Switchless Calls Made Practical in Intel SGX

Tian, Hongliang; Zhang, Qiong; Yan, Shoumeng; Rudnitsky, A. G.; Shacham, Liron; Yariv, Ron; Milshten, Noam

doi:10.1145/3268935.3268942

Cited by 44 publications

(14 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Switchless calls: A recent patch in Linux SGX SDK contains switchless calls [32], which reduces an enclave mode switch overhead during the enclave transition. The goal of switchless calls is to eliminate enclave switches from SGX applications by making ECALL and OCALL themselves switchless, which are functions used for entering/leaving SGX enclaves.…”

Section: Enclave Transition Interfacementioning

confidence: 99%

An Optimization Methodology for Adapting Legacy SGX Applications to Use Switchless Calls

Kim

2021

Applied Sciences

View full text Add to dashboard Cite

A recent innovation in the trusted execution environment (TEE) technologies enables the delegation of privacy-preserving computation to the cloud system. In particular, Intel SGX, an extension of x86 instruction set architecture (ISA), accelerates this trend by offering hardware-protected isolation with near-native performance. However, SGX inherently suffers from performance degradation depending on the workload characteristics due to the hardware restriction and design decisions that primarily concern the security guarantee. The system-level optimizations on SGX runtime and kernel module have been proposed to resolve this, but they cannot effectively reflect application-specific characteristics that largely impact the performance of legacy SGX applications. This work presents an optimization strategy to achieve application-level optimization by utilizing asynchronous switchless calls to reduce enclave transition, one of the dominant overheads of using SGX. Based on the systematic analysis, our methodology examines the performance benefit for each enclave transition wrapper and selectively applies switchless calls without modifying the legacy codebases. The evaluation shows that our optimization strategy successfully improves the end-to-end performance of our showcasing application, an SGX-enabled network middlebox.

show abstract

Section: Enclave Transition Interfacementioning

confidence: 99%

An Optimization Methodology for Adapting Legacy SGX Applications to Use Switchless Calls

Kim

2021

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…However, it needs changes to the kernel and the support of SGX aware libraries which we do not rely upon in our design. Tian et.al [32] proposes a worker based scheduling algorithm that adjusts the number of workers in response to the changing workloads. The analysis focuses only on the idleness of the CPU cores that are dedicated entirely for kernel code.…”

Section: Related Workmentioning

confidence: 99%

SecSched

Shafi

2020

Proceedings of the ACM International Conference on Parallel Architectures and Compilation Techniques

View full text Add to dashboard Cite

Trusted execution environments (TEEs) are an integral part of modern processors because security has become a very important concern. However, many such environments are bedeviled by the high cost of context switches, particularly when there is a switch from secure mode to non-secure mode owing primarily to cache pollution and TLB-flushing overheads. State-of-the-art implementations create a secure shared memory channel between a thread running in secure mode and a thread running in non-secure mode, which invokes system calls on its behalf. We argue that this is inefficient, and it is possible to reduce the overheads significantly by efficiently storing the context of secure threads and intelligent scheduling. In this paper, we propose a new scheduling algorithm SecSched that uses Cuckoo filters to capture the context of a thread. We schedule threads with similar contexts on the same core to leverage the effects of the locality. Our algorithm requires minimal hardware enhancements that are limited to maintaining a Cuckoo filter per core and a thread with the addition of few performance counters per thread to keep track of the miss counts. We show that with these minimal changes we can increase the performance of a suite of OS-intensive workloads by 27.6% with a minimal area overhead (around 0.04%). CCS CONCEPTS • Security and privacy → Security in hardware; Systems security; • Software and its engineering → Scheduling.

show abstract

“…Several studies [25,31,68] identified costly EPC paging and enclave transitions as major SGX performance bottlenecks. While solutions exist to mitigate this issue (e.g., Switchless [63], HotCalls [44]), performing a context switch from the inside to the outside of enclaves still introduces a significant overhead since the hardware needs to prevent the context switch from revealing any sensitive data stored inside enclaves.…”

Section: Introductionmentioning

confidence: 99%