Everything You Should Know About Intel SGX Performance on Virtualized Systems

Intel SGX has attracted much attention from academia and is already powering commercial applications. Cloud providers have also started implementing SGX in their cloud offerings. Research efforts on Intel SGX so far have mainly focused on its security and programmability aspects. However, no work has studied in detail the performance degradation caused by SGX in virtualized systems. Such settings are particularly important, considering that virtualization is the de facto building block of cloud infrastructure, yet often comes with a performance impact. This paper presents the first detailed performance analysis of Intel SGX in a virtualized system compareed against bare-metal.Based on our findings, we identify several optimization strategies that would result in performance improvements of Intel SGX on such systems.

[1]  Yuan Xiao,et al.  SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[2]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[3]  Anne Marsden,et al.  International Organization for Standardization , 2014 .

[4]  Rüdiger Kapitza,et al.  AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves , 2016, ESORICS.

[5]  David Grawrock,et al.  Dynamics of a trusted platform: a building block approach , 2009 .

[6]  Rebekah Leslie-Hurd,et al.  Intel® Software Guard Extensions (Intel® SGX) Software Support for Dynamic Memory Allocation inside an Enclave , 2016, HASP@ISCA.

[7]  Christof Fetzer,et al.  SecureKeeper: Confidential ZooKeeper using Intel SGX , 2016, Middleware.

[8]  Maria Kihl,et al.  Performance Overhead Comparison between Hypervisor and Container Based Virtualization , 2017, 2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA).

[9]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[10]  Edward W. Felten,et al.  Understanding Trusted Computing: Will Its Benefits Outweigh Its Drawbacks? , 2003, IEEE Secur. Priv..

[11]  Mona Vij,et al.  Intel® Software Guard Extensions (Intel® SGX) Architecture for Oversubscription of Secure Memory in a Virtualized Environment , 2017, HASP@ISCA.

[12]  Todd M. Austin,et al.  Regaining lost cycles with HotCalls: A fast interface for SGX secure enclaves , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[13]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[14]  Evan R. Sparks A Security Assessment of Trusted Platform Modules Computer Science Technical Report TR2007-597 , 2007 .

[15]  Nick Knupffer Intel Corporation , 2018, The Grants Register 2019.

[16]  Shay Gueron,et al.  Memory Encryption for General-Purpose Processors , 2016, IEEE Security & Privacy.

[17]  Christof Fetzer,et al.  Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks , 2018, USENIX ATC.

[18]  Michael M. Swift,et al.  Agile Paging: Exceeding the Best of Nested and Shadow Paging , 2016, 2016 ACM/IEEE 43rd Annual International Symposium on Computer Architecture (ISCA).

[19]  Christof Fetzer,et al.  TaLoS : Secure and Transparent TLS Termination inside SGX Enclaves , 2017 .

[20]  Srilatha Manne,et al.  Accelerating two-dimensional page walks for virtualized systems , 2008, ASPLOS.