research-article

Scaling Intel® Software Guard Extensions Applications with Intel® SGX Card

Authors:

Somnath Chakrabarti,

Matthew Hoekstra,

Dmitrii Kuvaiskii,

Mona VijAuthors Info & Claims

HASP '19: Proceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy

Article No.: 6, Pages 1 - 9

https://doi.org/10.1145/3337167.3337173

Published: 23 June 2019 Publication History

Abstract

Cloud computing revolutionized the way internet-scale services are deployed and scaled. However, general security concerns and protecting business critical data are still major factors holding companies back from moving their IT infrastructure to the cloud. Intel® Software Guard Extensions (Intel® SGX) technology provides a hardware enforced trusted execution environment specifically developed to compute on confidential data in untrusted public clouds. To date, Intel SGX is available only on single-socket platforms and its secure memory limited to 128 MB.

This paper describes how the Intel SGX Card makes the Intel SGX technology available on dual-socket server platforms today and easily integrated into existing data center infrastructure. Also, with software enabling, there is potential for applications to scale-out across the cards's three Intel® Xeon® E3 processors for additional secure memory. We propose four software architectures to efficiently utilize the card's resources and present use cases that benefit from Intel SGX card based deployments.

References

[1]

Ittai Anati, Shay Gueron, Simon Johnson, Vincent Scarlata. Innovative technology for CPU based attestation and sealing. HASP'2013

[2]

Victor Costan, Srinivas Devadas. Intel® SGX Explained. IACR Cryptology ePrint Archive, 2016

[3]

Meni Orenbach, Pavel Lifshits, Marina Minkin, Mark Silberstein. Eleos: ExitLess OS Services for SGX Enclaves. EuroSys'2017

Digital Library

[4]

Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark L. Stillwell, David Goltzsche, David Eyers, Rüdiger Kapitza, Peter Pietzuch, Christof Fetzer. SCONE: secure Linux containers with Intel® SGX. OSDI'2016

Digital Library

[5]

https://github.com/intel/linux-sgx. Intel SGX for Linux. Accessed: 2019

[6]

Andrew Baumann, Marcus Peinado, Galen Hunt. Shielding applications from an untrusted cloud with Haven. OSDI'2014

Digital Library

[7]

Chia-Che Tsai, Mona Vij, Donald Porter. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. USENIX ATC'2017

Digital Library

[8]

Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O'Keeffe, Pierre-Louis Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Rudiger Kapitza, Christof Fetzer, Peter Pietzuch. Glamdring: Automatic Application Partitioning for Intel SGX. ATC'2017

Digital Library

[9]

Ofir Weisse, Valeria Bertacco, Todd Austin. Regaining Lost Cycles with HotCalls: A Fast Interface for SGX Secure Enclaves. ISCA'2017

[10]

Dmitrii Kuvaiskii, Somnath Chakrabarti, Mona Vij. Snort Intrusion Detection System with Intel Software Guard Extension (Intel SGX). arXiv:1802.00508, 2018

[11]

Bohdan Trach, Alfred Krohmer, Sergei Arnautov, Franz Gregor, Pramod Bhatotia, Christof Fetzer. Slick: Secure Middleboxes using Shielded Execution. arXiv:1709.04226, 2017

[12]

Hagit Attiya, Amotz Bar-Noy, Danny Dolev. 1995. Sharing memory robustly in message-passing systems. J. ACM 42, 1 1995

Digital Library

[13]

https://asylo.dev. Google Asylo. Accessed: 2019

[14]

Wenting Zheng, Ankur Dave, Jethro G. Beekman, Raluca Ada Popa, Joseph E. Gonzalez, Ion Stoica. Opaque: an oblivious and encrypted distributed analytics platform. NSDI'2017

Digital Library

[15]

Sajin Sasy, Sergey Gorbunov, Christopher Fletcher. ZeroTrace: Oblivious Memory Primitives from Intel SGX. Cryptology ePrint Archive, 2017

[16]

https://redis.io. Redis. Accessed: 2019

[17]

Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, Mark Russinovich. VC3: Trustworthy Data Analytics in the Cloud Using SGX. SP'2015

[18]

Olga Ohrimenko, Felix Schuster, Cédric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, Manuel Costa. Oblivious Multi-Party Machine Learning on Trusted Processors. USENIX Security'2016

Digital Library

[19]

Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, Emmett Witchel. Ryoan: a distributed sandbox for untrusted computation on secret data. OSDI'2016

Digital Library

[20]

Seongmin Kim, Juhyeng Han, Jaehyeong Ha, Taesoo Kim, Dongsu Han. Enhancing security and privacy of tor's ecosystem by using trusted execution environments. NSDI'2017

Digital Library

[21]

Shweta Shinde, Dat Le Tien, Shruti Tople, Prateek Saxena. Panoply: Low-TCB Linux Applications with SGX Enclaves. NDSS'2017

[22]

Ming-Wei Shih, Mohan Kumar, Taesoo Kim, and Ada Gavrilovska. S-NFV: Securing NFV states by using SGX. SDN-NFV Security'2016

Digital Library

[23]

David Goltzsche, Signe Rüsch, Manuel Nieke, Sébastien Vaucher, Nico Weichbrodt, Valerio Schiavoni, Pierre-Louis Aublin, Paolo Costa, Christof Fetzer, Pascal Felber, Peter Pietzuch, Rüdiger Kapitza. EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution. DSN'2018

[24]

Michael Coughlin, Eric Keller, Eric Wustrow. Trusted Click: Overcoming Security issues of NFV in the Cloud. SDN-NFVSec'2017

Digital Library

[25]

Huayi Duan, Xingliang Yuan, Cong Wang. LightBox: SGX-assisted Secure Network Functions at Near-native Speed. arXiv:1706.06261, 2017

[26]

Alexey Gribov, Dhinakaran Vinayagamurthy, Sergey Gorbunov. StealthDB: a Scalable Encrypted Database with Full SQL Query Support. arXiv:1711.02279, 2017

[27]

Saba Eskandarian, Matei Zaharia. ObliDB: Oblivious Query Processing using Hardware Enclaves. arXiv:1710.00458, 2018

[28]

Christian Priebe, Kapil Vaswani, Manuel Costa. EnclaveDB: A Secure Database using SGX. SP'2018

[29]

Rohit Sinha, Mihai Christodorescu. VeritasDB: High Throughput Key-Value Store with Integrity. Cryptology ePrint Archive 2018/251, 2018

[30]

https://www.intel.com/content/www/us/en/products/servers/accelerators/visual-compute-accelerator-SGX accelerator1585lmv.html. Intel Visual Compute accelerator (Intel SGX Card). Accessed: 2018

[31]

https://redis.io/topics/cluster-spec. Redis Cluster Specification. Accessed: 2019

[32]

https://github.com/twitter/twemproxy.twitter/twemproxy. Accessed: 2019

[33]

Yelick, Bonachea, Chen, Colella, Datta, Duell, Graham, Hargrove, Hilfinger, Husbands, and Iancu. Productivity and performance using partitioned global address space languages. PASCO'2007

[34]

Aaftab Munshi, Benedict Gaster, Timothy G. Mattson, and Dan Ginsburg. OpenCL programming guide. Pearson Education, 2011

Digital Library

[35]

Marcus Brandenburger, Christian Cachin, Rüdiger Kapitza, Alessandro Sorniotti. Blockchain and Trusted Computing: Problems, Pitfalls, and Solution for Hyperledger Fabric. arXiv:1805.08541, 2018

[36]

Rolf Neugebauer, Gianni Antichi, José Fernando Zazo, Yury Audzevich, Sergio López-Buedo, Andrew W. Moore. Understanding PCIe performance for end host networking. SIGCOMM '2018

Digital Library

[37]

Somnath Chakrabarti, Brandon Baker, Mona Vij. Intel SGX Enabled Key Manager Service with OpenStack Barbican. ArXiv:1712.07694, 2017

[38]

Jack Regula. Using non-transparent bridging in PCI Express systems. PLX Technology white paper, 2004

[39]

http://www.cpushack.com/tag/knights-corner. CPU of the Day: The 61 Knights of the Intel Xeon Phi. Accessed: 2019

Cited By

Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Shahbazi NLin YAsudeh AJagadish H(2023)Representation Bias in Data: A Survey on Identification and Resolution TechniquesACM Computing Surveys10.1145/358843355:13s(1-39)Online publication date: 13-Jul-2023
https://dl.acm.org/doi/10.1145/3588433
Hoh WZhang FDodgson N(2023)Salient-Centeredness and Saliency Size in Computational AestheticsACM Transactions on Applied Perception10.1145/358831720:2(1-23)Online publication date: 21-Apr-2023
https://dl.acm.org/doi/10.1145/3588317
Show More Cited By

Recommendations

Intel Software Guard Extensions: Introduction and Open Research Challenges
SPRO '16: Proceedings of the 2016 ACM Workshop on Software PROtection

Hardware-enhanced security is an important pillar of secure systems in general and software protection in particular. This presentation will survey the recently announced Intel Software Guard Extensions (Intel SGX) as well as innovative usages for ...
Evaluation of Rodinia Codes on Intel Xeon Phi
ISMS '13: Proceedings of the 2013 4th International Conference on Intelligent Systems, Modelling and Simulation

High performance computing (HPC) is a niche area where various parallel benchmarks are constantly used to explore and evaluate the performance of Heterogeneous computing systems on the horizon. The Rodinia benchmark suite, a collection of parallel ...
STAC-A2 on intel architecture: from scalar code to heterogeneous application
WHPCF '14: Proceedings of the 7th Workshop on High Performance Computational Finance

STAC-A2^™ is compute and memory intensive industry benchmark in the field of market risk analysis. The benchmark specifications were created by the Securities Technology Analysis Center (aka STAC®) and are based on inputs collected from the leading ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

HASP '19: Proceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy

June 2019

73 pages

ISBN:9781450372268

DOI:10.1145/3337167

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 June 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

HASP '19

HASP '19: Workshop on Hardware and Architectural Support for Security and Privacy

June 23, 2019

AZ, Phoenix, USA

Acceptance Rates

Overall Acceptance Rate 9 of 13 submissions, 69%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
661
Total Downloads

Downloads (Last 12 months)39
Downloads (Last 6 weeks)3

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Shahbazi NLin YAsudeh AJagadish H(2023)Representation Bias in Data: A Survey on Identification and Resolution TechniquesACM Computing Surveys10.1145/358843355:13s(1-39)Online publication date: 13-Jul-2023
https://dl.acm.org/doi/10.1145/3588433
Hoh WZhang FDodgson N(2023)Salient-Centeredness and Saliency Size in Computational AestheticsACM Transactions on Applied Perception10.1145/358831720:2(1-23)Online publication date: 21-Apr-2023
https://dl.acm.org/doi/10.1145/3588317
Murray HMalone D(2023)Costs and Benefits of Authentication AdviceACM Transactions on Privacy and Security10.1145/358803126:3(1-35)Online publication date: 13-May-2023
https://dl.acm.org/doi/10.1145/3588031
Sahni AOmar HAli UKhan O(2023)ASM: An Adaptive Secure Multicore for Co-located Mutually Distrusting ProcessesACM Transactions on Architecture and Code Optimization10.1145/358748020:3(1-24)Online publication date: 19-Jul-2023
https://dl.acm.org/doi/10.1145/3587480
Gaitonde JTardos É(2023)The Price of Anarchy of Strategic Queuing SystemsJournal of the ACM10.1145/358725070:3(1-63)Online publication date: 23-May-2023
https://dl.acm.org/doi/10.1145/3587250
Latupeirissa APanariello CBresin R(2023)Probing Aesthetics Strategies for Robot Sound: Complexity and Materiality in Movement SonificationACM Transactions on Human-Robot Interaction10.1145/3585277Online publication date: 17-Mar-2023
https://dl.acm.org/doi/10.1145/3585277
Görür ORosman BSivrikaya FAlbayrak S(2023)FABRIC: A Framework for the Design and Evaluation of Collaborative Robots with Extended Human AdaptationACM Transactions on Human-Robot Interaction10.1145/358527612:3(1-54)Online publication date: 17-Mar-2023
https://dl.acm.org/doi/10.1145/3585276
Banar NDaelemans WKestemont M(2023)Transfer Learning for the Visual Arts: The Multi-modal Retrieval of Iconclass CodesJournal on Computing and Cultural Heritage 10.1145/357586516:2(1-16)Online publication date: 17-Mar-2023
https://dl.acm.org/doi/10.1145/3575865
Viola L(2023)Networks of Migrants’ Narratives: A Post-authentic Approach to Heritage VisualisationJournal on Computing and Cultural Heritage 10.1145/357586316:1(1-21)Online publication date: 1-Jun-2023
https://dl.acm.org/doi/10.1145/3575863
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten