Abstract
Secure processor technologies leveraging enclaves as their architectural security primitive are frequently deployed in cloud environments. However, enclave-based systems incur performance penalties due to architectural limitations arising from costly enclave exits incurred to interact with system-level software. Exitless calling aims to improve enclave-based performance by spawning additional responder threads alongside the enclave to execute system calls on its behalf, obviating costly enclave exits. However, exitless calling must operate the responder threads as truly asynchronous to the enclave for security isolation guarantees. The self governed timers induce polling stalls that lead to performance loss when enclave and responder threads saturate the available cores in the system. This paper aims to address the polling challenge in exitless by introducing Security Service Engines (SSE) to offload responder threads on dedicated hardware resources. The evaluation shows that for a highly interactive workload, SSE-equipped secure multicores achieve performance scaling that is at par with a baseline system with no security primitives.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
