Faster enclave transitions for IO-intensive network applications
(2021)- Abstract
- Process-based confidential computing enclaves such as Intel SGX have been proposed for protecting the confidentiality and integrity of network applications, without the overhead of virtualization. However, these solutions introduce other types of overhead, particularly the cost transitioning in and out of an enclave context. This makes the use of enclaves impractical for running IO-intensive applications, such as network packet processing. We build on ear- lier approaches to improve the IO performance of workloads in Intel SGX enclaves and propose the HotCall-Bundler library that helps reduce the cost of individual single enclave transitions and the total number of enclave transitions in trusted applications running in Intel SGX enclaves.... (More)
- Process-based confidential computing enclaves such as Intel SGX have been proposed for protecting the confidentiality and integrity of network applications, without the overhead of virtualization. However, these solutions introduce other types of overhead, particularly the cost transitioning in and out of an enclave context. This makes the use of enclaves impractical for running IO-intensive applications, such as network packet processing. We build on ear- lier approaches to improve the IO performance of workloads in Intel SGX enclaves and propose the HotCall-Bundler library that helps reduce the cost of individual single enclave transitions and the total number of enclave transitions in trusted applications running in Intel SGX enclaves. We describe the implementation of the HotCall-Bundler library, evaluate its performance and demonstrate its practicality using the case study of Open vSwitch, a widely used software switch implementation. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/3597567f-663b-42ff-b0a7-91704a84eb0d
- author
- Svenningsson, Jakob ; Paladi, Nicolae LU and Vahidi, Arash
- organization
- publishing date
- 2021-08-16
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- in press
- subject
- host publication
- SPIN'21 : Proceedings of the Workshop on Secure Programmable Network Infrastructure - Proceedings of the Workshop on Secure Programmable Network Infrastructure
- publisher
- Association for Computing Machinery (ACM)
- external identifiers
-
- scopus:85117508284
- project
- Säkra mjukvaruuppdateringar för den smarta staden
- language
- English
- LU publication?
- yes
- id
- 3597567f-663b-42ff-b0a7-91704a84eb0d
- date added to LUP
- 2021-08-16 10:02:43
- date last changed
- 2022-04-27 03:09:32
@inproceedings{3597567f-663b-42ff-b0a7-91704a84eb0d, abstract = {{Process-based confidential computing enclaves such as Intel SGX have been proposed for protecting the confidentiality and integrity of network applications, without the overhead of virtualization. However, these solutions introduce other types of overhead, particularly the cost transitioning in and out of an enclave context. This makes the use of enclaves impractical for running IO-intensive applications, such as network packet processing. We build on ear- lier approaches to improve the IO performance of workloads in Intel SGX enclaves and propose the HotCall-Bundler library that helps reduce the cost of individual single enclave transitions and the total number of enclave transitions in trusted applications running in Intel SGX enclaves. We describe the implementation of the HotCall-Bundler library, evaluate its performance and demonstrate its practicality using the case study of Open vSwitch, a widely used software switch implementation.}}, author = {{Svenningsson, Jakob and Paladi, Nicolae and Vahidi, Arash}}, booktitle = {{SPIN'21 : Proceedings of the Workshop on Secure Programmable Network Infrastructure}}, language = {{eng}}, month = {{08}}, publisher = {{Association for Computing Machinery (ACM)}}, title = {{Faster enclave transitions for IO-intensive network applications}}, url = {{https://lup.lub.lu.se/search/files/101292126/SIGCOMM_SPIN.pdf}}, year = {{2021}}, }