当前位置: X-MOL 学术arXiv.cs.AR › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX
arXiv - CS - Hardware Architecture Pub Date : 2020-01-21 , DOI: arxiv-2001.07450
Youren Shen, Hongliang Tian, Yu Chen, Kang Chen, Runji Wang, Yi Xu, and Yubin Xia

Intel Software Guard Extensions (SGX) enables user-level code to create private memory regions called enclaves, whose code and data are protected by the CPU from software and hardware attacks outside the enclaves. Recent work introduces library operating systems (LibOSes) to SGX so that legacy applications can run inside enclaves with few or even no modifications. As virtually any non-trivial application demands multiple processes, it is essential for LibOSes to support multitasking. However, none of the existing SGX LibOSes support multitasking both securely and efficiently. This paper presents Occlum, a system that enables secure and efficient multitasking on SGX. We implement the LibOS processes as SFI-Isolated Processes (SIPs). SFI is a software instrumentation technique for sandboxing untrusted modules (called domains). We design a novel SFI scheme named MPX-based, Multi-Domain SFI (MMDSFI) and leverage MMDSFI to enforce the isolation of SIPs. We also design an independent verifier to ensure the security guarantees of MMDSFI. With SIPs safely sharing the single address space of an enclave, the LibOS can implement multitasking efficiently. The Occlum LibOS outperforms the state-of-the-art SGX LibOS on multitasking-heavy workloads by up to 6,600X on micro-benchmarks and up to 500X on application benchmarks.

中文翻译:

Occlum:在英特尔 SGX 的单个 Enclave 内安全高效的多任务处理

英特尔软件防护扩展 (SGX) 使用户级代码能够创建称为飞地的私有内存区域,其代码和数据由 CPU 保护,免受飞地外的软件和硬件攻击。最近的工作将库操作系统 (LibOSes) 引入 SGX,以便遗留应用程序可以在几乎没有修改的情况下在 enclave 内运行。由于几乎任何重要的应用程序都需要多个进程,因此 LibOS 支持多任务处理至关重要。但是,现有的 SGX LibOS 都没有安全有效地支持多任务处理。本文介绍了 Occlum,这是一个在 SGX 上实现安全高效多任务处理的系统。我们将 LibOS 流程实施为 SFI 隔离流程 (SIP)。SFI 是一种用于沙箱化不可信模块(称为域)的软件检测技术。我们设计了一种名为基于 MPX 的多域 SFI (MMDSFI) 的新型 SFI 方案,并利用 MMDSFI 来强制隔离 SIP。我们还设计了一个独立的验证器来确保 MMDSFI 的安全保证。通过 SIP 安全地共享 enclave 的单个地址空间,LibOS 可以有效地实现多任务处理。Occlum LibOS 在多任务繁重工作负载上的性能优于最先进的 SGX LibOS,在微基准测试上高达 6,600 倍,在应用程序基准测试上高达 500 倍。
更新日期:2020-01-22
down
wechat
bug