Overhead-free I/O from enclaves SysTEX'16 Trento, Italy Meni Orenbach Prof. Mark Silberstein 1
Research Statement: Enclaves are accelerators for secured execution Accelerator system services and Abstractions can be retrofitted Inspire system services for enclaves 2
Case Example: GPU Partition: GPU and host Traditional CPU Application Offload computation to GPU GPU Host Kernel Application 3
Background: GPU Kernels High Performance Partition: GPU and host Private Memory Storage Separate GPU Memory High latency (PCIe) to host memory Host GPU Memory Memory GPU Host Kernel 4
Background: GPU Kernels Partition: GPU and host Storage Separate GPU Memory Host manages OS services GPU cannot invoke syscalls Host GPU Memory Memory Access Data GPU Host Kernel 5
Background: GPU Kernels Partition: GPU and host Storage Separate GPU Memory Host manages OS services GPU cannot invoke syscalls Host GPU Host operate on its memory Memory Memory GPU Host Kernel 6
Background: GPU Kernels Partition: GPU and host Storage Separate GPU Memory Host manages OS services GPU cannot invoke syscalls Host GPU Host operate on its memory Memory Memory Copy data to GPU memory GPU Host Kernel 7
Background: GPU Kernels Partition: GPU and host Can't Storage Separate GPU Memory Dynamically Host Load construct Host manages OS services Threads kernel GPU cannot invoke syscalls Host GPU Can't Host operate on its memory Memory Memory Dynamically 5μsec on Host Load NVIDIA K40 Copy data to GPU memory manages Instructions address Host-centric management space GPU Host High invocation costs Kernel Kernel Launch 8
Background: GPU Kernels Partition: GPU and host Storage Separate GPU Memory Host manages OS services GPU cannot invoke syscalls Host GPU Host operate on its memory Memory Memory Copy data to GPU memory Host-centric management GPU Host High invocation costs Kernel GPU execute computation 9
Background: GPU Kernels Partition: GPU and host Storage Separate GPU Memory Host manages OS services GPU cannot invoke syscalls Host GPU Host operate on its memory Memory Memory Copy data to GPU memory Host-centric management GPU Host High invocation costs Kernel GPU execute computation Copy back to host memory 10
What do GPU and enclave have in common? 11
Design an Enclave Application Partition:trusted and untrusted Partition:trusted and untrusted Traditional Separate GPU Memory CPU Application Host manages OS services GPU cannot invoke syscalls Offload sensitive data to enclaves Host operate on its memory Copy data to GPU memory Host-centric management High invocation costs Enclave Host GPU execute computation (Trusted) (Untrusted) Copy back to host memory 12
Private Reserved Memory Integrity Partition:trusted and untrusted Confidentiality Anti-replay Storage Separate Enclave Memory Separate Enclave Memory High latency Host manages OS services to host memory (Encrypt/Decrypt) GPU cannot invoke syscalls Host Enclave Host operate on its memory Memory Memory Copy data to GPU memory Host-centric management Host Enclave High invocation costs GPU execute computation Copy back to host memory 13
The OS is untrusted Partition:trusted and untrusted Storage Separate Enclave Memory Host manages OS services Host manages OS services Enclave cannot invoke syscalls Enclave cannot invoke syscalls Host Enclave Host operate on its memory Memory Memory Access Copy data to GPU memory Data Host-centric management Host Enclave High invocation costs GPU execute computation Copy back to host memory 14
Untrusted code operates on untrusted memory Partition:trusted and untrusted Storage Separate Enclave Memory Host manages OS services Enclave cannot invoke syscalls Host Enclave Host operate on its memory Memory Host operate on its memory Memory Copy data to GPU memory Host-centric management Host Enclave High invocation costs GPU execute computation Copy back to host memory 15
Trusted code operates on Trusted memory Partition:trusted and untrusted Storage Separate Enclave Memory Host manages OS services Enclave cannot invoke syscalls Host Enclave Host operate on its memory Memory Memory Copy data to enclave memory Copy data to enclave memory Host-centric management Host Enclave High invocation costs GPU execute computation Copy back to host memory 16
Host-centric management Can't Partition:trusted and untrusted Dynamically Storage Load Separate Enclave Memory Host Threads construct (SGX1) Host manages OS services enclave Can't Enclave cannot invoke syscalls Dynamically Host Enclave Load Host operate on its memory Memory Memory 3μsec on Host Instructions i7 Skylake manages (SGX1) Copy data to enclave memory address Host-centric management Host-centric management space Host Enclave High invocation costs High invocation costs EENTER GPU execute computation Copy back to host memory 17
Isolated execution Partition:trusted and untrusted Storage Separate Enclave Memory Host manages OS services Enclave cannot invoke syscalls Host Enclave Host operate on its memory Memory Memory Copy data to enclave memory Host-centric management Host Enclave High invocation costs Enclave execute computation Enclave execute computation Copy back to host memory 18
Communication through untrusted memory Partition:trusted and untrusted Storage Separate Enclave Memory Host manages OS services Enclave cannot invoke syscalls Host Enclave Host operate on its memory Memory Memory Copy data to enclave memory Host-centric management Host Enclave High invocation costs Enclave execute computation Copy back to host memory Copy back to host memory 19
The reason is... Isolation by design Enclaves use strong isolation to provide strong security Accelerators run on different hardware Accelerators are isolated by necessity 20
Effect on processes' runtime ● Simplified parameter server in and out of enclave – Network server – Private model & data – Store model in hash table – Clients send 100k random requests to update items – Server issues recv() to get requests and update – Enclave encapsulate recv() in OCALL. 21
Simplified parameter server 10 SGX 9 8 7 Slowdown factor 6 5 4 3 2 1 0 1 2 4 8 16 32 64 Number of items updated per request 22
What can we learn from GPUs? 23
SGXIO: Overhead-free I/O from enclaves Based on GPUfs [ASPLOS'2013] – RPC communication infrastructure Untrusted Shared Trusted memory untrusted memory memory Enclave RPC RPC Software Thread-Pool Queue untrusted_call() Pass request Spinlock Exec Unlock 'Server' 'Client' 24
Simplified parameter server 10 SGX SGXIO 9 8 7 Slowdown factor 6 5 4 3 2 1 0 1 2 4 8 16 32 64 Number of items updated per request 25
Same, Same but different ● Enclaves are not traditional accelerators – Latency to host memory ● MMU vs PCIe – Atomic instructions shared with the host – Internal management ● E.g., Enclave Thread-scheduler Enclaves bring new possibilities 26
Retrofitting accelerators' ideas for enclaves ● SGXIO: OS services for enclaves ● Asynchronous DMA host copies ● Non-blocking enclave launches ● In-enclave virtual memory management 27
Thank you! Questions? shmeni@tx.technion.ac.il mark@ee.technion.ac.il 28
Recommend
More recommend