[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

FastSGX: A Message-Passing Based Runtime for SGX

  • Conference paper
  • First Online:
Advanced Information Networking and Applications (AINA 2024)

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 202))

Abstract

Designing an efficient privacy-preserving application with Intel SGX is difficult. The problem comes from the prohibitive cost of switching the processor from the non-secure mode to the secure mode. To avoid this cost, we propose to design an SGX application as a distributed system with worker threads that communicate by exchanging messages. We implemented FastSGX, a runtime that exposes this programming model to the developer, and evaluated it with several data structures. Our evaluation with different workloads shows that the applications designed with FastSGX consistently outperform, and by up to 2.8x, the equivalent applications designed with the software development kit provided by Intel to use SGX.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 129.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 199.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Arnautov, S., et al.: SCONE: secure linux containers with intel SGX. In: 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16)

    Google Scholar 

  2. Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with haven. In: 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14), pp. 267–283, Broomfield, CO, October 2014. USENIX Association

    Google Scholar 

  3. Brenner, S., et al.: SecureKeeper: confidential zookeeper using intel SGX. In: Proceedings of the 17th International Middleware Conference, Middleware ’16, New York, NY, USA (2016). Association for Computing Machinery

    Google Scholar 

  4. Brumley, D., Song, D.: Privtrans: automatically partitioning programs for privilege separation. In: Proceedings of the 13th Conference on USENIX Security Symposium - vol. 13, SSYM’04, p. 5, USA (2004). USENIX Association

    Google Scholar 

  5. Chen, L., Li, J., Ma, R., Guan, H., Jacobsen, H.-A.: EnclaveCache: a secure and scalable key-value cache in multi-tenant clouds using intel SGX. In: Proceedings of the 20th International Middleware Conference, Middleware ’19, pp. 14–27, New York, NY, USA (2019). Association for Computing Machinery

    Google Scholar 

  6. Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptol. ePrint Arch. 2016, 86 (2016)

    Google Scholar 

  7. Decouchant, J., Kozhaya, D., Rahli, V., Yu, J.: DAMYSUS: streamlined BFT consensus leveraging trusted components. In: Proceedings of the Seventeenth European Conference on Computer Systems, EuroSys ’22, pp. 1–16, New York, NY, USA (2022). Association for Computing Machinery

    Google Scholar 

  8. Ghosn, A., Larus, J.R., Bugnion, E.: Secured routines: language-based construction of trusted execution environments. In: 2019 USENIX Annual Technical Conference (USENIX ATC 19), pp. 571–586, Renton, WA (2019). USENIX Association

    Google Scholar 

  9. Herlihy, M., Shavit, N.: The Art of Multiprocessor Programming, 1st edn. Revised Reprint. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA (2012)

    Google Scholar 

  10. Jiang, J., et al.: Uranus: simple, efficient SGX programming and its applications. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIACCS 2020), pp. 826–840, Taipei, Taiwan (2020)

    Google Scholar 

  11. Kim, T., Park, J., Woo, J., Jeon, S., Huh, J.: ShieldStore: shielded in-memory key-value storage with SGX. In: Proceedings of the Fourteenth EuroSys Conference 2019, EuroSys ’19, New York, NY, USA (2019). Association for Computing Machinery

    Google Scholar 

  12. Lind, J., et al.: Glamdring: automatic application partitioning for intel SGX. In: 2017 USENIX Annual Technical Conference (USENIX ATC 17), pp. 285–298, Santa Clara, CA (2017). USENIX Association

    Google Scholar 

  13. Liu, S., Tan, G., Jaeger, T.: PtrSplit: supporting general pointers in automatic program partitioning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS ’17, pp. 2359-2371, New York, NY, USA (2017). Association for Computing Machinery

    Google Scholar 

  14. Liu, Y., Zhou, T., Chen, K., Chen, H., Xia, Y.: Thwarting memory disclosure with efficient hypervisor-enforced intra-domain isolation. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, pp. 1607–1619, New York, NY, USA (2015). Association for Computing Machinery

    Google Scholar 

  15. Mambretti, A., et al.: Trellis: privilege separation for multi-user applications made easy. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 437–456. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45719-2_20

    Chapter  Google Scholar 

  16. Ménétrey, J., Pasin, M., Felber, P., Schiavoni, V.: Twine: an embedded trusted runtime for web assembly. In: 37th IEEE International Conference on Data Engineering, ICDE 2021, Chania, Greece, April 19-22, 2021, pp. 205–216. IEEE (2021)

    Google Scholar 

  17. Michael, M.M.: Hazard pointers: safe memory reclamation for lock-free objects. IEEE Trans. Parallel Distrib. Syst. 15(6), 491–504 (2004)

    Article  Google Scholar 

  18. Orenbach, M., Lifshits, P., Minkin, M., Silberstein, M.: Eleos: Exitless OS services for SGX enclaves. In: Proceedings of the Twelfth European Conference on Computer Systems, EuroSys ’17, pp. 238–253 (2017)

    Google Scholar 

  19. Priebe, C., et al.: SGX-LKL: securing the host OS interface for trusted execution. arXiv preprint arXiv:1908.11143 (2019)

  20. Rubinov, K., Rosculete, L., Mitra, T., Roychoudhury, A.: Automated partitioning of android applications for trusted execution environments. In: Proceedings of the 38th International Conference on Software Engineering, ICSE ’16, pp. 923–934, New York, NY, USA (2016). Association for Computing Machinery

    Google Scholar 

  21. Sartakov, V.A., Brenner, S., Ben Mokhtar, S., Bouchenak, S., Thomas, G., Kapitza, R.: Eactors: fast and flexible trusted computing using SGX. In: Proceedings of the 19th International Middleware Conference, Middleware ’18, pp. 187-200, New York, NY, USA (2018). Association for Computing Machinery

    Google Scholar 

  22. Schuster, F., et al.: VC3: trustworthy data analytics in the cloud using SGX. In: 2015 IEEE Symposium on Security and Privacy (SSP 15), pp. 38–54, San Jose, CA, USA. IEEE (2015)

    Google Scholar 

  23. Taassori, M., Shafiee, A., Balasubramonian, R.: Vault: reducing paging overheads in SGX with efficient integrity verification structures. In: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS ’18, pp. 665-678, New York, NY, USA (2018). Association for Computing Machinery

    Google Scholar 

  24. Tian, H., et al.: Switchless calls made practical in intel SGX. In: Proceedings of the 3rd Workshop on System Software for Trusted Execution, SysTEX ’18, pp. 22–27, New York, NY, USA (2018). Association for Computing Machinery

    Google Scholar 

  25. Tsai, C.-C., Porter, D.E., Vij, M.: Graphene-SGX: a practical library OS for unmodified applications on SGX. In: 2017 USENIX Annual Technical Conference (USENIX ATC 17), pp. 645–658 (2017)

    Google Scholar 

  26. Tsai, C.-C., Son, J., Jain, B., McAvey, J., Popa, R.A., Porter, D.E.: Civet: an efficient Java partitioning framework for hardware enclaves. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 505–522, Online August (2020). USENIX Association

    Google Scholar 

  27. Weichbrodt, N., Aublin, P.-L., Kapitza, R.: SGX-PERF: a performance analysis tool for intel SGX enclaves. In: Proceedings of the 19th International Middleware Conference, Middleware ’18, pp. 201–213, New York, NY, USA (2018). Association for Computing Machinery

    Google Scholar 

  28. Weisse, O., Bertacco, V., Austin, T.: Regaining lost cycles with HotCalls: a fast interface for SGX secure enclaves. In: Proceedings of the 44th Annual International Symposium on Computer Architecture, ISCA ’17, pp. 81–93, New York, NY, USA (2017). Association for Computing Machinery

    Google Scholar 

  29. Wu, Y., Sun, J., Liu, Y., Song Dong, J.: Automatically partition software into least privilege components using dynamic data dependency analysis. In: Proceedings of the 28th IEEE/ACM International Conference on Automated Software Engineering, ASE ’13, pp. 323–333. IEEE Press (2013)

    Google Scholar 

  30. Yuhala, P., Felber, P., Schiavoni, V., Tchana, A.: Plinius: secure and persistent machine learning model training. In: 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 52–62, Los Alamitos, CA, USA (2021). IEEE Computer Society

    Google Scholar 

  31. Yuhala, P., et al.: SecV: secure code partitioning via multi-language secure values. In: Proceedings of the 24nd International Middleware Conference, Middleware ’23. Association for Computing Machinery (2023)

    Google Scholar 

  32. Yuhala, P., et al.: Montsalvat: Intel SGX shielding for GraalVM native images. In: Proceedings of the 22nd International Middleware Conference, Middleware ’21, pp. 352–364, New York, NY, USA (2021). Association for Computing Machinery

    Google Scholar 

  33. Yuhala, P., Paper, M., Zerbib, T., Felber, P., Schiavoni, V., Tchana, A.: SGX switchless calls made configless. In: 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Network, DSN 2023, Porto, Portugal, June 27-30, 2023, pp. 229–238. IEEE (2023)

    Google Scholar 

  34. Yuhala, P., Paper, M., Zerbib, T., Felber, P., Schiavoni, V., Tchana, A.: SGX switchless calls made configless (PER). In: Proceedings of the International Conference on Dependable Systems and Networks, DSN’23. IEEE Computer Society (2023)

    Google Scholar 

  35. Zheng, W., Dave, A., Beekman, J.G., Popa, R.A., Gonzalez, J.E., Stoica, I.: Opaque: an oblivious and encrypted distributed analytics platform. In: 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI 17), pp. 283–298, Boston, MA, USA (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Telecom SudParis - IP, Paris, France

    Subashiny Tanigassalame, Yohan Pipereau, Adam Chader & Jana Toljaga

  2. Inria, Paris, France

    Gaël Thomas

Authors
  1. Subashiny Tanigassalame
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yohan Pipereau
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Adam Chader
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jana Toljaga
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Gaël Thomas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Subashiny Tanigassalame .

Editor information

Editors and Affiliations

  1. Department of Information and Communication Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tanigassalame, S., Pipereau, Y., Chader, A., Toljaga, J., Thomas, G. (2024). FastSGX: A Message-Passing Based Runtime for SGX. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2024. Lecture Notes on Data Engineering and Communications Technologies, vol 202. Springer, Cham. https://doi.org/10.1007/978-3-031-57916-5_7

Download citation

Publish with us

Policies and ethics

Search

Navigation