Performance of Trusted Computing in Cloud Infrastructures with Intel SGX

Anders T. Gjerdrum, Robert Pettersen, Håvard D. Johansen, Dag Johansen

2017

Abstract

Sensitive personal data is to an increasing degree hosted on third-party cloud providers. This generates strong concerns about data security and privacy as the trusted computing base is expanded to include hardware components not under the direct supervision of the administrative entity responsible for the data. Fortunately, major hardware manufacturers now include mechanisms promoting secure remote execution. This paper studies Intel’s Software Guard eXtensions (SGX), and experimentally quantifies how basic usage of this instruction set extension will affect how cloud hosted services must be constructed. Our experiments show that correct partitioning of a service’s functional components will be critical for performance.

References

  1. Anati, I., Gueron, S., Johnson, S., and Scarlata, V. (2013). Innovative technology for cpu based attestation and sealing. In Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy, volume 13.
  2. Arnautov, S., Trach, B., Gregor, F., Knauth, T., Martin, A., Priebe, C., Lind, J., Muthukumaran, D., O'Keeffe, D., Stillwell, M. L., Goltzsche, D., Eyers, D., Kapitza, R., Pietzuch, P., and Fetzer, C. (2016). Scone: Secure linux containers with intel sgx. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16), pages 689-703, GA. USENIX Association.
  3. Baumann, A., Peinado, M., and Hunt, G. (2014). Shielding applications from an untrusted cloud with Haven. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 7814). USENIX - Advanced Computing Systems Association.
  4. Chen, X., Garfinkel, T., Lewis, E. C., Subrahmanyam, P., Waldspurger, C. A., Boneh, D., Dwoskin, J., and Ports, D. R. (2008). Overshadow: A virtualizationbased approach to retrofitting protection in commodity operating systems. In Proc. of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XIII, pages 2-13, New York, NY, USA. ACM.
  5. Costan, V. and Devadas, S. (2016). Intel sgx explained. In Cryptology ePrint Archive.
  6. Costan, V., Lebedev, I., and Devadas, S. (2016). Sanctum: Minimal hardware extensions for strong software isolation. In USENIX Security, volume 16, pages 857- 874.
  7. Gjerdrum, A. T., Johansen, H. D., and Johansen, D. (2016). Implementing informed consent as information-flow policies for secure analytics on eHealth data: Principles and practices. In Proc. of the IEEE Conference on Connected Health: Applications, Systems and Engineering Technologies: The 1st International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical System, CHASE 7816. IEEE.
  8. Hunt, T., Zhu, Z., Xu, Y., Peter, S., and Witchel, E. (2016). Ryoan: A distributed sandbox for untrusted computation on secret data. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, OSDI'16, pages 533-549, Berkeley, CA, USA. USENIX Association.
  9. Johansen, H. D., Birrell, E., Van Renesse, R., Schneider, F. B., Stenhaug, M., and Johansen, D. (2015). Enforcing privacy policies with meta-code. In Proceedings of the 6th Asia-Pacific Workshop on Systems, page 16. ACM.
  10. McKeen, F., Alexandrovich, I., Anati, I., Caspi, D., Johnson, S., Leslie-Hurd, R., and Rozas, C. (2016). Intel R software guard extensions (intel R sgx) support for dynamic memory management inside an enclave. In Proceedings of the Hardware and Architectural Support for Security and Privacy 2016, page 10. ACM.
  11. Ngabonziza, B., Martin, D., Bailey, A., Cho, H., and Martin, S. (2016). Trustzone explained: Architectural features and use cases. In Collaboration and Internet Computing (CIC), 2016 IEEE 2nd International Conference on, pages 445-451. IEEE.
  12. Osborn, J. D. and Challener, D. C. (2013). Trusted platform module evolution. Johns Hopkins APL Technical Digest, 32(2):536-543.
  13. Shuja, J., Gani, A., Bilal, K., Khan, A. U. R., Madani, S. A., Khan, S. U., and Zomaya, A. Y. (2016). A survey of mobile device virtualization: taxonomy and state of the art. ACM Computing Surveys (CSUR), 49(1):1.
  14. TCG Published (2011). TPM main part 1 design principles. Specification Version 1.2 Revision 116, Trusted Computing Group.
Download


Paper Citation


in Harvard Style

Gjerdrum A., Pettersen R., Johansen H. and Johansen D. (2017). Performance of Trusted Computing in Cloud Infrastructures with Intel SGX . In Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-243-1, pages 696-703. DOI: 10.5220/0006373706960703


in Bibtex Style

@conference{closer17,
author={Anders T. Gjerdrum and Robert Pettersen and Håvard D. Johansen and Dag Johansen},
title={Performance of Trusted Computing in Cloud Infrastructures with Intel SGX},
booktitle={Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2017},
pages={696-703},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006373706960703},
isbn={978-989-758-243-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Performance of Trusted Computing in Cloud Infrastructures with Intel SGX
SN - 978-989-758-243-1
AU - Gjerdrum A.
AU - Pettersen R.
AU - Johansen H.
AU - Johansen D.
PY - 2017
SP - 696
EP - 703
DO - 10.5220/0006373706960703