Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

Faster enclave transitions for IO-intensive network applications

Svenningsson, Jakob ; Paladi, Nicolae LU orcid and Vahidi, Arash (2021)
Abstract
Process-based confidential computing enclaves such as Intel SGX have been proposed for protecting the confidentiality and integrity of network applications, without the overhead of virtualization. However, these solutions introduce other types of overhead, particularly the cost transitioning in and out of an enclave context. This makes the use of enclaves impractical for running IO-intensive applications, such as network packet processing. We build on ear- lier approaches to improve the IO performance of workloads in Intel SGX enclaves and propose the HotCall-Bundler library that helps reduce the cost of individual single enclave transitions and the total number of enclave transitions in trusted applications running in Intel SGX enclaves.... (More)
Process-based confidential computing enclaves such as Intel SGX have been proposed for protecting the confidentiality and integrity of network applications, without the overhead of virtualization. However, these solutions introduce other types of overhead, particularly the cost transitioning in and out of an enclave context. This makes the use of enclaves impractical for running IO-intensive applications, such as network packet processing. We build on ear- lier approaches to improve the IO performance of workloads in Intel SGX enclaves and propose the HotCall-Bundler library that helps reduce the cost of individual single enclave transitions and the total number of enclave transitions in trusted applications running in Intel SGX enclaves. We describe the implementation of the HotCall-Bundler library, evaluate its performance and demonstrate its practicality using the case study of Open vSwitch, a widely used software switch implementation. (Less)
Please use this url to cite or link to this publication:
author
; and
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
in press
subject
host publication
SPIN'21 : Proceedings of the Workshop on Secure Programmable Network Infrastructure - Proceedings of the Workshop on Secure Programmable Network Infrastructure
publisher
Association for Computing Machinery (ACM)
external identifiers
  • scopus:85117508284
project
Säkra mjukvaruuppdateringar för den smarta staden
language
English
LU publication?
yes
id
3597567f-663b-42ff-b0a7-91704a84eb0d
date added to LUP
2021-08-16 10:02:43
date last changed
2022-04-27 03:09:32
@inproceedings{3597567f-663b-42ff-b0a7-91704a84eb0d,
  abstract     = {{Process-based confidential computing enclaves such as Intel SGX have been proposed for protecting the confidentiality and integrity of network applications, without the overhead of virtualization. However, these solutions introduce other types of overhead, particularly the cost transitioning in and out of an enclave context. This makes the use of enclaves impractical for running IO-intensive applications, such as network packet processing. We build on ear- lier approaches to improve the IO performance of workloads in Intel SGX enclaves and propose the HotCall-Bundler library that helps reduce the cost of individual single enclave transitions and the total number of enclave transitions in trusted applications running in Intel SGX enclaves. We describe the implementation of the HotCall-Bundler library, evaluate its performance and demonstrate its practicality using the case study of Open vSwitch, a widely used software switch implementation.}},
  author       = {{Svenningsson, Jakob and Paladi, Nicolae and Vahidi, Arash}},
  booktitle    = {{SPIN'21 : Proceedings of the Workshop on Secure Programmable Network Infrastructure}},
  language     = {{eng}},
  month        = {{08}},
  publisher    = {{Association for Computing Machinery (ACM)}},
  title        = {{Faster enclave transitions for IO-intensive network applications}},
  url          = {{https://lup.lub.lu.se/search/files/101292126/SIGCOMM_SPIN.pdf}},
  year         = {{2021}},
}