A Tug-of-War Between Static and Dynamic Memory in Intel SGX

• Published in: VLSI design pp. 272 - 277
• Main Authors: Kumar, Sandeep, Panda, Abhisek, Nerlikar, Advait, Sarangi, Smruti R.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 04.01.2025
• Subjects: Codes; Cryptography; Dynamic scheduling; Embedded systems; Hardware; Memory management; Resource management; secure memory; SGX; Software; Very large scale integration; Virtual machine monitors
• ISSN: 2380-6923
• DOI: 10.1109/VLSID64188.2025.00060

Security of applications and data in a cloud setting has become a first-class design criterion. Hardware vendors have proposed trusted execution environments or TEEs where the hardware guarantees an application's data and code security both at rest and in-use, even from privileged entities such as operating systems and hypervisors. Software Guard eXtension, or SGX, is a popular, trusted execution environment or TEE solution from Intel. To ensure security guarantees, SGX provides secure sand-box environments called enclaves, which have encrypted physical memory. In the latest version of SGX, we start an enclave with a the specified amount of "static" memory specified by a developer. Subsequently, we add additional memory pages "dynamically" to an enclave depending on an application's memory usage. In this paper, we analyze the impact of the allocation and freeing of static and dynamic pages on an application's performance. We observe that inappropriately setting the static memory size may lead to a performance slowdown of up to 20x. We present Harmony - a profile-guided optimizer that measures the impact of dynamic memory management on an application's performance, and suggests a near-optimal distribution for static and dynamic memory pages. We show that Harmony improves the execution latency of an application by up to 68% and 29% when compared with the purely dynamic and purely static allocation schemes, respectively.