Adaptive and Efficient Dynamic Memory Management for Hardware Enclaves
By: Vijay Dhanraj , Harpreet Singh Chawla , Tao Zhang and more
Potential Business Impact:
Makes secure computer programs run faster.
The second version of Intel Software Guard Extensions (Intel SGX), or SGX2, adds dynamic management of enclave memory and threads. The first version required the address space and thread counts to be fixed before execution. The Enclave Dynamic Memory Management (EDMM) feature of SGX2 has the potential to lower launch times and overall execution time. Despite reducing the enclave loading time by 28--93%, straightforward EDMM adoption strategies actually slow execution time down by as much as 58%. Using the Gramine library OS as a representative enclave runtime environment, this paper shows how to recover EDMM performance. The paper explains how implementing mutual distrust between the OS and enclave increases the cost of modifying page mappings. The paper then describes and evaluates a series of optimizations on application benchmarks, showing that these optimizations effectively eliminate the overheads of EDMM while retaining EDMM's performance and flexibility gains.
Similar Papers
ShieldMMU: Detecting and Defending against Controlled-Channel Attacks in Shielding Memory System
Cryptography and Security
Shields computer secrets from sneaky software attacks.
SEDM: Scalable Self-Evolving Distributed Memory for Agents
Artificial Intelligence
Makes AI remember better, learn faster, and share knowledge.
SEDM: Scalable Self-Evolving Distributed Memory for Agents
Artificial Intelligence
Makes AI remember better and learn faster.