Systems Support for Emerging Memory Technologies Von der Carl-Friedrich-Gauß-Fakultat¨ der Technischen Universitat¨ Carolo-Wilhelmina zu Braunschweig zur Erlangung des Grades eines Doktoringenieurs (Dr.-Ing.) genehmigte Dissertation von Vasily Sartakov geboren am 25.09.1985 in Tscheljabinsk Eingereicht am: 21.12.2018 Disputation am: 03.05.2019 1. Referent: Prof. Dr. R ¨udigerKapitza 2. Referent: Prof. Dr. Christof Fetzer (2019) ii Kurzfassung Vertrauenswurdigkeit¨ und Skalierbarkeit sind die beiden maßgeblichen Faktoren, die die Verbreitung von Clouds behindern. Die Moglichkeit¨ privilegierter Zugriffe auf Kundendaten durch einen Cloudanbieter schrankt¨ die Nutzung von Clouds bei der Verarbeitung von sicherheitskritischen und vertraulichen Informationen ein. Clouddienste mit niedriger Latenz erfordern die Durchfuhrungen¨ von Berechnungen im Hauptspeicher und sind daher an Charakteristika von Dynamic RAM (DRAM) wie Kapazitat,¨ Dichte, Energieverbrauch und andere Aspekte gebunden. Zwei technologische Bereiche befassen sich mit diesen Faktoren: Etablierte Server Plattformen wie Intel Software Guard eXtensions (SGX) und AMD Secure Encrypted Virtualisation (SEV) stellen Erweiterungen fur¨ vertrauenswurdige¨ Ausfuhrung¨ in nicht vertrauenswurdigen¨ Umgebungen bereit. Verschiedene Technologien von nicht fluchtigem¨ Speicher bieten bessere Kapazitat¨ und Speicherdichte verglichen mit DRAM, und konnen¨ daher in Zukunft als Alternative zu DRAM herangezogen werden. Jedoch benotigen¨ diese Technologien und Erweiterungen neuartige Ansatze¨ und Systemunterstutzung¨ bei der Programmierung, da diese der Systemarchitektur neue Funktionalitat¨ hinzufugen:¨ Systemkomponenten (Intel SGX) und Persistenz (nicht-fluchtiger¨ Speicher). Diese Dissertation widmet sich der Programmierung und den Architekturaspekten von persistenten und vertrauenswurdigen¨ Systemen. Fur¨ vertrauenswurdige¨ Systeme wurde eine detaillierte Analyse der neuen Architekturerweiterungen durchgefuhrt.¨ Außerdem wurden das neuartige “EActors” Framework und die “STANlite” Datenbank entwickelt, um die neuen Moglichkeiten¨ von vertrauenswurdiger¨ Ausfuhrung¨ effektiv zu nutzen. Daruber¨ hinaus wurde fur¨ persistente Systeme eine detaillierte Analyse zukunftiger¨ Speichertechnologien, deren Merkmale und mogliche¨ Auswirkungen auf die Systemarchitektur durchgefuhrt.¨ Ferner wurde das neue Hypervisor-basierte Persistenzmodell entwickelt und mittels NV-Hypervisor ausgewertet, welches transparente Persistenz fur¨ alte und proprietare¨ Software, sowie Virtualisierung von persistentem Speicher ermoglicht.¨ iii iv Abstract Trust and scalability are the two significant factors which impede the dissemination of clouds. The possibility of privileged access to customer data by a cloud provider limits the usage of clouds for processing security-sensitive data. Low latency cloud services rely on in-memory computations, and thus, are limited by several characteristics of DRAM such as capacity, density, energy consumption, for example. Two technological areas address these factors. Mainstream server platforms, such as Intel Software Guard eXtensions (SGX) and AMD Secure Encrypted Virtualisation (SEV) offer extensions for trusted execution in untrusted environments. Various technologies of Non-Volatile RAM (NV-RAM) have better capacity and density compared to DRAM and thus can be considered as DRAM alternatives in the future. However, these technologies and extensions require new programming approaches and system support since they add features to the system architecture: new system components (Intel SGX) and data persistence (NV-RAM). This thesis is devoted to the programming and architectural aspects of persistent and trusted systems. For trusted systems, an in-depth analysis of new architectural extensions was performed. A novel framework named EActors and a database engine named STANlite were developed to effectively use the capabilities of trusted execution. For persistent systems, an in-depth analysis of prospective memory technologies, their features and the possible impact on system architecture was performed. A new persistence model, called the hypervisor-based model of persistence, was developed and evaluated by the NV-Hypervisor. This offers transparent persistence for legacy and proprietary software, and supports virtualisation of persistent memory. v Table of Contents List of Abbreviations xi List of Figures xiv List of Tables xv 1 Introduction1 1.1 Main Contributions...............................6 1.2 Related publications..............................7 1.3 Organisation...................................7 2 Memory encryption and trusted execution9 2.1 Background................................... 10 2.1.1 Modern platforms for trusted execution in clouds......... 10 2.1.1.1 AMD Secure Encrypted Virtualisation.......... 10 2.1.1.2 Intel Software Guard eXtensions.............. 12 2.1.2 Challenges of SGX programming................... 16 2.1.2.1 Self-contained environment and high transition costs.. 16 2.1.2.2 EPC paging.......................... 18 2.1.3 Related works.............................. 19 2.1.3.1 Programming approaches................. 19 2.1.3.2 System support....................... 21 2.1.4 Conclusion............................... 23 2.2 EActors: an actor-based framework for trusted execution......... 25 2.2.1 General architecture and basic primitives.............. 27 2.2.1.1 EActors programming model............... 28 2.2.1.2 EActors runtime....................... 29 vii 2.2.1.3 Memory management and messaging.......... 31 2.2.2 Design and implementation of system components........ 31 2.2.2.1 Connectors and cargos................... 32 2.2.2.2 System actors......................... 36 2.2.2.3 Eactors Object Store..................... 37 2.2.3 Microbenchmark and use cases.................... 43 2.2.3.1 Microbenchmarking inter-enclave communication... 43 2.2.3.2 Secure multi-party computation service......... 44 2.2.3.3 XMPP instant messaging service.............. 46 2.2.4 Evaluation................................ 52 2.2.4.1 Inter-enclave communication............... 52 2.2.4.2 Secure multi-party computation service......... 53 2.2.4.3 XMPP instant message service............... 56 2.2.5 Related works.............................. 62 2.2.6 Summary................................ 64 2.3 STANlite: a database engine for secure data processing at rack-scale level 65 2.3.1 Towards an enclaved database with software-based paging... 66 2.3.1.1 Memory management in databases............ 66 2.3.2 Design.................................. 68 2.3.2.1 Threat model......................... 68 2.3.2.2 Communication layer.................... 69 2.3.2.3 Virtual Memory Engine................... 69 2.3.3 Implementation............................. 70 2.3.3.1 SQLite as a core part of STANlite............. 70 2.3.3.2 Glue code........................... 71 2.3.3.3 Virtual memory engine................... 71 2.3.3.4 Networking.......................... 77 2.3.3.5 Dynamic reconfiguration.................. 81 2.3.4 Evaluation................................ 81 2.3.4.1 Platform and configurations................ 82 2.3.4.2 Microbenchmark....................... 83 2.3.4.3 Speedtest1 benchmark................... 85 viii 2.3.4.4 TPC-C benchmark...................... 88 2.3.5 Related works.............................. 90 2.3.6 Summary................................ 91 3 Non-volatile memory and persistent systems 93 3.1 Background................................... 95 3.1.1 Candidate technologies of persistent memory........... 95 3.1.1.1 Battery-backed RAM.................... 95 3.1.1.2 Phase-Change RAM..................... 96 3.1.1.3 Ferroelectric RAM...................... 97 3.1.1.4 Magnetoresistive RAM................... 98 3.1.1.5 Comparison......................... 99 3.1.2 Related works: persistent systems.................. 100 3.1.2.1 Memory controllers..................... 100 3.1.2.2 Architectures of persistent systems............ 102 3.1.3 Conclusion............................... 106 3.2 NV-Hypervisor................................. 107 3.2.1 Design and Architecture........................ 109 3.2.1.1 System architecture..................... 109 3.2.2 Persistent Virtual Machines...................... 111 3.2.3 Implementation............................. 111 3.2.3.1 Core services......................... 112 3.2.3.2 Virtual Persistent Memory................. 112 3.2.4 Evaluation................................ 117 3.2.4.1 Time to fixate a pVM.................... 117 3.2.4.2 VPM microbenchmark................... 118 3.2.4.3 Recovery of a cloud service................. 120 3.2.5 Related works.............................. 122 3.2.6 Summary................................ 123 4 Conclusion 125 4.1 Future work: Toward encrypted persistent systems............ 127 ix x List of Abbreviations AEX Asynchronous Enclave Exit . 18 API Application Programming Interface . 26 BBRAM Battery-backed RAM . 95 CERB Client Encrypted Request Buffer. .78 CPRB Client Plain text Request Buffer. .78 DAX Direct Access. .102 DB Database . 66 CONF CONFiguration section . 115 DMA Direct Memory Access . 11 ECC Error-correcting code . 101 EDL Enclave Description Language . 19 ELRANGE Enclave Linear Address Range . 13 EOS Eactors Object Store. .31 EPCM Enclave Page Cache Map . 12 EPC Enclave Page Cache . 12 FeRAM Ferroelectric RAM . 95 HDD Hard Disk Drive . 93 HLE Hardware Lock Elision . 31 IaaS Infrastructure-as-a-Service . .9 JID JabberID . 48 KVS Key-Value Store . 38 LRU Least Recently Used . 72 MAC Message Authentication