The Performance Evaluation Model of Intel SGX-Based Data Protection

The hardware-level security protection method represented by SGX is the main trend of security guarantee for data processing of cloud tenants. However, different protection strategies have a great impact on the application performance of the tenants. How to make effective balance between the protection cost and the security enhancement has become the key problem in the decision of the data processing hardware security protection. Aiming at this problem, we will study an effective method to balance SGX application performance overhead and security enhancements, which is based on multi-objective optimization. Because there are many factors that cause performance losses in SGX applications, the performance of CPU intensive programs and concurrent programs is difficult to accurately estimate. We analyze the invisible relationship between performance factors and performance losses with deep learning theory, then we build a high precision SGX application performance loss estimation model which can adapt to different application scenarios.

[1]  Andrew P. Martin,et al.  Securing Application with Software Partitioning: A Case Study Using SGX , 2015, SecureComm.

[2]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[3]  M. Lakshmipathy,et al.  Application of Queuing Theory for Effective Equipment Utilization and Maximization of Productivity in Construction Management , 2016 .

[4]  Valerio Schiavoni,et al.  SecureCloud: Secure big data processing in untrusted clouds , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[5]  Chunxiao Xing,et al.  SGXKernel: A Library Operating System Optimized for Intel SGX , 2017, Conf. Computing Frontiers.

[6]  Minlan Yu,et al.  CherryPick: Adaptively Unearthing the Best Cloud Configurations for Big Data Analytics , 2017, NSDI.

[7]  Wee Keong Ng,et al.  Transparent Data Encryption for Data-in-Use and Data-at-Rest in a Cloud-Based Database-as-a-Service Solution , 2015, 2015 IEEE World Congress on Services.

[8]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[9]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[10]  Mona Vij,et al.  Intel SGX Enabled Key Manager Service with OpenStack Barbican , 2017, ArXiv.

[11]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.

[12]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[13]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[14]  David M. Eyers,et al.  Glamdring: Automatic Application Partitioning for Intel SGX , 2017, USENIX ATC.

[15]  Shweta Shinde,et al.  Preventing Page Faults from Telling Your Secrets , 2016, AsiaCCS.

[16]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[17]  Beng Chin Ooi,et al.  M2R: Enabling Stronger Privacy in MapReduce Computation , 2015, USENIX Security Symposium.

[18]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[19]  Carlos V. Rozas,et al.  Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave , 2016, HASP 2016.

[20]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[21]  Srinivas Devadas,et al.  Secure Processors Part I: Background, Taxonomy for Secure Enclaves and Intel SGX Architecture , 2017, Found. Trends Electron. Des. Autom..