Eleos increased I/O and memory intensive SGX program execution performance with In-enclave system calls and user-managed virtual memory.

Why

  • Running I/O-intensive, memory-demanding server applications in en-claves leads to significant performance degradation.
  • Main reason for the application slowdown with SGX is substantial load on the in-enclave system call and secure paging mechanisms.
  • Other reason for slowdown:
    • Thousands-of-cycles long SGX management instructions.
    • Enclave exits cost too high due to associated TLB flushes and processor state pollution.

How

  • Reduced cache pollution due to system calls -> Limiting the LLC space available to the RPC thread using the Cache Allocation Technology.
  • Application-managed paging -> User-level library SUVM: per-enclave page table and page cache in EPC along with a secure backing store in host memory.
  • Low-overhead software address translation -> Memory accesses via spointers resolve to the SUVM page cache or trigger a software page fault to a page in evicted pages.
  • Graceful handling of multiple enclaves -> All enclaves share the same PRM, so SUVM coordinates the size of its page cache with the SGX driver to avoid thrashing when new enclave invocation.
  • Optimized eviction and memory access policies -> Exposing SUVM management to the application.
    • preventing write back of clean pages to the backing store.
    • providing direct access to the backing store at sub-page granularity.

What

Eleos enabling exit-less system calls and exit-less paging in enclaves to tackle performance issues in SGX applications.

Some Details

  • Analyze the operational overhead of the various components of the system before system design
  • Evaluate end-to-end by two real server applications: memcached and face verification (Modify origin code).
  • Evaluate the RPC and SUVM mechanisms on several microbenchmarks (Cost in different usage scenarios).

Note: Eleos: ExitLess OS Services for SGX Enclaves的更多相关文章

  1. Note: PANOPLY: Low-TCB Linux Applications with SGX Enclaves

    PANOPLY provides middleware for SGX and Linux operating systems. What PANOPLY provides middleware fo ...

  2. Note: EnclaveDB: A Secure Database using SGX

    EnclaveDB uses SGX security properties to secure database operations. Why The cloud database is cont ...

  3. Note: ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution

    ENDBOX enable secure networking by client-Side trusted execution. What ENDBOX is a scalable middlebo ...

  4. [EXP]Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)

    ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://gith ...

  5. MPU/SoC/Application Processor/Embedded OS

    Everything has its principles and mechanisms which are designed by its creator and followed by its u ...

  6. 10.python内置模块之os模块

    os模块的作用:os 模块提供了非常丰富的方法用来处理文件和目录(管理和维护目录以及文件). os.path模块的作用:主要用于获取文件的属性(管理路径的(物理地址)). 小生总结了一些平时常用到的属 ...

  7. oracle_hc.sql

    select event,count(1) from gv$session group by event order by 2;exec dbms_workload_repository.create ...

  8. [转]The NTLM Authentication Protocol and Security Support Provider

    本文转自:http://davenport.sourceforge.net/ntlm.html#ntlmHttpAuthentication The NTLM Authentication Proto ...

  9. at91 uart driver for vxworks

    /* at91UART.c - AT91RM9200 serial driver */ /* Copyright 2003-2004 Coordinate Co., Ltd. */ /* Copyri ...

随机推荐

  1. java读取pdf文档

    import java.io.*;import org.pdfbox.pdmodel.PDDocument;import org.pdfbox.pdfparser.PDFParser;import o ...

  2. ajax经典案例--省市联动

    ajax的省市联动案例 如果我们的代码比较复杂,可以通过file_put_contents来输出信息到某个日志. 在一个元素中添加另一个元素使用的方法是:appendChild(). 函数append ...

  3. django1.8.3搭建博客——1

    系统:elementary os python 2.7.6 django 1.8.3 1.安装django 先安装pip   sudo apt-get install python3-pip 安装dj ...

  4. C++(二)— STL容器的基本用法

    1.vector基本操作 关于vector简单的讲就是一个动态增长的数组,里面有一个指针指向一片连续的内存空间,当空间装不下的时候会自动申请一片更大的空间(空间配置器)将原来的数据拷贝到新的空间,然后 ...

  5. PL/SQL学习笔记_02_游标

    在 PL/SQL 程序中,对于处理多行记录的事务经常使用游标来实现. 为了处理 SQL 语句, ORACLE 必须分配一片叫上下文( context area )的区域来处理所必需的信息,其中包括要处 ...

  6. bzoj1059ZJOI2017矩阵游戏

    小Q是一个非常聪明的孩子,除了国际象棋,他还很喜欢玩一个电脑益智游戏——矩阵游戏.矩阵游戏在一个N *N黑白方阵进行(如同国际象棋一般,只是颜色是随意的).每次可以对该矩阵进行两种操作:行交换操作:选 ...

  7. C++ STL, next_permutation用法。

    next_permutation 将按字母表顺序生成给定序列的下一个较大的序列,直到整个序列为 #include"iostream" #include"algorithm ...

  8. APIO2017 游记

    参加了APIO的同学肯定知道我为什么只写标题不写内容. QAQ

  9. 51nod 1486 大大走格子——容斥

    题目:http://www.51nod.com/onlineJudge/questionCode.html#!problemId=1486 已知起点到某个障碍点左上角的所有点的不经过障碍的方案数,枚举 ...

  10. DSP基础

    CCS V5的使用 CCS安装与设置