Avaliação do Intel Software Guard Extensions via Emulação

Marco Aurélio Spohn, Mateus Trebien

Abstract


Ao permitir a execução de aplicações em um contexto totalmente protegido (i.e., dentro de enclaves), amplia-se as possibilidades para as novas gerações de processadores Intel da família x86 com a extensão Software Guard Extensions (SGX). Por se tratar de uma tecnologia recente, as máquinas que contam com essa tecnologia ainda são minoria. Objetivando avaliar o SGX, utilizou-se um emulador dessa tecnologia denominado OpenSGX, o qual implementa e reproduz as principais funcionalidades e estruturas utilizadas no SGX. O enfoque consistiu em avaliar o overhead, em termos de processamento, resultante da execução de uma aplicação em um ambiente com o SGX emulado. Para a avaliação, empregou-se aplicações de benchmark da plataforma MiBench, modificando-as para compatibilizar a execução em enclaves no OpenSGX. Como métricas de desempenho, coletou-se o número total de instruções e o número total de ciclos de CPU para a execução completa de cada aplicação com e sem o OpenSGX.

Keywords


trusted execution environment, software guard extensions, emulator

References


PROUDLER, G.; CHEN, L.; DALTON, C. Trusted Computing Platforms: Tpm2.0 in context. 1. ed. Bristol(UK): Springer International Publishing, 2014.

SCHUSTER, F. et al. Vc3: Trustworthy data analytics in the cloud using sgx. In: Proceedings of the 36th IEEE Symposium on Security and Privacy (SP). San Jose, CA: IEEE Press, 2015.

JAIN, P. et al. Opensgx: An open platform for sgx research. In: Proceedings of the 2016 Network and Distributed System Security Symposium (NDSS 2016). San Diego, CA: Internet Society, 2016.

MCKEEN, F. et al. Innovative instructions and software model for isolated execution. In: Proceedings of the 2Nd International Workshop on Hardware and Architectural Support for Security and Privacy. New York, NY, USA: ACM, 2013. (HASP ’13), p. 10:1–10:1.

INTEL. Intel Software Guard Extensions Programming Reference. 2014.

COSTAN, V.; DEVADAS, S. Intel SGX Explained. Cambridge, Massachusetts, EUA, 2016.

ANATI, I. et al. Innovative technology for cpu based attestation and sealing. In: Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy (HASP 2013). Tel-Aviv, Israel: ACM, 2013.

SINHA, R. et al. Moat: Verifying confidentiality of enclave programs. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). Denver, Colorado, USA: ACM, 2015.

INTEL. Intel Software Guard Extensions: Developer Guide. 2016.

KIM, S. et al. A first step towards leveraging commodity trusted execution environments for network applications. In: Proceedings of the 14th ACM Workshop on Hot Topics in Networks. Philadelphia, PA, USA: ACM, 2015.

JOHNSON, S. et al. Intel Software Guard Extensions: EPID Provisioning and Attestation Services. 2016.

ZHAO, C. et al. On the performance of intel sgx. In: 2016 13th Web Information Systems and Applications Conference (WISA). Wuhan, China: IEEE Press, 2016. p. 184–187.

GJERDRUM, A. T. et al. Performance of trusted computing in cloud infrastructures with intel sgx. In: Proceedings of the 7th International Conference on Cloud Computing and Services Science. Porto, Portugal: SCITEPRESS, 2017. p. 696–703.

COSTAN, V. et al. Sanctum: Minimal hardware extensions for strong software isolation. In: Proceedings of the 25th USENIX Security Symposium (USENIX Security 16). Austin, TX: USENIX Association, 2016.

EVTYUSHKIN, D. et al. Iso-x: A flexible architecture for hardware-managed isolated execution. Microarchitecture (MICRO), 2014 47th Annual IEEE/ACM International Symposium, 2014.

ARNAUTOV, S. et al. Scone: Secure linux containers with intel sgx. In: Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI ’16). Savannah, GA, USA: USENIX Association, 2016.

QEMU Emulator User Documentation. 2013. ⟨https://qemu.weilnetz.de/doc/qemu-doc.html⟩. Acessado: Jun. 2017.

JONES, M. T. Emulação do Sistema com o QEMU. 2007. https://www.ibm.com/developerworks/br/library/ l-qemu/index.html#authorN1001C. Acessado: Jun. 2017.

DINGLEDINE, R.; MATHEWSON, N.; SYVERSON, P. Tor: The second-generation onion router. In: Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13. Berkeley, CA, USA: USENIX Association, 2004. (SSYM’04), p. 21–21.

GUTHAUS, M. R. et al. Mibench: A free, commercially representative embedded benchmark suite. In: Proceedings of the Fourth Annual IEEE International Workshop on Workload Characterization. Austin, TX, USA: IEEE Press, 2001. p. 3–14.




DOI: https://doi.org/10.22456/2175-2745.77654

Copyright (c) 2018 Marco Aurélio Spohn, Mateus Trebien

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.