DOCSLIB.ORG

Paper Proposes CHANCEL, a Sandbox Designed for Appealing Target for Service Providers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs Adil Ahmady Juhee Kimx Jaebaek Seo∗ Insik Shinz Pedro Fonsecay Byoungyoung Leex yPurdue University xSeoul National University ∗Google zKAIST Abstract—Intel SGX aims to provide the confidentiality of confidential data, even if protected by SGX. For example, user data on untrusted cloud machines. However, applications consider a scenario where a service provider rents a cloud that process confidential user data may contain bugs that leak machine, with SGX capabilities, to provide a service to its information or be programmed maliciously to collect user data. clients. In this scenario, SGX will protect client data from a Existing research that attempts to solve this problem does not malicious cloud provider, but cannot prevent the data from consider multi-client isolation in a single enclave. We show being collected by the service provider using an adversarial that by not supporting such in-enclave isolation, they incur considerable slowdown when concurrently processing multiple program. Therefore, clients must trust the service provider to clients in different enclave processes, due to the limitations of not leak their confidential data. SGX. The significant value of private user data makes itan This paper proposes CHANCEL, a sandbox designed for appealing target for service providers. For example, consider a multi-client isolation within a single SGX enclave. In particular, popular messaging platform, Signal [2], which supports private CHANCEL allows a program’s threads to access both a per-thread contact discovery [3]. Signal keeps an offline database of its memory region and a shared read-only memory region while users and periodically updates it on an SGX machine. The servicing requests. Each thread handles requests from a single users connect to the SGX machine to discover which contacts client at a time and is isolated from other threads, using a Multi- use Signal. The private contact discovery is meant to prevent Client Software Fault Isolation (MCSFI) scheme. Furthermore, Signal from extracting a social graph, i.e., determine which CHANCEL supports various in-enclave services such as an in- memory file system and shielded client communication to ensure contacts know each other. However, although Signal’s source complete mediation of the program’s interactions with the outside code is available for inspection, it is non-trivial to determine world. We implemented CHANCEL and evaluated it on SGX that it satisfies such security properties. Moreover, unlike Signal, hardware using both micro-benchmarks and realistic target many companies do not disclose their proprietary algorithms scenarios, including private information retrieval and product which further aggravates the problem by requiring users to recommendation services. Our results show that CHANCEL out- blindly trust service providers. performs a baseline multi-process sandbox by 4:06 − 53:70× on micro-benchmarks and 0:02−21:18× on realistic workloads while Existing research concerning client data protection in remote providing strong security guarantees. machines (e.g., Ryoan [4], VC3 [5]) does not support multi- client isolation within a single enclave. Considering the Signal example, the application could be designed such that multiple I. INTRODUCTION threads (handling requests from individual clients) directly Intel SGX guarantees the confidentiality and integrity ofa share a contact database provided by Signal. However, lacking program without trusting software components such as the OS such support, prior approaches require a dedicated enclave or hypervisor, and protects against specific hardware attacks1 [ ]. process for each client. Although lacking a single process SGX also supports remote attestation to ensuring that programs multi-client sandbox is not critical in non-SGX environments, are correctly installed on remote machines. Thus, SGX is a it is a significant drawback in SGX environments. In particular, promising candidate to ensure the confidentiality of sensitive the lack of secure memory sharing between enclaves and limited data running on remote machines in the cloud. enclave memory (i.e., only 128−256 MB), results in inefficient use of the limited memory and prohibitive overheads when different processes have distinct copies of shared data. However, the traditional assumption behind SGX’s im- To further elaborate, SGX does not allow the sharing of plementation is that the program running inside an enclave enclave pages between different enclave processes; therefore, is trusted. This assumption is not always valid because common data must either be shared through untrusted interfaces applications may contain bugs or may have been built by (e.g., OS-controlled IPC), which is insecure, or be cloned to malicious programmers (i.e., adversarial programs). Hence, each enclave process. However, since SGX has limited trusted users cannot trust remote programs because they may leak memory, cloning common data for each process/enclave would ∗ waste precious memory resources and eventually slowdown the The author worked on this project as a PhD student at KAIST. entire system due to the expensive page-swaps between trusted and untrusted memory [6]. Our experiments on a real-world product recommendation application suggest that under a four Network and Distributed Systems Security (NDSS) Symposium 2021 client scenario with 112 MB of product catalog memory, a 21-25 February 2021, Virtual multi-process sandbox (i.e., the catalog is cloned to 4 processes) ISBN 1-891562-66-5 https://dx.doi.org/10.14722/ndss.2021.24057 incurs almost 20× more page-swaps, and an overhead of more www.ndss-symposium.org than 17×, compared to a multi-client sandbox (i.e., the catalog is shared by 4 threads) (§VIII-C). scenarios, including private information retrieval and product recommendation services. This paper proposes CHANCEL1, a multi-client sandbox that enables multiple threads to securely and efficiently handle re- To ease program development for CHANCEL, we implement quests from different clients, within a single enclave. CHANCEL a compiler toolchain using LLVM [14]. The service provider relies on a novel Multi-Client SFI (MCSFI) scheme to enable must utilize CHANCEL’s toolchain to build an instrumented thread isolation, i.e., sensitive client data and other thread binary, which is loaded into CHANCEL’s enclave after instru- content is only available within the thread’s context, and shared mentation validation using an x86 disassembler, capstone [15]. memory enforcement, i.e., threads can only use shared memory During program execution, CHANCEL provides various services, that is protected against data leakage or tampering. Furthermore, i.e., dynamic memory allocation, file system, and shielded CHANCEL ensures the confidentiality of computational results client communication, and also protects against covert channel by encrypting all outgoing data using a shared secret key attacks (e.g., encoding information in the output size). Our with each client. Lastly, CHANCEL provides various in-enclave evaluated programs required no manual changes to build using functionalities (e.g., an in-memory filesystem) and offers our toolchain and few additional code (less than 10 lines) to practical protections against covert channel attacks. utilize CHANCEL’s runtime services. Existing SFI techniques are not designed for multi-client We evaluate CHANCEL on SGX hardware to assess its scenarios and require advanced hardware features to implement security impact and performance. Our security evaluation in SGX enclaves. In particular, Native Client (NaCl) [7] consid- confirms that CHANCEL can prevent a wide range of attack ers the program’s data to belong to a single client; therefore, it scenarios, including attempts to compromise the instrumentation provisions a single memory view for each thread and does not checks, perform code injection attacks, and leak client data. support thread isolation. Furthermore, Multi-Domain SFI [8, 9] Furthermore, our evaluation shows that CHANCEL has supports thread isolation but lacks shared memory (or its significantly higher performance than the baseline secure enforcement) between the threads, crucial to ensure efficient multi-process sandbox approach (e.g., Ryoan [4]). CHANCEL memory usage, and hence high performance for SGX enclaves. showed a 4:06 − 53:70× performance improvement in micro- Finally, SGX implementations of SFI techniques [4, 9, 10] benchmarks and 0:02 − 21:18× improvement across a range require hardware features that are not widely available, e.g., of important real-world workloads—intrusion detection sys- SGX2 [11], or have been discontinued, e.g., Memory Protection tems (OSSEC [16] and Snort [17]), private information re- eXtensions (MPX) [12, 13], significantly hindering deployment. trieval (DrugBank database [18, 19] and ShieldStore [20] Therefore, to enable efficient multi-client separation, we pro- key-value store), and product recommendation systems (Rec- pose Multi-Client SFI (MCSFI), inspired by Native Client [7]. ommender [21]). Finally, the average overhead of CHANCEL In particular, MCSFI allows each thread to access two memory compared to a native execution is only 12:43% on the nbench regions: (a) per-thread private data region, (b) shared read- benchmark [22], which demonstrates CHANCEL’s applicability only region for all threads of the program. Each thread stores to a wide range of scenarios with only modest overheads. sensitive data obtained from a single
Recommended publications
  • Fact Sheet: the Next Generation of Computing Has Arrived

    Fact Sheet: the Next Generation of Computing Has Arrived

    News Fact Sheet The Next Generation of Computing Has Arrived: Performance to Power Amazing Experiences The new 5th Generation Intel® Core™ processor family is Intel’s latest wave of 14nm processors, delivering improved system and graphics performance, more natural and immersive user experiences, and enabling longer battery life compared to previous generations. The release of the 5th Generation Intel Core technology includes 14 new processors for consumers and businesses, including 10 new 15W processors with Intel® HD Graphics and four new 28W products with Intel® Iris™ Graphics. The 5th Generation Intel Core processor is purpose-built for the next generation of compute devices offering a thinner, lighter and more efficient experience across diverse form factors, including traditional notebooks, 2 in 1s, Ultrabooks™, Chromebooks, all-in-one desktop PCs and mini PCs. With the 5th Generation Intel Core processor availability, the “Broadwell” microarchitecture is expected to be the fastest mobile transition in company history to offer consumers a broad selection and availability of devices. Intel also started shipping its next generation 14nm processor for tablets, codenamed “Cherry Trail”, to device manufacturers. The new system on a chip (SoC) offers 64-bit computing, improved graphics with Intel® Generation 8-LP graphics, great performance and battery life for mainstream tablets. The platform offers world-class modem capabilities with LTE-Advanced on Intel® XMM™ 726x platform, which supports Cat-6 speeds and carrier aggregation. Customers will introduce new products based on this platform starting in the first half of this year. Key benefits of the 5th Generation Intel Core family and the next-generation 14nm processor for tablets include: Powerful Performance.
  • Deciding Memory Safety for Single-Pass Heap-Manipulating Programs

    Deciding Memory Safety for Single-Pass Heap-Manipulating Programs

    Deciding Memory Safety for Single-Pass Heap-Manipulating Programs UMANG MATHUR, University of Illinois, Urbana-Champaign, USA ADITHYA MURALI, University of Illinois, Urbana-Champaign, USA PAUL KROGMEIER, University of Illinois, Urbana-Champaign, USA P. MADHUSUDAN, University of Illinois, Urbana-Champaign, USA MAHESH VISWANATHAN, University of Illinois, Urbana-Champaign, USA We investigate the decidability of automatic program verification for programs that manipulate heaps, andin particular, decision procedures for proving memory safety for them. We extend recent work that identified a decidable subclass of uninterpreted programs to a class of alias-aware programs that can update maps. We 35 apply this theory to develop verification algorithms for memory safetyÐ determining if a heap-manipulating program that allocates and frees memory locations and manipulates heap pointers does not dereference an unallocated memory location. We show that this problem is decidable when the initial allocated heap forms a forest data-structure and when programs are streaming-coherent, which intuitively restricts programs to make a single pass over a data-structure. Our experimental evaluation on a set of library routines that manipulate forest data-structures shows that common single-pass algorithms on data-structures often fall in the decidable class, and that our decision procedure is efficient in verifying them. CCS Concepts: • Theory of computation → Logic and verification; Automated reasoning. Additional Key Words and Phrases: Memory Safety, Program Verification, Aliasing, Decidability, Uninterpreted Programs, Streaming-Coherence, Forest Data-Structures ACM Reference Format: Umang Mathur, Adithya Murali, Paul Krogmeier, P. Madhusudan, and Mahesh Viswanathan. 2020. Deciding Memory Safety for Single-Pass Heap-Manipulating Programs. Proc. ACM Program.
  • 1 Intel CEO Remarks Pat Gelsinger Q2'21 Earnings Webcast July 22

    1 Intel CEO Remarks Pat Gelsinger Q2'21 Earnings Webcast July 22

    Intel CEO Remarks Pat Gelsinger Q2’21 Earnings Webcast July 22, 2021 Good afternoon, everyone. Thanks for joining our second-quarter earnings call. It’s a thrilling time for both the semiconductor industry and for Intel. We're seeing unprecedented demand as the digitization of everything is accelerated by the superpowers of AI, pervasive connectivity, cloud-to-edge infrastructure and increasingly ubiquitous compute. Our depth and breadth of software, silicon and platforms, and packaging and process, combined with our at-scale manufacturing, uniquely positions Intel to capitalize on this vast growth opportunity. Our Q2 results, which exceeded our top and bottom line expectations, reflect the strength of the industry, the demand for our products, as well as the superb execution of our factory network. As I’ve said before, we are only in the early innings of what is likely to be a decade of sustained growth across the industry. Our momentum is building as once again we beat expectations and raise our full-year revenue and EPS guidance. Since laying out our IDM 2.0 strategy in March, we feel increasingly confident that we're moving the company forward toward our goal of delivering leadership products in every category in which we compete. While we have work to do, we are making strides to renew our execution machine: 7nm is progressing very well. We’ve launched new innovative products, established Intel Foundry Services, and made operational and organizational changes to lay the foundation needed to win in the next phase of our company’s great history. Here at Intel, we’re proud of our past, pragmatic about the work ahead, but, most importantly, confident in our future.
  • Intra-Unikernel Isolation with Intel Memory Protection Keys

    Intra-Unikernel Isolation with Intel Memory Protection Keys

    Intra-Unikernel Isolation with Intel Memory Protection Keys Mincheol Sung Pierre Olivier∗ Virginia Tech, USA The University of Manchester, United Kingdom [email protected] [email protected] Stefan Lankes Binoy Ravindran RWTH Aachen University, Germany Virginia Tech, USA [email protected] [email protected] Abstract ACM Reference Format: Mincheol Sung, Pierre Olivier, Stefan Lankes, and Binoy Ravin- Unikernels are minimal, single-purpose virtual machines. dran. 2020. Intra-Unikernel Isolation with Intel Memory Protec- This new operating system model promises numerous bene- tion Keys. In 16th ACM SIGPLAN/SIGOPS International Conference fits within many application domains in terms of lightweight- on Virtual Execution Environments (VEE ’20), March 17, 2020, Lau- ness, performance, and security. Although the isolation be- sanne, Switzerland. ACM, New York, NY, USA, 14 pages. https: tween unikernels is generally recognized as strong, there //doi.org/10.1145/3381052.3381326 is no isolation within a unikernel itself. This is due to the use of a single, unprotected address space, a basic principle 1 Introduction of unikernels that provide their lightweightness and perfor- Unikernels have gained attention in the academic research mance benefits. In this paper, we propose a new design that community, offering multiple benefits in terms of improved brings memory isolation inside a unikernel instance while performance, increased security, reduced costs, etc. As a keeping a single address space. We leverage Intel’s Memory result,
  • The Microarchitecture of the Pentium 4 Processor

    The Microarchitecture of the Pentium 4 Processor

    The Microarchitecture of the Pentium 4 Processor Glenn Hinton, Desktop Platforms Group, Intel Corp. Dave Sager, Desktop Platforms Group, Intel Corp. Mike Upton, Desktop Platforms Group, Intel Corp. Darrell Boggs, Desktop Platforms Group, Intel Corp. Doug Carmean, Desktop Platforms Group, Intel Corp. Alan Kyker, Desktop Platforms Group, Intel Corp. Patrice Roussel, Desktop Platforms Group, Intel Corp. Index words: Pentium® 4 processor, NetBurst™ microarchitecture, Trace Cache, double-pumped ALU, deep pipelining provides an in-depth examination of the features and ABSTRACT functions of the Intel NetBurst microarchitecture. This paper describes the Intel® NetBurst™ ® The Pentium 4 processor is designed to deliver microarchitecture of Intel’s new flagship Pentium 4 performance across applications where end users can truly processor. This microarchitecture is the basis of a new appreciate and experience its performance. For example, family of processors from Intel starting with the Pentium it allows a much better user experience in areas such as 4 processor. The Pentium 4 processor provides a Internet audio and streaming video, image processing, substantial performance gain for many key application video content creation, speech recognition, 3D areas where the end user can truly appreciate the applications and games, multi-media, and multi-tasking difference. user environments. The Pentium 4 processor enables real- In this paper we describe the main features and functions time MPEG2 video encoding and near real-time MPEG4 of the NetBurst microarchitecture. We present the front- encoding, allowing efficient video editing and video end of the machine, including its new form of instruction conferencing. It delivers world-class performance on 3D cache called the Execution Trace Cache.
  • “Sok: Eternal War in Memory”

    “Sok: Eternal War in Memory”

    “SoK: Eternal War in Memory” Presented by Mengjia Yan MIT 6.888 Fall 2020 Overview • Discuss the paper “SoK: Eternal War in Memory” with concrete examples • Recent progress on memory safety • With a focus on hardware/architecture 2 Motivation • C/C++ is unsafe • EveryboDy runs C/C++ coDe • They surely have exploitable vulnerabilities 3 Low-level Language Basics (C/C++/Assembly) 0x00..0000 • Programmers have more control + Efficient OS memory - Bugs - Programming productivity TEXT (code) Global/Static • Pointers DATA • Address of variables (uint64): index of memory location where variable is stored Heap • Programmers need to do pointer check, e.g. NULL, out-of-bound, use-after-free Stack 0xFF..FFFF 4 Low-level Language Basics 0x00..0000 TEXT (code) Heap Stack 0xFF..FFFF 5 Low-level Language Basics TEXT (code) stack 6 Attacks Code Injection Attack Example TEXT (code) int func (char *str) { Shell code: char buffer[12]; strncpy(buffer, str, len(str)); PUSH “/bin/sh” CALL system stack return 1; } int main() { …. func (input); … } 8 Code Injection Attack TEXT (code) TEXT (code) stack stack buffer Shell code … … Return addr Return addr 9 Attacks 10 Return-Oriented Programming (ROP) int func (char *str) { TEXT (code) TEXT (code) char buffer[12]; strncpy(buffer, str, len(str)); stack stack return 1; } …. int main() { buffer …. … … func (input); Return addr Return addr … } 11 Attacks 12 HeartBleed Vulnerability • Publicly DiscloseD in April 2014 • Bug in the OpenSSL cryptographic software library heartbeat extension • Missing a bound check 13 Attacks
  • MPTEE: Bringing Flexible and Efficient Memory Protection to Intel

    MPTEE: Bringing Flexible and Efficient Memory Protection to Intel

    MPTEE: Bringing Flexible and Efficient Memory Protection to Intel SGX Wenjia Zhao Kangjie Lu* Yong Qi* Saiyu Qi Xi’an Jiaotong University University of Minnesota Xi’an Jiaotong University Xidian University University of Minnesota Abstract code, emerge in today’s market. In particular, Intel has pro- Intel Software Guard eXtensions (SGX), a hardware-based vided SGX in its commodity processors, which supports a se- Trusted Execution Environment (TEE), has become a promis- cure region, namely enclave, to protect the internally loaded ing solution to stopping critical threats such as insider attacks code and data. Given its important and practical protection, and remote exploits. SGX has recently drawn extensive re- SGX has been extensively studied and used in practice. For search in two directions—using it to protect the confidentiality example, SCONE [1] uses it to effectively enhance the secu- and integrity of sensitive data, and protecting itself from at- rity of containers with low overhead. JITGuard [17] leverages tacks. Both the applications and defense mechanisms of SGX it to protect the security-critical just-in-time compiler oper- have a fundamental need—flexible memory protection that ations. SGXCrypter[49] utilizes it to securely unpack and updates memory-page permissions dynamically and enforces execute Windows binaries. There are many other useful appli- the least-privilege principle. Unfortunately, SGX does not pro- cations [35], [34], [31],[6], which confirm the practical and vide such a memory-protection mechanism due to the lack of promising applications of SGX. hardware support and the untrustedness of operating systems. Another line of research is to protect SGX itself from at- This paper proposes MPTEE, a memory-protection mech- tacks.
  • Multiprocessing Contents

    Multiprocessing Contents

    Multiprocessing Contents 1 Multiprocessing 1 1.1 Pre-history .............................................. 1 1.2 Key topics ............................................... 1 1.2.1 Processor symmetry ...................................... 1 1.2.2 Instruction and data streams ................................. 1 1.2.3 Processor coupling ...................................... 2 1.2.4 Multiprocessor Communication Architecture ......................... 2 1.3 Flynn’s taxonomy ........................................... 2 1.3.1 SISD multiprocessing ..................................... 2 1.3.2 SIMD multiprocessing .................................... 2 1.3.3 MISD multiprocessing .................................... 3 1.3.4 MIMD multiprocessing .................................... 3 1.4 See also ................................................ 3 1.5 References ............................................... 3 2 Computer multitasking 5 2.1 Multiprogramming .......................................... 5 2.2 Cooperative multitasking ....................................... 6 2.3 Preemptive multitasking ....................................... 6 2.4 Real time ............................................... 7 2.5 Multithreading ............................................ 7 2.6 Memory protection .......................................... 7 2.7 Memory swapping .......................................... 7 2.8 Programming ............................................. 7 2.9 See also ................................................ 8 2.10 References .............................................
  • Intel 2019 Year Book

    Intel 2019 Year Book

    YEARBOOK 2019 POWERING THE FUTURE Our 2019 yearbook invites you to look back and reflect on a memorable year for Intel. TABLE OF CONTENTS 2019 kicked off with the announcement of our new p4 New CEO. Evolving culture. Expanded ambitions. chief executive, Bob Swan. It was followed by a stream of notable news: product announcements, technology p6 More data. More storage. More processing. breakthroughs, new customers and partnerships, p10 Innovation for the PC user experience and important moves to evolve Intel’s culture as the company entered its sixth decade. p12 Self-driving cars hit the road p2 p16 AI unlocks the power of data It’s a privilege to tell the Intel story in all its complexity and humanity. Looking through these pages, the p18 Helping customers push boundaries breadth and depth of what we’ve achieved in 12 p22 More supply to meet strong demand months is substantial, as is the strong foundation we’ve built for even greater impact in the future. p26 Next-gen hardware and software to unlock it p28 Tech’s future: Inventing and investing I hope you enjoy this colorful look at what’s possible when more than 100,000 individuals from every p32 Reinforcing the nature of Moore’s Law corner of the globe unite to change the world – p34 Building for the smarter future through technologies that make a positive difference to our customers, to society, and to people’s lives. — Claire Dixon, Chief Communications Officer NEW CEO. EVOLVING CULTURE. EXPANDED AMBITIONS. 2019 was an important year in Intel’s transformation, with a new chief executive officer, ambitious business priorities, an aspirational culture evolution, and a farewell to Focal.
  • Intel® Xeon® E3-1200 V5 Processor Family

    Intel® Xeon® E3-1200 V5 Processor Family

    Intel® Xeon® E3-1200 v5 Processor Family Specification Update May 2020 Revision 033 Reference Number: 333133-033US Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at Intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Intel does not assume any liability for lost or stolen data or systems or any damages resulting from such losses. You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. Intel® Turbo Boost Technology requires a PC with a processor with Intel Turbo Boost Technology capability. Intel Turbo Boost Technology performance varies depending on hardware, software and overall system configuration. Check with your PC manufacturer on whether your system delivers Intel Turbo Boost Technology. For more information, see http://www.intel.com/ content/www/us/en/architecture-and-technology/turbo-boost/turbo-boost-technology.html Copies of documents which have an order number and are referenced in this document may be obtained by calling 1-800-548- 4725 or by visiting www.intel.com/design/literature.htm.
  • The Intel X86 Microarchitectures Map Version 2.0

    The Intel X86 Microarchitectures Map Version 2.0

    The Intel x86 Microarchitectures Map Version 2.0 P6 (1995, 0.50 to 0.35 μm) 8086 (1978, 3 µm) 80386 (1985, 1.5 to 1 µm) P5 (1993, 0.80 to 0.35 μm) NetBurst (2000 , 180 to 130 nm) Skylake (2015, 14 nm) Alternative Names: i686 Series: Alternative Names: iAPX 386, 386, i386 Alternative Names: Pentium, 80586, 586, i586 Alternative Names: Pentium 4, Pentium IV, P4 Alternative Names: SKL (Desktop and Mobile), SKX (Server) Series: Pentium Pro (used in desktops and servers) • 16-bit data bus: 8086 (iAPX Series: Series: Series: Series: • Variant: Klamath (1997, 0.35 μm) 86) • Desktop/Server: i386DX Desktop/Server: P5, P54C • Desktop: Willamette (180 nm) • Desktop: Desktop 6th Generation Core i5 (Skylake-S and Skylake-H) • Alternative Names: Pentium II, PII • 8-bit data bus: 8088 (iAPX • Desktop lower-performance: i386SX Desktop/Server higher-performance: P54CQS, P54CS • Desktop higher-performance: Northwood Pentium 4 (130 nm), Northwood B Pentium 4 HT (130 nm), • Desktop higher-performance: Desktop 6th Generation Core i7 (Skylake-S and Skylake-H), Desktop 7th Generation Core i7 X (Skylake-X), • Series: Klamath (used in desktops) 88) • Mobile: i386SL, 80376, i386EX, Mobile: P54C, P54LM Northwood C Pentium 4 HT (130 nm), Gallatin (Pentium 4 Extreme Edition 130 nm) Desktop 7th Generation Core i9 X (Skylake-X), Desktop 9th Generation Core i7 X (Skylake-X), Desktop 9th Generation Core i9 X (Skylake-X) • Variant: Deschutes (1998, 0.25 to 0.18 μm) i386CXSA, i386SXSA, i386CXSB Compatibility: Pentium OverDrive • Desktop lower-performance: Willamette-128
  • A Performance Analysis Tool for Intel SGX Enclaves

    A Performance Analysis Tool for Intel SGX Enclaves

    sgx-perf: A Performance Analysis Tool for Intel SGX Enclaves Nico Weichbrodt Pierre-Louis Aublin Rüdiger Kapitza IBR, TU Braunschweig LSDS, Imperial College London IBR, TU Braunschweig Germany United Kingdom Germany [email protected] [email protected] [email protected] ABSTRACT the provider or need to refrain from offloading their workloads Novel trusted execution technologies such as Intel’s Software Guard to the cloud. With the advent of Intel’s Software Guard Exten- Extensions (SGX) are considered a cure to many security risks in sions (SGX)[14, 28], the situation is about to change as this novel clouds. This is achieved by offering trusted execution contexts, so trusted execution technology enables confidentiality and integrity called enclaves, that enable confidentiality and integrity protection protection of code and data – even from privileged software and of code and data even from privileged software and physical attacks. physical attacks. Accordingly, researchers from academia and in- To utilise this new abstraction, Intel offers a dedicated Software dustry alike recently published research works in rapid succession Development Kit (SDK). While it is already used to build numerous to secure applications in clouds [2, 5, 33], enable secure network- applications, understanding the performance implications of SGX ing [9, 11, 34, 39] and fortify local applications [22, 23, 35]. and the offered programming support is still in its infancy. This Core to all these works is the use of SGX provided enclaves, inevitably leads to time-consuming trial-and-error testing and poses which build small, isolated application compartments designed to the risk of poor performance.