Persons |
|
Title |
|
Origin Information |
|
Parent Item |
|
Resource Type |
|
Description |
Description
Secure processor technologies leveraging enclaves as their architectural security primitive are frequently deployed in cloud environments. However, enclave-based systems incur performance penalties due to architectural limitations arising from costly enclave exits that are incurred to interact with system-level software. Exitless calling aims to improve enclave-based performance by spawning additional responder threads alongside the enclave threads to execute system calls on their behalf, obviating costly enclave exits. However, the responder threads in exitless must use self-governed timers to operate truly asynchronous to the enclave threads to uphold security isolation guarantees. These self-governed timers induce polling stalls that degrade performance when enclave and responder threads saturate the available cores in the system. This paper aims to address the polling challenge in exitless by introducing Security Service Engines (SSE) to offload responder threads onto using either dedicated on-chip or off-chip hardware resources. Evaluations show that for highly-interactive workloads, SSE-equipped secure multicores achieve performance scaling that is at par with a baseline system that implements no security primitives.
|
Language |
|
Organizations |
|
Held By |
|
Rights Statement |
|
Degree Name |
|
Degree Level |
|
Degree Discipline |
|
Local Identifier |
|