Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

SGX-Bundler: speeding up enclave transitions for IO-intensive applications

Svenningsson, Jakob ; Paladi, Nicolae LU orcid and Vahidi, Arash (2022) The 22nd IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing p.269-278
Abstract
Process-based confidential computing enclaves such as Intel SGX can be used to protect the confidentiality and integrity of workloads, without the overhead of virtualisation. However, they introduce a notable performance overhead, especially when it comes to transitions in and out of the enclave context. Such overhead makes the use of enclaves impractical for running IO-intensive applications, such as network packet processing or biological sequence analysis. We build on earlier approaches to improve the IO performance of work-loads in Intel SGX enclaves and propose the SGX-Bundler library, which helps reduce the cost of both individual single enclave transitions well as of the total number of enclave transitions in trusted applications... (More)
Process-based confidential computing enclaves such as Intel SGX can be used to protect the confidentiality and integrity of workloads, without the overhead of virtualisation. However, they introduce a notable performance overhead, especially when it comes to transitions in and out of the enclave context. Such overhead makes the use of enclaves impractical for running IO-intensive applications, such as network packet processing or biological sequence analysis. We build on earlier approaches to improve the IO performance of work-loads in Intel SGX enclaves and propose the SGX-Bundler library, which helps reduce the cost of both individual single enclave transitions well as of the total number of enclave transitions in trusted applications running in Intel SGX enclaves. We describe the implementation of the SGX-Bundler library, evaluate its performance and demonstrate its practicality using the case study of Open vSwitch, a widely used software switch implementation. (Less)
Please use this url to cite or link to this publication:
author
; and
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
keywords
SGX, Hardware security, Open vSwitch, performance optimization
host publication
Proceedings of the 22nd IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing : CCGrid 2022 - CCGrid 2022
pages
269 - 278
publisher
IEEE - Institute of Electrical and Electronics Engineers Inc.
conference name
The 22nd IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing
conference location
Taorina
conference dates
2022-05-16 - 2022-05-19
external identifiers
  • scopus:85135761247
ISBN
978-166549956-9
DOI
10.1109/CCGrid54584.2022.00036
project
Säkra mjukvaruuppdateringar för den smarta staden
language
English
LU publication?
yes
id
fc99efc7-a35f-43a4-807a-0a02e93b6f95
date added to LUP
2022-04-12 12:24:31
date last changed
2022-09-12 12:26:17
@inproceedings{fc99efc7-a35f-43a4-807a-0a02e93b6f95,
  abstract     = {{Process-based confidential computing enclaves such as Intel SGX can be used to protect the confidentiality and integrity of workloads, without the overhead of virtualisation. However, they introduce a notable performance overhead, especially when it comes to transitions in and out of the enclave context. Such overhead makes the use of enclaves impractical for running IO-intensive applications, such as network packet processing or biological sequence analysis. We build on earlier approaches to improve the IO performance of work-loads in Intel SGX enclaves and propose the SGX-Bundler library, which helps reduce the cost of both individual single enclave transitions well as of the total number of enclave transitions in trusted applications running in Intel SGX enclaves. We describe the implementation of the SGX-Bundler library, evaluate its performance and demonstrate its practicality using the case study of Open vSwitch, a widely used software switch implementation.}},
  author       = {{Svenningsson, Jakob and Paladi, Nicolae and Vahidi, Arash}},
  booktitle    = {{Proceedings of the 22nd IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing : CCGrid 2022}},
  isbn         = {{978-166549956-9}},
  keywords     = {{SGX; Hardware security; Open vSwitch; performance optimization}},
  language     = {{eng}},
  month        = {{04}},
  pages        = {{269--278}},
  publisher    = {{IEEE - Institute of Electrical and Electronics Engineers Inc.}},
  title        = {{SGX-Bundler: speeding up enclave transitions for IO-intensive applications}},
  url          = {{https://lup.lub.lu.se/search/files/116661880/CCGrid_2022_paper_180_3_.pdf}},
  doi          = {{10.1109/CCGrid54584.2022.00036}},
  year         = {{2022}},
}