Venue | Category |
---|---|
Middleware'18 | SGX performance |
sgx-perf: A Performance Analysis Tool for Intel SGX Enclaves1. SummaryMotivation of this paperSGX-PerfImplementation and Evaluation2. Strength (Contributions of the paper)3. Weakness (Limitations of the paper)4. Some Insights (Future work)
Motivation
understanding the performance implications of SGX and the offered programming support is still in its infancy.
SGX architecture
Trusted Runtime System (TRST) and Untrusted Runtime System (URTS) handle the enclave transitions and call dispatching.
Enclave performance considerations
enclave transitions: 8,600 and 14,000 cycles
in-enclave synchronization
as sleeping is not possible inside enclave,
enclave paging
SGX problems and solutions
The overhead of using enclaves
Reducing the number of enclave transitions should be prioritized.
Design trade-offs
sgx-perf design
tracing ecalls and ocalls: change the symbols of wrapper codes.
Evaluation
Key question:
what is the overhead of running an application with sgx-perf?
can sgx-perf detect optimization opportunities in systems that use Intel SGX?
evaluation application
TaLos: crypto library
SecureKeeper: a key-value store
SQLite
LibreSSL partitioned with Glamdring
perform fine-grained profiling of performance critical events in enclave also provide recommendations on how to improve enclave performance
asynchronous calls extended memory management support
public ecall: can always be called private ecall: can only be called during an ocall
the attacker may change the control path of the execution of the program and gain access to enclave secrets.