Faster enclave transitions for IO-intensive network applications

Jakob Svenningsson, Nicolae Paladi, Arash Vahidi

Forskningsoutput: Kapitel i bok/rapport/Conference proceedingKonferenspaper i proceedingPeer review

156 Nedladdningar (Pure)


Process-based confidential computing enclaves such as Intel SGX have been proposed for protecting the confidentiality and integrity of network applications, without the overhead of virtualization. However, these solutions introduce other types of overhead, particularly the cost transitioning in and out of an enclave context. This makes the use of enclaves impractical for running IO-intensive applications, such as network packet processing. We build on ear- lier approaches to improve the IO performance of workloads in Intel SGX enclaves and propose the HotCall-Bundler library that helps reduce the cost of individual single enclave transitions and the total number of enclave transitions in trusted applications running in Intel SGX enclaves. We describe the implementation of the HotCall-Bundler library, evaluate its performance and demonstrate its practicality using the case study of Open vSwitch, a widely used software switch implementation.
Titel på värdpublikationSPIN'21
Undertitel på värdpublikationProceedings of the Workshop on Secure Programmable Network Infrastructure
FörlagAssociation for Computing Machinery (ACM)
StatusAccepted/In press - 2021 aug. 16

Ämnesklassifikation (UKÄ)

  • Datavetenskap (datalogi)
  • Datorsystem


Utforska forskningsämnen för ”Faster enclave transitions for IO-intensive network applications”. Tillsammans bildar de ett unikt fingeravtryck.

Citera det här