SGX-Bundler: speeding up enclave transitions for IO-intensive applications

Jakob Svenningsson, Nicolae Paladi, Arash Vahidi

Research output: Chapter in Book/Report/Conference proceedingPaper in conference proceedingpeer-review

252 Downloads (Pure)

Abstract

Process-based confidential computing enclaves such as Intel SGX can be used to protect the confidentiality and integrity of workloads, without the overhead of virtualisation. However, they introduce a notable performance overhead, especially when it comes to transitions in and out of the enclave context. Such overhead makes the use of enclaves impractical for running IO-intensive applications, such as network packet processing or biological sequence analysis. We build on earlier approaches to improve the IO performance of work-loads in Intel SGX enclaves and propose the SGX-Bundler library, which helps reduce the cost of both individual single enclave transitions well as of the total number of enclave transitions in trusted applications running in Intel SGX enclaves. We describe the implementation of the SGX-Bundler library, evaluate its performance and demonstrate its practicality using the case study of Open vSwitch, a widely used software switch implementation.
Original languageEnglish
Title of host publicationProceedings of the 22nd IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing
Subtitle of host publicationCCGrid 2022
PublisherIEEE - Institute of Electrical and Electronics Engineers Inc.
Pages269-278
ISBN (Electronic)978-166549956-9
DOIs
Publication statusPublished - 2022
EventThe 22nd IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing - Italy, Taorina
Duration: 2022 May 162022 May 19
Conference number: 22
https://fcrlab.unime.it/ccgrid22/

Conference

ConferenceThe 22nd IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing
Abbreviated titleCCGrid
CityTaorina
Period2022/05/162022/05/19
Internet address

Subject classification (UKÄ)

  • Computer Science
  • Computer Systems

Free keywords

  • SGX
  • Hardware security
  • Open vSwitch
  • performance optimization

Fingerprint

Dive into the research topics of 'SGX-Bundler: speeding up enclave transitions for IO-intensive applications'. Together they form a unique fingerprint.

Cite this