Memory Optimization System for SGXv2 Trusted Execution Environment

Abstract

PDF HTML XML Export Cite reminder Memory Optimization System for SGXv2 Trusted Execution Environment DOI: 10.21655/ijsi.1673-7288.00287 Author: Affiliation: Clc Number: Fund Project: Article | Figures | Metrics | Reference | Related | Cited by | Materials | Comments Abstract:Trusted Execution Environment (TEE) is an architectural solution for secure computing that requires confidentiality and integrity for private data and code. In recent years, TEE has become the research hotspot for machine learning privacy protection, encrypted database, blockchain security, etc. This paper addresses the performance problem of the system under this new trusted hardware. We analyze the performance of the new trusted hardware, i.e., Intel SGXv2. We find that the paging overhead in SGXv1 is no longer the main issue in SGXv2 under the premise of configuring large secure memory. However, the setup of large secure memory leads to two new problems. First, the available range of normal memory is narrowed down, which increases the memory pressure of normal applications, especially big data applications. Second, secure memory is usually underutilized, resulting in low overall physical memory utilization. To solve the above problems, this paper proposes a new lightweight code migration approach, which dynamically migrates the code of normal applications into secure memory, while leaving the data in place. The migrated code can use secure memory and avoid the drastic performance degradation caused by disk swapping. Experimental results show that the proposed approach can reduce the runtime overhead of normal applications by 73.2\% to 98.7\% without affecting the isolation and the use of secure applications. Reference Related Cited by