Affiliation:
1. University of Michigan
Abstract
Intel's SGX secure execution technology allows running computations on secret data using untrusted servers. While recent work showed how to port applications and large-scale computations to run under SGX, the performance implications of using the technology remains an open question. We present the first comprehensive quantitative study to evaluate the performance of SGX. We show that straightforward use of SGX library primitives for calling functions add between 8,200 - 17,000 cycles overhead, compared to 150 cycles of a typical system call. We quantify the performance impact of these library calls and show that in applications with high system calls frequency, such as memcached, openVPN, and lighttpd, which all have high bandwidth network requirements, the performance degradation may be as high as 79%. We investigate the sources of this performance degradation by leveraging a new set of microbenchmarks for SGX-specific operations such as enclave entry-calls and out-calls, and encrypted memory I/O accesses. We leverage the insights we gain from these analyses to design a new SGX interface framework HotCalls. HotCalls are based on a synchronization spin-lock mechanism and provide a 13-27x speedup over the default interface. It can easily be integrated into existing code, making it a practical solution. Compared to a baseline SGX implementation of memcached, openVPN, and lighttpd - we show that using the new interface boosts the throughput by 2.6-3.7x, and reduces application latency by 62-74%.
Publisher
Association for Computing Machinery (ACM)
Reference46 articles.
1. http_load - multiprocessing http test client. http://acme.com/software/http_load/. http_load - multiprocessing http test client. http://acme.com/software/http_load/.
2. SGX Secure Enclaves in Practice: Security and Crypto Review. Black Hat. https://www.blackhat.com/docs/us-16/materials/us-16-Aumasson-SGX-Secure-Enclaves-In-Practice-Security-And-\Crypto-Review.pdf. SGX Secure Enclaves in Practice: Security and Crypto Review. Black Hat. https://www.blackhat.com/docs/us-16/materials/us-16-Aumasson-SGX-Secure-Enclaves-In-Practice-Security-And-\Crypto-Review.pdf.
3. Tiago Alves and Don Felton. 2004. TrustZone: Integrated Hardware and Software Security-Enabling Trusted Computing in Embedded Systems. Tiago Alves and Don Felton. 2004. TrustZone: Integrated Hardware and Software Security-Enabling Trusted Computing in Embedded Systems.
4. Facilitating efficient synchronization of asymmetric threads on hyper-threaded processors
Cited by
26 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. One System Call Hook to Rule All TEE OSes in the Cloud;2024 IEEE 17th International Conference on Cloud Computing (CLOUD);2024-07-07
2. Towards Shielding 5G Control Plane Functions;2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN);2024-06-24
3. SECRET-GWAS: Confidential Computing for Population-Scale GWAS;2024-04-28
4. Toward an SGX-Friendly Java Runtime;IEEE Transactions on Computers;2024-01
5. EnclaveVPN: Toward Optimized Utilization of Enclave Page Cache and Practical Performance of Data Plane for Security-Enhanced Cloud VPN;Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses;2023-10-16