Characterizing Enclave-level Parallelism in Secure Multicore Processors
Digital Document
Handle |
Handle
http://hdl.handle.net/11134/20002:860668642
|
||||||
---|---|---|---|---|---|---|---|
Persons |
Persons
Creator (cre): D'Agostino, Brandon
Major Advisor (mja): Khan, Omer
Associate Advisor (asa): Chandy, John
Associate Advisor (asa): Wang, Lei
|
||||||
Title |
Title
Title
Characterizing Enclave-level Parallelism in Secure Multicore Processors
|
||||||
Origin Information |
Origin Information
|
||||||
Parent Item |
Parent Item
|
||||||
Resource Type |
Resource Type
|
||||||
Digital Origin |
Digital Origin
born digital
|
||||||
Description |
Description
Secure processor technologies incorporating some form of enclave-based isolation are being deployed in remote cloud computing environments. However, commercial enclave-based systems, such as Intel SGX, incur performance penalties due to architectural limitations arising from enclave interactions with the operating system (OS), encryption and attestation checks for data accesses to main memory, and limitations on the enclave memory size. Enclave software development frameworks like Graphene-SGX aim to improve these limitations with performance enhancements such as exitless calling that offset the latency of expensive enclave interactions with the OS. However, prior works have not presented a thorough characterization of enclave performance in the presence of increased enclave-level parallelism. This work presents a characterization of how enclave overheads trade off exploitable parallelism on an Intel SGX-enabled multicore CPU for a set of parallelized workloads. A microbenchmark is developed to study the effects of threading as a function of application characteristics, such as the intensity of memory operations and system calls to the OS. The characterization is extended to realistic parallelized enclave workloads from the database and web server domains. It is found that application performance scaling with threading is tightly correlated to system call and memory-bound behavior. Real world applications stress these constraints while the underlying system calling implementations deliver competing performance at different thread counts.
|
||||||
Genre |
Genre
|
||||||
Organizations |
Organizations
Degree granting institution (dgg): University of Connecticut
|
||||||
Held By | |||||||
Rights Statement |
Rights Statement
|
||||||
Degree Name |
Degree Name
Master of Science
|
||||||
Degree Level |
Degree Level
Master
|
||||||
Degree Discipline |
Degree Discipline
Electrical Engineering
|
||||||
Local Identifier |
Local Identifier
S_21945944
|