A Tug-of-War Between Static and Dynamic Memory in Intel SGX
Security of applications and data in a cloud setting has become a first-class design criterion. Hardware vendors have proposed trusted execution environments or TEEs where the hardware guarantees an application's data and code security both at rest and in-use, even from privileged entities such...
Saved in:
| Published in | VLSI design pp. 272 - 277 |
|---|---|
| Main Authors | , , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
04.01.2025
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Security of applications and data in a cloud setting has become a first-class design criterion. Hardware vendors have proposed trusted execution environments or TEEs where the hardware guarantees an application's data and code security both at rest and in-use, even from privileged entities such as operating systems and hypervisors. Software Guard eXtension, or SGX, is a popular, trusted execution environment or TEE solution from Intel. To ensure security guarantees, SGX provides secure sand-box environments called enclaves, which have encrypted physical memory. In the latest version of SGX, we start an enclave with a the specified amount of "static" memory specified by a developer. Subsequently, we add additional memory pages "dynamically" to an enclave depending on an application's memory usage. In this paper, we analyze the impact of the allocation and freeing of static and dynamic pages on an application's performance. We observe that inappropriately setting the static memory size may lead to a performance slowdown of up to 20x. We present Harmony - a profile-guided optimizer that measures the impact of dynamic memory management on an application's performance, and suggests a near-optimal distribution for static and dynamic memory pages. We show that Harmony improves the execution latency of an application by up to 68% and 29% when compared with the purely dynamic and purely static allocation schemes, respectively. |
|---|---|
| AbstractList | Security of applications and data in a cloud setting has become a first-class design criterion. Hardware vendors have proposed trusted execution environments or TEEs where the hardware guarantees an application's data and code security both at rest and in-use, even from privileged entities such as operating systems and hypervisors. Software Guard eXtension, or SGX, is a popular, trusted execution environment or TEE solution from Intel. To ensure security guarantees, SGX provides secure sand-box environments called enclaves, which have encrypted physical memory. In the latest version of SGX, we start an enclave with a the specified amount of "static" memory specified by a developer. Subsequently, we add additional memory pages "dynamically" to an enclave depending on an application's memory usage. In this paper, we analyze the impact of the allocation and freeing of static and dynamic pages on an application's performance. We observe that inappropriately setting the static memory size may lead to a performance slowdown of up to 20x. We present Harmony - a profile-guided optimizer that measures the impact of dynamic memory management on an application's performance, and suggests a near-optimal distribution for static and dynamic memory pages. We show that Harmony improves the execution latency of an application by up to 68% and 29% when compared with the purely dynamic and purely static allocation schemes, respectively. |
| Author | Kumar, Sandeep Sarangi, Smruti R. Nerlikar, Advait Panda, Abhisek |
| Author_xml | – sequence: 1 givenname: Sandeep surname: Kumar fullname: Kumar, Sandeep email: sandeep.kumar@sit.iitd.ac.in organization: School of Information Technology, IIT Delhi,Delhi,India – sequence: 2 givenname: Abhisek surname: Panda fullname: Panda, Abhisek email: abhisek.panda@cse.iitd.ac.in organization: Computer Science and Engineering, IIT Delhi,Delhi,India – sequence: 3 givenname: Advait surname: Nerlikar fullname: Nerlikar, Advait email: f20180282@goa.bits-pilani.ac.in organization: Electrical and Electronics Engineering, BITS Pilani,Goa,India – sequence: 4 givenname: Smruti R. surname: Sarangi fullname: Sarangi, Smruti R. email: srsarangi@cse.iitd.ac.in organization: Computer Science and Engineering, IIT Delhi,Delhi,India |
| BookMark | eNotj81Kw0AURkdRsK19A4V5gYl37kwmM7iqrdZCxUXqz67cpjcSaSeSRCRvb0BX51scPjhjcRbryEJca0i0hnDzus5XC2e19wkCpgkAODgR05AFb4xOEa1NT8UIjQflApoLMW7bz0HzKWQjcTuTm-8PVZfqjRp5x90Pc5R5R11VSIp7uegjHYf9xMe66WUV5Sp2fJD58v1SnJd0aHn6z4l4ebjfzB_V-nm5ms_WqtLgOrW34IwNWUZYAhTEPhj0mm3pCcrCEWLwWBDZXYZM2hneMQO6YHZcIJiJuPr7rZh5-9VUR2r67VA_tKZofgEMWkit |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/VLSID64188.2025.00060 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISBN | 9798331522445 |
| EISSN | 2380-6923 |
| EndPage | 277 |
| ExternalDocumentID | 10900652 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IH 6IK 6IL 6IN AAJGR AAWTH ABLEC ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI M43 OCL RIE RIL RNS |
| ID | FETCH-LOGICAL-i106t-d40634977a2f00cae893281e4f8a0fc6a22982caa4b72ea163ebee02693bec203 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 01:48:58 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i106t-d40634977a2f00cae893281e4f8a0fc6a22982caa4b72ea163ebee02693bec203 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_10900652 |
| PublicationCentury | 2000 |
| PublicationDate | 2025-Jan.-4 |
| PublicationDateYYYYMMDD | 2025-01-04 |
| PublicationDate_xml | – month: 01 year: 2025 text: 2025-Jan.-4 day: 04 |
| PublicationDecade | 2020 |
| PublicationTitle | VLSI design |
| PublicationTitleAbbrev | VLSID |
| PublicationYear | 2025 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0008507 |
| Score | 2.279118 |
| Snippet | Security of applications and data in a cloud setting has become a first-class design criterion. Hardware vendors have proposed trusted execution environments... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 272 |
| SubjectTerms | Codes Cryptography Dynamic scheduling Embedded systems Hardware Memory management Resource management secure memory SGX Software Very large scale integration Virtual machine monitors |
| Title | A Tug-of-War Between Static and Dynamic Memory in Intel SGX |
| URI | https://ieeexplore.ieee.org/document/10900652 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1NS8NAEF20J734VfGbPXjddrPZpAme1Fqr2CK01d7KfkoQEinJQX-9s5u2FkHwFpZAwg7sezP73gxClzHXkaAyJVRQS7iNJEm57RCtg9BGQjLhxZiDYdyf8MdpNF2Y1b0XxhjjxWem5R79Xb4uVOVKZW0nIgTIhBN3EzK32qy1OnYTYDYLiw681355Gj10Yx4kTr_FXOGEujaUayNUPIL0dtBw-e1aOPLeqkrZUl-_2jL---d2UfPHrIefVzC0hzZMvo-21_oMHqCrazyu3khhyauY45tamoUdz8wUFrnG3XouPR443e0nznLs7SV4dD9toknvbnzbJ4upCSSD9K4kGiA65EDrBLOUKmGAkbAkMNwmEA4VC8bShCkhuOwwI4CPQRwNpGJpCPFkNDxEjbzIzRHCkL4y2QnT2IaGKx1IpgIpozSRVmij9DFqun2YfdSNMWbLLTj5Y_0UbblY-AoGP0ONcl6Zc8D0Ul74WH4Dt7Sf4w |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwzV1LTwIxEJ74OKgXXxjf9qDH4m63u-zGeFARQcGYiMoN-zTEuBiEGPwv_hV_m9MF0Zh4JPHW7KHpTJv9vpl-MwXYjbgOhScT6gnPUm5DSRNuC1RrP7ChkExkYszaZVS-4eeNsDEB76NaGGNMJj4zeTfM7vJ1W_VcqmzfiQgRMtlQQ3lh-q8Yob0cVoq4nXuMlU7rJ2U6fESAtjDa6VKNiBVwZDmCWc9TwiBAs9g33Ma4OhUJxpKYKSG4LDAjkJ6gWQYjkyRA85gX4LyTMI1EI2SD8rDRjz5GLjUsCsKV7d9WryvFiPuxU4wxl6rxXOPLH4-2ZJhVmoePL2sHUpXHfK8r8-rtVyPIf-uOBch9lyOSqxHQLsKESZdg7kcnxWU4OCL13gNtW3onOuR4ID4jjkm3FBGpJsV-Kp5wXHPK4j5ppSQroCHXZ40c3IzFhhWYStupWQWCATqThSCJbGC40r5kypcyTGJphTZKr0HO-b35PGj90fxy-fof33dgplyvVZvVyuXFBsy6c5Dla_gmTHU7PbOFDKYrt7NzROB-3Dv1Ccct_WU |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=VLSI+design&rft.atitle=A+Tug-of-War+Between+Static+and+Dynamic+Memory+in+Intel+SGX&rft.au=Kumar%2C+Sandeep&rft.au=Panda%2C+Abhisek&rft.au=Nerlikar%2C+Advait&rft.au=Sarangi%2C+Smruti+R.&rft.date=2025-01-04&rft.pub=IEEE&rft.eissn=2380-6923&rft.spage=272&rft.epage=277&rft_id=info:doi/10.1109%2FVLSID64188.2025.00060&rft.externalDocID=10900652 |