Eleos: Exit-Less OS Services for SGX Enclaves Meni Orenbach Marina Minkin Pavel Lifshits Mark Silberstein Accelerated Computing Systems Lab Haifa, Israel
What do we do? Improve performance: I/O intensive & memory demanding SGX enclaves Why? Cost of SGX execution for these applications is high How? In-enclave System Calls & User Managed Virtual Memory Results Eleos vs vanilla SGX 2x Throughput: memcached & face verification servers Even for 5x available enclave memory Available for Linux, Windows* (*) Without Eleos, these applications crash in Windows enclaves 22 May@Systor' 2017 Meni Orenbach, Technion 2
● Background ● Motivation ● Overhead analysis ● Eleos design ● Evaluation 22 May@Systor' 2017 Meni Orenbach, Technion 3
SGX enclaves are already here! ● Secured execution environment ● Reversed sandbox Application Enclave Enclave ● Small TCB ● Private code & data – Confidentiality Operating system – Integrity – Freshness ● Only CPU is trusted 22 May@Systor' 2017 Meni Orenbach, Technion 4
SGX enclaves are already here! ● Secured execution environment ● Reversed sandbox Application Enclave Enclave ● Small TCB ● Private code & data – Confidentiality Operating system – Integrity – Freshness ● Only CPU is trusted 22 May@Systor' 2017 Meni Orenbach, Technion 5
SGX enclaves are already here! ● Secured execution environment ● Reversed sandbox Application Enclave Enclave ● Small TCB ● Private code & data – Confidentiality Operating system – Integrity – Freshness ● Only CPU is trusted 22 May@Systor' 2017 Meni Orenbach, Technion 6
SGX enclaves are already here! ● Secured execution environment ● Reversed sandbox Application Enclave Enclave ● Small TCB ● Private code & data – Confidentiality Operating system – Integrity – Freshness ● Only CPU is trusted 22 May@Systor' 2017 Meni Orenbach, Technion 7
SGX enclaves are already here! ● Secured execution environment ● Reversed sandbox Application Enclave Enclave ● Small TCB ● Private code & data – Confidentiality Operating system – Integrity – Freshness ● Only CPU is trusted 22 May@Systor' 2017 Meni Orenbach, Technion 8
SGX enclaves are already here! ● Secured execution environment ● Reversed sandbox Application Enclave Enclave ● Small TCB ● Private code & data – Confidentiality Operating system – Integrity – Freshness ● Only CPU is trusted Lets look at How to secure server applications with enclaves 22 May@Systor' 2017 Meni Orenbach, Technion 9
Background: Lifetime of a secured server Untrusted (Host & OS) Trusted (Enclave) 22 May@Systor' 2017 Meni Orenbach, Technion 10
Background: Lifetime of a secured server Untrusted (Host & OS) Trusted (Enclave) Untrusted memory Unsecured access 22 May@Systor' 2017 Meni Orenbach, Technion 11
Background: Lifetime of a secured server Untrusted (Host & OS) Trusted (Enclave) Untrusted memory Unsecured access Dedicated SGX mem Limited to: 128 MB Secured access 22 May@Systor' 2017 Meni Orenbach, Technion 12
Background: Lifetime of a secured server Untrusted (Host & OS) Trusted (Enclave) Host Wait for network app requests 22 May@Systor' 2017 Meni Orenbach, Technion 13
Background: Lifetime of a secured server Untrusted (Host & OS) Trusted (Enclave) Host Wait for network app requests 22 May@Systor' 2017 Meni Orenbach, Technion 14
Background: Lifetime of a secured server Untrusted (Host & OS) Trusted (Enclave) Host Enter Wait for network app enclave Decrypt requests requests 22 May@Systor' 2017 Meni Orenbach, Technion 15
Background: Lifetime of a secured server Untrusted (Host & OS) Trusted (Enclave) Host Enter Wait for network app enclave Decrypt requests requests Process requests 22 May@Systor' 2017 Meni Orenbach, Technion 16
Background: Lifetime of a secured server Untrusted (Host & OS) Trusted (Enclave) Host Enter Wait for network app enclave Decrypt requests requests Process requests Encrypt responses 22 May@Systor' 2017 Meni Orenbach, Technion 17
Background: Lifetime of a secured server Untrusted (Host & OS) Trusted (Enclave) Host Enter Wait for network app enclave Decrypt requests requests Process requests Exit enclave Encrypt responses Send responses 22 May@Systor' 2017 Meni Orenbach, Technion 18
SGX enclaves should be fast ● ISA extensions ● Implemented in HW & Firmware ● Same CPU HW ● In-cache execution suffers no overheads 22 May@Systor' 2017 Meni Orenbach, Technion 19
SGX enclaves should be fast ● ISA extensions ● Implemented in HW & Firmware ● Same CPU HW ● In-cache execution suffers no overheads However... 22 May@Systor' 2017 Meni Orenbach, Technion 20
Executing a Key-Value Store in enclave is slower 22 May@Systor' 2017 Meni Orenbach, Technion 21
Executing a Key-Value Store in enclave is slower Throughput: Slowdown factor 40 35 34X 30 25 20 15 11X 10 5 0 64 MB 512 MB 22 May@Systor' 2017 Meni Orenbach, Technion 22 Memory footprint
Executing a Key-Value Store in enclave is slower Throughput: Slowdown factor 40 35 34X Crashes 30 in Windows 25 20 15 11X 10 5 0 64 MB 512 MB 22 May@Systor' 2017 Meni Orenbach, Technion 23 Memory footprint
● Background ● Motivation ● Overhead analysis ● Eleos design ● Evaluation 22 May@Systor' 2017 Meni Orenbach, Technion 24
Overhead analysis Untrusted (Host & OS) Trusted (Enclave) Host Enter app enclave Wait for network Decrypt requests requests 150 cycles/32B Process requests *100 cycles/32B Exit enclave Encrypt responses Send responses *150 cycles/32B 22 May@Systor' 2017 Meni Orenbach, Technion 25
Overhead analysis Untrusted (Host & OS) Trusted (Enclave) Host Host Enter Enter app app enclave enclave Wait for network Decrypt requests ~3,300 requests 150 cycles/32B cycles Process requests *100 cycles/32B Exit Exit enclave enclave Encrypt responses Send responses *150 cycles/32B 22 May@Systor' 2017 Meni Orenbach, Technion 26
Overhead analysis Untrusted (Host & OS) Trusted (Enclave) Host Host Enter Enter app app enclave enclave Wait for network Decrypt requests ~3,300 requests 150 cycles/32B cycles Process requests *100 cycles/32B Exit Exit enclave enclave Encrypt responses Send responses ~3,800 *150 cycles/32B cycles 22 May@Systor' 2017 Meni Orenbach, Technion 27
Overhead analysis Untrusted (Host & OS) Trusted (Enclave) Host Host Enter Enter app app enclave enclave Wait for network Decrypt requests ~3,300 requests 150 cycles/32B cycles Exits causes indirect costs: Process requests 1.5X – 5X slower execution *100 cycles/32B FlexSC [OSDI'10] syscall analysis Exit Exit enclave enclave Encrypt responses Send responses ~3,800 *150 cycles/32B cycles 22 May@Systor' 2017 Meni Orenbach, Technion 28
Overhead analysis Untrusted (Host & OS) Trusted (Enclave) Host Host Enter Enter app app enclave enclave Wait for network Decrypt requests ~3,300 requests 150 cycles/32B cycles Exits causes indirect costs: Process requests 1.5X – 5X slower execution *100 cycles/32B FlexSC [OSDI'10] syscall analysis Exit Exit enclave enclave Encrypt responses Send responses ~3,800 *150 cycles/32B cycles 22 May@Systor' 2017 Meni Orenbach, Technion 29
Eleos does better! Throughput: Slowdown factor 40 SGX Eleos 35 30 25 20 5x 15 10 3.5x 5 0 64 MB 512 MB 22 May@Systor' 2017 Meni Orenbach, Technion 30 Memory footprint
Eleos does better! Throughput: Slowdown factor 40 SGX Eleos 35 30 25 20 5x 15 10 3.5x 5 0 64 MB 512 MB How does Eleos achieve this? 22 May@Systor' 2017 Meni Orenbach, Technion 31 Memory footprint
Eleos: Exit-less services Exit-less system calls with RPC infrastructure Exit-less SGX paging 22 May@Systor' 2017 Meni Orenbach, Technion 32
Eleos: Exit-less services Exit-less system calls with RPC infrastructure Exit-less SGX paging 22 May@Systor' 2017 Meni Orenbach, Technion 33
Background: SGX paging System mem SGX mem Dedicated memory Enclave code & data Limited to 128 MB 22 May@Systor' 2017 Meni Orenbach, Technion 34
Background: SGX paging Enclave System mem Trusted secret_foo(): ... *p = 1; SGX mem Untrusted 22 May@Systor' 2017 Meni Orenbach, Technion 35
Background: SGX paging Enclave System mem Trusted secret_foo(): ... *p = 1; SGX mem Hardware Address translation Untrusted 22 May@Systor' 2017 Meni Orenbach, Technion 36
Background: SGX paging Enclave System mem Trusted secret_foo(): ... *p = 1; SGX mem Hardware Address translation Page table Encrypted Untrusted 22 May@Systor' 2017 Meni Orenbach, Technion 37
Background: SGX paging Enclave System mem Trusted secret_foo(): ... *p = 1; SGX mem Hardware Address translation Page table Encrypted Untrusted Swapped-out 22 May@Systor' 2017 Meni Orenbach, Technion 38
Background: SGX paging Enclave System mem Trusted secret_foo(): ... *p = 1; SGX mem Hardware Address translation Page table Fault Encrypted SGX-driver handler Untrusted Swapped-out 22 May@Systor' 2017 Meni Orenbach, Technion 39
Recommend
More recommend