime)
  • Supports running unmodified Linux binaries and multi-process applications inside enclaves (application compatibility)
  • Provides memory isolation, encrypted execution, and trusted computing base minimization within SGX (runtime security)
  • Integrates with containerized workflows and cloud-native deployment models for enclave applications (cloud-native security)
  • Participates in the Confidential Computing Consortium ecosystem for hardware-based trusted execution (industry consortium)

More About Occlum

Occlum is a library OS (library OS) for Intel Software Guard Extensions, focused on running unmodified Linux applications inside hardware-based trusted execution environments (confidential computing, secure runtime). It targets scenarios where enterprises need to protect application code and data in use, not only at rest or in transit, by executing workloads inside secure enclaves on Intel SGX-capable processors.

The project provides a POSIX-like execution environment (application runtime) so that many existing Linux binaries can run without source code changes. Occlum builds a user-space library OS that is linked with applications and loaded into an SGX enclave, offering process and thread management, virtual file system support, networking interfaces, and standard libc services in a way that is compatible with a broad class of Linux workloads. It also supports multi-process applications, which enables deployment of more complex services and microservice-style components within a single enclave.

From a security perspective, Occlum uses hardware-based isolation features of Intel SGX (hardware security, TEEs) to confine execution and protect memory. Application code and data inside the enclave are encrypted in main memory and only decrypted within the Central Processing Unit (CPU), which reduces exposure to a compromised host OS or hypervisor. The project places focus on keeping the trusted computing base within the enclave relatively small by limiting what runs inside the enclave to the library OS, core runtime components, and the target applications.

For enterprise and cloud environments, Occlum maps to confidential computing and enclave runtime categories. It can integrate with container-based workflows so that enclave-ready applications can be packaged and orchestrated with patterns similar to standard cloud-native services, while still leveraging SGX hardware protections. This enables use in multi-tenant public cloud, hybrid cloud, or on-premises (on-prem) deployments where different security domains share the same physical infrastructure.

Occlum is part of the Confidential Computing Consortium (industry consortium), which brings together projects and vendors around hardware-based trusted execution. This ecosystem context supports interoperability in the broader confidential computing stack, including hardware TEEs, attestation mechanisms, and higher-level frameworks that rely on enclave runtimes. In a technical taxonomy, Occlum fits under confidential computing runtimes, secure execution environments, and enclave OS layers that provide a Linux-compatible abstraction on top of Intel SGX for enterprise workloads.